[OSDOCS-8070] OCP content port to ROSA and OSD: Service Mesh

Author: Michael Burke

_topic_maps/_topic_map_osd.yml

@@ -1262,6 +1262,94 @@ Topics:
 - Name: Config map reference for the Cluster Monitoring Operator
   File: config-map-reference-for-the-cluster-monitoring-operator
 ---
+Name: Service Mesh
+Dir: service_mesh
+Distros: openshift-dedicated
+Topics:
+- Name: Service Mesh 2.x
+  Dir: v2x
+  Topics:
+  - Name: About OpenShift Service Mesh
+    File: ossm-about
+  - Name: Service Mesh 2.x release notes
+    File: servicemesh-release-notes
+  - Name: Service Mesh architecture
+    File: ossm-architecture
+  - Name: Service Mesh deployment models
+    File: ossm-deployment-models
+  - Name: Service Mesh and Istio differences
+    File: ossm-vs-community
+  - Name: Preparing to install Service Mesh
+    File: preparing-ossm-installation
+  - Name: Installing the Operators
+    File: installing-ossm
+  - Name: Creating the ServiceMeshControlPlane
+    File: ossm-create-smcp
+  - Name: Adding workloads to a service mesh
+    File: ossm-create-mesh
+  - Name: Enabling sidecar injection
+    File: prepare-to-deploy-applications-ossm
+  - Name: Upgrading Service Mesh
+    File: upgrading-ossm
+  - Name: Managing users and profiles
+    File: ossm-profiles-users
+  - Name: Security
+    File: ossm-security
+  - Name: Traffic management
+    File: ossm-traffic-manage
+  - Name: Metrics, logs, and traces
+    File: ossm-observability
+  - Name: Performance and scalability
+    File: ossm-performance-scalability
+  - Name: Deploying to production
+    File: ossm-deploy-production
+  - Name: Federation
+    File: ossm-federation
+  - Name: Extensions
+    File: ossm-extensions
+  - Name: 3scale WebAssembly for 2.1
+    File: ossm-threescale-webassembly-module
+  - Name: 3scale Istio adapter for 2.0
+    File: threescale-adapter
+  - Name: Troubleshooting Service Mesh
+    File: ossm-troubleshooting-istio
+  - Name: Control plane configuration reference
+    File: ossm-reference-smcp
+  - Name: Kiali configuration reference
+    File: ossm-reference-kiali
+  - Name: Jaeger configuration reference
+    File: ossm-reference-jaeger
+  - Name: Uninstalling Service Mesh
+    File: removing-ossm
+# Service Mesh 1.x is tech preview
+# - Name: Service Mesh 1.x
+#  Dir: v1x
+#  Topics:
+#  - Name: Service Mesh 1.x release notes
+#    File: servicemesh-release-notes
+#  - Name: Service Mesh architecture
+#    File: ossm-architecture
+#  - Name: Service Mesh and Istio differences
+#    File: ossm-vs-community
+#  - Name: Preparing to install Service Mesh
+#    File: preparing-ossm-installation
+#  - Name: Installing Service Mesh
+#    File: installing-ossm
+#  - Name: Security
+#    File: ossm-security
+#  - Name: Traffic management
+#    File: ossm-traffic-manage
+#  - Name: Deploying applications on Service Mesh
+#    File: prepare-to-deploy-applications-ossm
+#  - Name: Data visualization and observability
+#    File: ossm-observability
+#  - Name: Custom resources
+#    File: ossm-custom-resources
+#  - Name: 3scale Istio adapter for 1.x
+#    File: threescale-adapter
+#  - Name: Removing Service Mesh
+#    File: removing-ossm
+---
 Name: Serverless
 Dir: serverless
 Distros: openshift-dedicated

_topic_maps/_topic_map_rosa.yml

@@ -1563,33 +1563,34 @@ Topics:
     File: ossm-reference-jaeger
   - Name: Uninstalling Service Mesh
     File: removing-ossm
-- Name: Service Mesh 1.x
-  Dir: v1x
-  Topics:
-  - Name: Service Mesh 1.x release notes
-    File: servicemesh-release-notes
-  - Name: Service Mesh architecture
-    File: ossm-architecture
-  - Name: Service Mesh and Istio differences
-    File: ossm-vs-community
-  - Name: Preparing to install Service Mesh
-    File: preparing-ossm-installation
-  - Name: Installing Service Mesh
-    File: installing-ossm
-  - Name: Security
-    File: ossm-security
-  - Name: Traffic management
-    File: ossm-traffic-manage
-  - Name: Deploying applications on Service Mesh
-    File: prepare-to-deploy-applications-ossm
-  - Name: Data visualization and observability
-    File: ossm-observability
-  - Name: Custom resources
-    File: ossm-custom-resources
-  - Name: 3scale Istio adapter for 1.x
-    File: threescale-adapter
-  - Name: Removing Service Mesh
-    File: removing-ossm
+# Service Mesh 1.x is tech preview
+# - Name: Service Mesh 1.x
+#  Dir: v1x
+#  Topics:
+#  - Name: Service Mesh 1.x release notes
+#    File: servicemesh-release-notes
+#  - Name: Service Mesh architecture
+#    File: ossm-architecture
+#  - Name: Service Mesh and Istio differences
+#    File: ossm-vs-community
+#  - Name: Preparing to install Service Mesh
+#    File: preparing-ossm-installation
+#  - Name: Installing Service Mesh
+#    File: installing-ossm
+#  - Name: Security
+#    File: ossm-security
+#  - Name: Traffic management
+#    File: ossm-traffic-manage
+#  - Name: Deploying applications on Service Mesh
+#    File: prepare-to-deploy-applications-ossm
+#  - Name: Data visualization and observability
+#    File: ossm-observability
+#  - Name: Custom resources
+#    File: ossm-custom-resources
+#  - Name: 3scale Istio adapter for 1.x
+#    File: threescale-adapter
+#  - Name: Removing Service Mesh
+#    File: removing-ossm
 ---
 Name: Serverless
 Dir: serverless

modules/distr-tracing-config-storage.adoc

@@ -645,6 +645,7 @@ spec:
 <3> Secret which defines environment variables ES_PASSWORD and ES_USERNAME. Created by kubectl create secret generic tracing-secret --from-literal=ES_PASSWORD=changeme --from-literal=ES_USERNAME=elastic
 <4> Volume mounts and volumes which are mounted into all storage components.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [id="distr-tracing-manage-es-certificates_{context}"]
 = Managing certificates with Elasticsearch
 
@@ -721,3 +722,4 @@ spec:
 The {JaegerName} Operator sets the Elasticsearch custom resource `name` to the value of `spec.storage.elasticsearch.name` from the Jaeger custom resource when provisioning Elasticsearch.
 
 The certificates are provisioned by the Red Hat Elasticsearch Operator and the {JaegerName} Operator injects the certificates.
+endif::openshift-rosa,openshift-dedicated[]

modules/ossm-about-smcp.adoc

@@ -24,4 +24,7 @@ The {SMProductShortName} documentation uses `istio-system` as the example projec
 
 ifdef::openshift-rosa[]
 If you are deploying the control plane for use on {product-rosa}, see the Red Hat Knowledgebase article link:https://access.redhat.com/solutions/6529231[OpenShift service mesh operator Istio basic not starting due to authentication errors], which discusses adding a new project and starting pods.
-endif::openshift-rosa[]
+endif::openshift-rosa[]
+ifdef::openshift-dedicated[]
+If you are deploying the control plane for use on {product-dedicated}, see the Red Hat Knowledgebase article link:https://access.redhat.com/solutions/6529231[OpenShift service mesh operator Istio basic not starting due to authentication errors], which discusses adding a new project and starting pods.
+endif::openshift-dedicated[]

modules/ossm-configuring-the-threescale-wasm-auth-module.adoc

@@ -25,7 +25,9 @@ Configuring the WebAssembly extension is currently a manual process. Support for
 
 * Identify a Kubernetes workload and namespace on your {SMProductShortName} deployment that you will apply this module.
 * You must have a 3scale tenant account. See link:https://www.3scale.net/signup[SaaS] or link:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index#install-threescale-on-openshift-guide[3scale 2.11 On-Premises] with a matching service and relevant applications and metrics defined.
+ifndef::openshift-rosa,openshift-dedicated[]
 * If you apply the module to the `<product_page>` microservice in the `bookinfo` namespace, see the xref:../../service_mesh/v1x/prepare-to-deploy-applications-ossm.adoc#ossm-tutorial-bookinfo-overview_deploying-applications-ossm-v1x[Bookinfo sample application].
+endif::openshift-rosa,openshift-dedicated[]
 ** The following example is the YAML format for the custom resource for `threescale-wasm-auth` module.
 This example refers to the upstream Maistra version of {SMProductShortName}, `WasmPlugin` API. You must declare the namespace where the `threescale-wasm-auth` module is deployed, alongside a `selector` to identify the set of applications the module will apply to:
 +

modules/ossm-control-plane-web.adoc

@@ -11,7 +11,12 @@ You can deploy a basic `ServiceMeshControlPlane` by using the web console.  In t
 .Prerequisites
 
 * The {SMProductName} Operator must be installed.
-* An account with the `cluster-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as `cluster-admin`.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+* You are logged in to the {product-title} web console as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 .Procedure
 

modules/ossm-federation-across-cluster.adoc

@@ -15,28 +15,32 @@ If the cluster runs on bare metal and fully supports `LoadBalancer` services, th
 
 If the cluster does not support `LoadBalancer` services, using a `NodePort` service could be an option if the nodes are accessible from the cluster running the other mesh. In the `ServiceMeshPeer` object, specify the IP addresses of the nodes in the `.spec.remote.addresses` field and the service's node ports in the `.spec.remote.discoveryPort` and `.spec.remote.servicePort` fields.
 
-ifndef::openshift-rosa[]
+ifndef::openshift-rosa,openshift-dedicated[]
 == Exposing the federation ingress on clusters running on {ibm-power-title} and {ibm-z-title}
 If the cluster runs on {ibm-power-name} or {ibm-z-name} infrastructure and fully supports `LoadBalancer` services, the IP address found in the `.status.loadBalancer.ingress.ip` field of the ingress gateway `Service` object should be specified as one of the entries in the `.spec.remote.addresses` field of the `ServiceMeshPeer` object.
 
 If the cluster does not support `LoadBalancer` services, using a `NodePort` service could be an option if the nodes are accessible from the cluster running the other mesh. In the `ServiceMeshPeer` object, specify the IP addresses of the nodes in the `.spec.remote.addresses` field and the service's node ports in the `.spec.remote.discoveryPort` and `.spec.remote.servicePort` fields.
-endif::openshift-rosa[]
+endif::openshift-rosa,openshift-dedicated[]
 
+ifndef::openshift-dedicated[]
 == Exposing the federation ingress on Amazon Web Services (AWS)
 By default, LoadBalancer services in clusters running on AWS do not support L4 load balancing. In order for {SMProductName} federation to operate correctly, the following annotation must be added to the ingress gateway service:
 
 service.beta.kubernetes.io/aws-load-balancer-type: nlb
 
 The Fully Qualified Domain Name found in the `.status.loadBalancer.ingress.hostname` field of the ingress gateway `Service` object should be specified as one of the entries in the `.spec.remote.addresses` field of the `ServiceMeshPeer` object.
+endif::openshift-dedicated[]
 
-ifndef::openshift-rosa[]
+ifndef::openshift-rosa,openshift-dedicated[]
 == Exposing the federation ingress on Azure
 On Microsoft Azure, merely setting the service type to `LoadBalancer` suffices for mesh federation to operate correctly.
 
 The IP address found in the `.status.loadBalancer.ingress.ip` field of the ingress gateway `Service` object should be specified as one of the entries in the `.spec.remote.addresses` field of the `ServiceMeshPeer` object.
+endif::openshift-rosa,openshift-dedicated[]
 
+ifndef::openshift-rosa[]
 == Exposing the federation ingress on Google Cloud Platform (GCP)
 On Google Cloud Platform, merely setting the service type to `LoadBalancer` suffices for mesh federation to operate correctly.
 
 The IP address found in the `.status.loadBalancer.ingress.ip` field of the ingress gateway `Service` object should be specified as one of the entries in the `.spec.remote.addresses` field of the `ServiceMeshPeer` object.
-endif::openshift-rosa[]
+endif::openshift-rosa[]

modules/ossm-federation-config-smcp.adoc

@@ -11,6 +11,7 @@ Before a mesh can be federated, you must configure the `ServiceMeshControlPlane`
 
 In the following example, the administrator for the `red-mesh` is configuring the SMCP for federation with both the `green-mesh` and the `blue-mesh`.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 .Sample SMCP for red-mesh
 [source,yaml, subs="attributes,verbatim"]
 ----
@@ -82,7 +83,86 @@ spec:
     trust:
       domain: red-mesh.local
 ----
-
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+.Sample SMCP for red-mesh
+[source,yaml, subs="attributes,verbatim"]
+----
+apiVersion: maistra.io/v2
+kind: ServiceMeshControlPlane
+metadata:
+  name: red-mesh
+  namespace: red-mesh-system
+spec:
+  version: v{MaistraVersion}
+  runtime:
+    defaults:
+      container:
+        imagePullPolicy: Always
+  gateways:
+    additionalEgress:
+      egress-green-mesh:
+        enabled: true
+        requestedNetworkView:
+        - green-network
+        routerMode: sni-dnat
+        service:
+          metadata:
+            labels:
+              federation.maistra.io/egress-for: egress-green-mesh
+          ports:
+          - port: 15443
+            name: tls
+          - port: 8188
+            name: http-discovery  #note HTTP here
+      egress-blue-mesh:
+        enabled: true
+        requestedNetworkView:
+        - blue-network
+        routerMode: sni-dnat
+        service:
+          metadata:
+            labels:
+              federation.maistra.io/egress-for: egress-blue-mesh
+          ports:
+          - port: 15443
+            name: tls
+          - port: 8188
+            name: http-discovery  #note HTTP here
+    additionalIngress:
+      ingress-green-mesh:
+        enabled: true
+        routerMode: sni-dnat
+        service:
+          type: LoadBalancer
+          metadata:
+            labels:
+              federation.maistra.io/ingress-for: ingress-green-mesh
+          ports:
+          - port: 15443
+            name: tls
+          - port: 8188
+            name: https-discovery  #note HTTPS here
+      ingress-blue-mesh:
+        enabled: true
+        routerMode: sni-dnat
+        service:
+          type: LoadBalancer
+          metadata:
+            labels:
+              federation.maistra.io/ingress-for: ingress-blue-mesh
+          ports:
+          - port: 15443
+            name: tls
+          - port: 8188
+            name: https-discovery  #note HTTPS here
+  security:
+    identity:
+      type: ThirdParty
+    trust:
+      domain: red-mesh.local
+----
+endif::openshift-rosa,openshift-dedicated[]
 
 .ServiceMeshControlPlane federation configuration parameters
 [options="header"]
@@ -142,7 +222,6 @@ To avoid naming conflicts between meshes, you must create separate egress and in
 |Networks associated with exported services.
 |Set to the value of `spec.cluster.network` in the SMCP for the mesh, otherwise use <ServiceMeshPeer-name>-network. For example, if the `ServiceMeshPeer` resource for that mesh is named `west`, then the network would be named `west-network`.
 |
-|
 
 |spec:
   gateways:

modules/ossm-install-ossm-operator.adoc

@@ -21,7 +21,12 @@ If you have already installed the OpenShift Elasticsearch Operator as part of Op
 
 .Procedure
 
-. Log in to the {product-title} web console as a user with the `cluster-admin` role. If you use {product-dedicated}, you must have an account with the `dedicated-admin` role.
+ifndef::openshift-rosa,openshift-dedicated[]
+. Log in to the {product-title} web console as a user with the `cluster-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-rosa,openshift-dedicated[]
+. Log in to the {product-title} web console as a user with the `dedicated-admin` role.
+endif::openshift-rosa,openshift-dedicated[]
 
 . In the {product-title} web console, click *Operators* -> *OperatorHub*.