Merge pull request #45652 from rh-tokeefe/OSSMDOC-467

JStickler · web-flow · commit d65aad463231 · 2022-06-30T11:56:56.000-04:00
OSSMDOC-467: Service Mesh 2.2 release notes
diff --git a/_attributes/common-attributes.adoc b/_attributes/common-attributes.adoc
@@ -122,8 +122,8 @@ endif::[]
 :product-dedicated: Red Hat OpenShift Dedicated
 :SMProductName: Red Hat OpenShift Service Mesh
 :SMProductShortName: Service Mesh
-:SMProductVersion: 2.1.3
-:MaistraVersion: 2.1
+:SMProductVersion: 2.2
+:MaistraVersion: 2.2
 //Service Mesh v1
 :SMProductVersion1x: 1.1.18.2
 //Windows containers
diff --git a/modules/ossm-rn-deprecated-features.adoc b/modules/ossm-rn-deprecated-features.adoc
@@ -15,6 +15,14 @@ Deprecated functionality is still included in {product-title} and continues to b
 
 Removed functionality no longer exists in the product.
 
+== Deprecated features {SMProductName} 2.2
+
+The `ServiceMeshExtension` API is deprecated as of release 2.2 and will be removed in a future release.  While `ServiceMeshExtension` API is still supported in release 2.2, customers should start moving to the new `WasmPlugin` API.
+
+== Removed features {SMProductName} 2.2
+
+This release marks the end of support for service mesh control planes based on Service Mesh 1.1 for all platforms.
+
 == Removed features {SMProductName} 2.1
 
 In Service Mesh 2.1, the Mixer component is removed. Bug fixes and support is provided through the end of the Service Mesh 2.0 life cycle.
diff --git a/modules/ossm-rn-known-issues.adoc b/modules/ossm-rn-known-issues.adoc
@@ -21,21 +21,41 @@ These limitations exist in {SMProductName}:
 
 * The first time you access related services such as {JaegerShortName} and Grafana, from the Kiali console, you must accept the certificate and re-authenticate using your {product-title} login credentials. This happens due to an issue with how the framework displays embedded pages in the console.
 
-* The Bookinfo sample application cannot be installed on IBM Z and IBM Power Systems.
+* The Bookinfo sample application cannot be installed on IBM Z and IBM Power.
 
-* WebAssembly extensions are not supported on IBM Z and IBM Power Systems.
+* WebAssembly extensions are not supported on IBM Z and IBM Power.
 
+* LuaJIT is not supported on IBM Power.
 
 [id="ossm-rn-known-issues-ossm_{context}"]
 == {SMProductShortName} known issues
 
 These are the known issues in {SMProductName}:
 
+* https://issues.redhat.com/browse/OSSM-1668[OSSM-1668]
+`jwksResolverCA` field is missing in `SMCP`.
++
+If you upgrade from Service Mesh operator 2.1.3 to Service Mesh operator 2.2, then the `jwksResolverCA` field is not supported. You must use the `techPreview` `jwksResolverExtraRootCA` field to enable additional JWKS CA certificates.
+
+* https://issues.redhat.com/browse/OSSM-1655[OSSM-1655] Kiali dashboard shows error after enabling mTLS in `SMCP`.
++
+After enabling the `spec.security.controlPlane.mtls` setting in the SMCP, the Kiali console displays the following error message `"No subsets defined"`.
+
 * https://issues.redhat.com/browse/OSSM-1211[OSSM-1211]
-Configuring Federated service meshes for failover does not work as expected. There is no workaround at this time.
+Configuring Federated service meshes for failover does not work as expected.
++
+The Istiod pilot log displays the following error: `envoy connection [C289] TLS error: 337047686:SSL routines:tls_process_server_certificate:certificate verify failed`
++
+There is no workaround at this time.
 
 * link:https://github.com/istio/istio/issues/14743[Istio-14743] Due to limitations in the version of Istio that this release of {SMProductName} is based on, there are several applications that are currently incompatible with {SMProductShortName}. See the linked community issue for details.
 
+* https://issues.redhat.com/browse/OSSM-1396[OSSM-1396] If a gateway resource contains the `spec.externalIPs` setting, instead of being recreated when the `ServiceMeshControlPlane` is updated, the gateway is removed and never recreated.
+
+* https://issues.redhat.com/browse/OSSM-1168[OSSM-1168] When service mesh resources are created as a single YAML file, the Envoy proxy sidecar is not reliably injected into pods. When the SMCP, SMMR, and Deployment resources are created individually, the deployment works as expected.
+
+* https://issues.redhat.com/browse/OSSM-1052[OSSM-1052] When configuring a Service `ExternalIP` for the ingressgateway in the service mesh control plane, the service is not created. The schema for the SMCP is missing the parameter for the service. The workaround for this issue is to disable the gateway creation in the SMCP spec and manage the gateway deployment entirely manually (including Service, Role and RoleBinding).
+
 * https://issues.redhat.com/browse/OSSM-882[OSSM-882] Namespace is in the accessible_namespace list but does not appear in Kiali UI. By default, Kiali will not show any namespaces that start with "kube" because these namespaces are typically internal-use only and not part of a mesh.
 +
 For example, if you create a namespace called 'akube-a' and add it to the Service Mesh member roll, then the Kiali UI does not display the namespace. For defined exclusion patterns, the software excludes namespaces that start with or contain the pattern.
diff --git a/modules/ossm-rn-new-features.adoc b/modules/ossm-rn-new-features.adoc
@@ -19,11 +19,101 @@ Module included in the following assemblies:
 * *Policy Enforcement* - Apply organizational policy to the interaction between services, ensure access policies are enforced and resources are fairly distributed among consumers. Policy changes are made by configuring the mesh, not by changing application code.
 * *Telemetry* - Gain understanding of the dependencies between services and the nature and flow of traffic between them, providing the ability to quickly identify issues.
 
+== New features {SMProductName} 2.2
+
+This release of {SMProductName} adds new features and enhancements, and is supported on OpenShift Container Platform 4.9 and 4.10.
+
+=== Component versions included in {SMProductName} version {SMProductVersion}
+
+|===
+|Component |Version
+
+|Istio
+|1.12.7
+
+|Envoy Proxy
+|1.20.4
+
+|Jaeger
+|1.34.1
+
+|Kiali
+|1.48.0.16
+|===
+
+=== `WasmPlugin` API
+This release adds support for the `WasmPlugin` API and deprecates the  `ServiceMeshExtention` API.
+
+=== ROSA support
+This release introduces service mesh support for Red Hat OpenShift on AWS (ROSA), including multi-cluster federation.
+
+=== `istio-node` DaemonSet renamed
+This release, the `istio-node` DaemonSet is renamed to `istio-cni-node` to match the name in upstream Istio.
+
+=== Envoy sidecar networking changes
+Istio 1.10 updated Envoy to send traffic to the application container using `eth0` rather than `lo` by default.
+
+=== Service Mesh Control Plane 1.1
+This release marks the end of support for Service Mesh Control Planes based on Service Mesh 1.1 for all platforms.
+
+=== Istio 1.12 Support
+
+{SMProductShortName} 2.2 is based on Istio 1.12, which brings in new features and product enhancements. While many Istio 1.12 features are supported, the following unsupported features should be noted:
+
+* AuthPolicy Dry Run is a tech preview feature.
+* gRPC Proxyless Service Mesh is a tech preview feature.
+* Telemetry API is a tech preview feature.
+* Discovery selectors is not a supported feature.
+* External control plane is not a supported feature.
+* Gateway injection is not a supported feature.
+
+=== Kubernetes Gateway API
+Kubernetes Gateway API is a technology preview feature that is disabled by default.
+
+To enable the feature, set the following environment variables for the `Istiod` container in `ServiceMeshControlPlane`:
+
+[source,yaml]
+----
+spec:
+  runtime:
+    components:
+      pilot:
+        container:
+          env:
+            PILOT_ENABLE_GATEWAY_API: true
+            PILOT_ENABLE_GATEWAY_API_STATUS: true
+            # and optionally, for the deployment controller
+            PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER: true
+----
+Restricting route attachment on Gateway API listeners is possible using the `SameNamespace` or `All` settings. Istio ignores usage of label selectors in `listeners.allowedRoutes.namespaces` and reverts to the default behavior (`SameNamespace`).
+
 == New features {SMProductName} 2.1.3
 
 This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
 
-=== Component versions included in {SMProductName} version {SMProductVersion}
+=== Component versions included in {SMProductName} version 2.1.3
+
+|===
+|Component |Version
+
+|Istio
+|1.9.9
+
+|Envoy Proxy
+|1.17.1
+
+|Jaeger
+|1.30.2
+
+|Kiali
+|1.36.10.2
+|===
+
+== New features {SMProductName} 2.1.2.1
+
+This release of {SMProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes.
+
+=== Component versions included in {SMProductName} version 2.1.2.1
 
 |===
 |Component |Version
diff --git a/modules/ossm-vs-istio.adoc b/modules/ossm-vs-istio.adoc
@@ -133,9 +133,3 @@ Subdomains (e.g.: "*.domain.com") are supported. However this ability doesn't co
 [id="ossm-tls_{context}"]
 === Transport layer security
 Transport Layer Security (TLS) is supported. This means that, if the Gateway contains a `tls` section, the OpenShift Route will be configured to support TLS.
-
-
-[id="ossm-wasm_{context}"]
-=== WebAssembly Extensions
-
-{SMProductName} 2.0 introduces WebAssembly extensions to Envoy Proxy as a link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview]. Note that WASM extensions are not included in the proxy binary and that WASM filters from the upstream Istio community are not supported in {SMProductName} 2.0.
diff --git a/service_mesh/v2x/servicemesh-release-notes.adoc b/service_mesh/v2x/servicemesh-release-notes.adoc
@@ -6,12 +6,10 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-== Making open source more inclusive
-
-Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see link:https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language[our CTO Chris Wright's message].
-
 // The following include statements pull in the module files that comprise 2.x release notes.
 
+include::modules/making-open-source-more-inclusive.adoc[leveloffset=+1]
+
 include::modules/ossm-rn-new-features.adoc[leveloffset=+1]
 
 include::modules/ossm-rn-technology-preview.adoc[leveloffset=+1]
