Merge pull request #70539 from rh-tokeefe/OSSM-5725

skrthomas · web-flow · commit e2dd8fde8938 · 2024-03-18T15:54:08.000-04:00
OSSM-5725: Add content to exclude the creation of CNI pods (2.5 Release)
diff --git a/modules/ossm-vs-istio.adoc b/modules/ossm-vs-istio.adoc
@@ -118,6 +118,12 @@ You can deploy virtual machines to OpenShift using OpenShift Virtualization. The
 
 {SMProductName} includes CNI plugin, which provides you with an alternate way to configure application pod networking. The CNI plugin replaces the `init-container` network configuration eliminating the need to grant service accounts and projects access to security context constraints (SCCs) with elevated privileges.
 
+[NOTE]
+====
+By default, Istio Container Network Interface (CNI) pods are created on all {product-title} nodes. To exclude the creation of CNI pods in a specific node, apply the  `maistra.io/exclude-cni=true` label to the node.
+Adding this label removes any previously deployed Istio CNI pods from the node.
+====
+
 [id="ossm-global-mtls_{context}"]
 == Global mTLS settings
 {SMProductName} creates a `PeerAuthentication` resource that enables or disables Mutual TLS authentication (mTLS) within the mesh.
