Merge pull request #37269 from rh-tokeefe/OSSMDOC-415

abrennan89 · web-flow · commit e5c94777c8bd · 2021-11-02T09:56:18.000-05:00
OSSMDOC-415: Document confirmation step for service mesh configuration tasks
diff --git a/modules/ossm-federation-create-export.adoc b/modules/ossm-federation-create-export.adoc
@@ -109,3 +109,37 @@ For example:
 ----
 $ oc get exportedserviceset green-mesh -o yaml |yaml
 ----
++
+. Run the following command to validate the services the red-mesh exports to share with green-mesh:
++
+[source,terminal]
+----
+$ oc get exportedserviceset <PeerMeshExportedTo> -o yaml
+----
++
+For example:
++
+[source,terminal]
+----
+$ oc -n red-mesh-system get exportedserviceset green-mesh -o yaml
+----
++
+.Example validating the services exported from the red mesh that are shared with the green mesh.
+[source,yaml]
+----
+  status:
+    exportedServices:
+    - exportedName: red-ratings.bookinfo.svc.green-mesh-exports.local
+      localService:
+        hostname: ratings.red-mesh-bookinfo.svc.cluster.local
+        name: ratings
+        namespace: red-mesh-bookinfo
+    - exportedName: reviews.red-mesh-bookinfo.svc.green-mesh-exports.local
+      localService:
+        hostname: reviews.red-mesh-bookinfo.svc.cluster.local
+        name: reviews
+        namespace: red-mesh-bookinfo
+----
+The `status.exportedServices` array lists the services that are currently exported (these services matched the export rules in the `ExportedServiceSet object`). Each entry in the array indicates the name of the exported service and details about the local service that is exported.
++
+If a service that you expected to be exported is missing, confirm the Service object exists, its name or labels match the `exportRules` defined in the `ExportedServiceSet` object, and that the Service object's namespace is configured as a member of the service mesh using the `ServiceMeshMemberRoll` or `ServiceMeshMember` object.
diff --git a/modules/ossm-federation-create-import.adoc b/modules/ossm-federation-create-import.adoc
@@ -110,3 +110,35 @@ For example:
 ----
 $ oc get importedserviceset green-mesh -o yaml |yaml
 ----
++
+. Run the following command to validate the services imported into a mesh.
++
+[source,terminal]
+----
+$ oc get importedserviceset <PeerMeshImportedInto> -o yaml
+----
++
+.Example validating that the services exported from the red mesh have been imported into the green mesh using the status section of the `importedserviceset/red-mesh' object in the 'green-mesh-system` namespace:
++
+[source,terminal]
+----
+$ oc -n green-mesh-system get importedserviceset/red-mesh -o yaml
+----
++
+[source,yaml]
+----
+status:
+  importedServices:
+  - exportedName: red-ratings.bookinfo.svc.green-mesh-exports.local
+    localService:
+      hostname: ratings.bookinfo.svc.red-mesh-imports.local
+      name: ratings
+      namespace: bookinfo
+  - exportedName: reviews.red-mesh-bookinfo.svc.green-mesh-exports.local
+    localService:
+      hostname: ""
+      name: ""
+      namespace: ""
+----
++
+In the preceding example only the ratings service is imported, as indicated by the populated fields under `localService`. The reviews service is available for import, but isn't currently imported because it does not match any `importRules` in the `ImportedServiceSet` object.
diff --git a/modules/ossm-federation-create-meshPeer.adoc b/modules/ossm-federation-create-meshPeer.adoc
@@ -84,3 +84,44 @@ spec:
 ----
 $ oc create -n red-mesh-system -f servicemeshpeer.yaml
 ----
++
+. To confirm that connection between the red mesh and green mesh is established, inspect the status of the green-mesh `ServiceMeshPeer` in the red-mesh-system namespace:
++
+[source,terminal]
+----
+$ oc -n red-mesh-system get servicemeshpeer green-mesh -o yaml
+----
++
+.Example ServiceMeshPeer connection between red-mesh and green-mesh
+[source,yaml]
+----
+status:
+  discoveryStatus:
+    active:
+    - pod: istiod-red-mesh-b65457658-9wq5j
+      remotes:
+      - connected: true
+        lastConnected: "2021-10-05T13:02:25Z"
+        lastFullSync: "2021-10-05T13:02:25Z"
+        source: 10.128.2.149
+      watch:
+        connected: true
+        lastConnected: "2021-10-05T13:02:55Z"
+        lastDisconnectStatus: 503 Service Unavailable
+        lastFullSync: "2021-10-05T13:05:43Z"
+----
+The `status.discoveryStatus.active.remotes` field shows that istiod in the peer mesh (in this example, the green mesh) is connected to istiod in the current mesh (in this example, the red mesh).
++
+The `status.discoveryStatus.active.watch` field shows that istiod in the current mesh is connected to istiod in the peer mesh.
++
+If you check the `servicemeshpeer` named `red-mesh` in `green-mesh-system`, you'll find information about the same two connections from the perspective of the green mesh.
++
+When the connection between two meshes is not established, the `ServiceMeshPeer` status indicates this in the `status.discoveryStatus.inactive` field.
++
+For more information on why a connection attempt failed, inspect the Istiod log, the access log of the egress gateway handling egress traffic for the peer, and the ingress gateway handling ingress traffic for the current mesh in the peer mesh.
++
+For example, if the red mesh can't connect to the green mesh, check the following logs:
+
+* istiod-red-mesh in red-mesh-system
+* egress-green-mesh in red-mesh-system
+* ingress-red-mesh in green-mesh-system
