|
| 1 | +# About the Sail Operator |
| 2 | + |
| 3 | +The Sail Operator is able to install and manage the lifecycle of the Istio |
| 4 | +control plane in an OpenShift cluster. |
| 5 | + |
| 6 | + |
| 7 | +## Prerequisites |
| 8 | + |
| 9 | +You have deployed a cluster on OpenShift Container Platform 4.13 or later. |
| 10 | + |
| 11 | +You are logged in to the OpenShift Container Platform web console as a user with |
| 12 | +the `cluster-admin` role. |
| 13 | + |
| 14 | +You have access to the OpenShift CLI (oc). |
| 15 | + |
| 16 | + |
| 17 | +## Installing the Sail Operator |
| 18 | + |
| 19 | +1. Navigate to the OperatorHub. |
| 20 | + |
| 21 | +1. Click **Operator** -> **Operator Hub**. |
| 22 | + |
| 23 | +1. Search for "sail". |
| 24 | + |
| 25 | +1. Locate the Sail Operator, and click to select it. |
| 26 | + |
| 27 | +1. When the prompt that discusses the community operator appears, click **Continue**. |
| 28 | + |
| 29 | +1. Verify the Sail Operator is version 0.1, and click **Install**. |
| 30 | + |
| 31 | +1. Use the default installation settings presented, and click **Install** to continue. |
| 32 | + |
| 33 | +1. Click **Operators** -> **Installed Operators** to verify that the Sail Operator |
| 34 | +is installed. `Succeeded` should appear in the **Status** column. |
| 35 | + |
| 36 | + |
| 37 | +## Deploying Istio |
| 38 | + |
| 39 | +To deploy Istio, you must create two resources: `Istio` and `IstioCNI`. The |
| 40 | +`Istio` resource deploys and configures the Istio Control Plane, whereas the |
| 41 | +`IstioCNI` resource deploys and configures the Istio CNI plugin. You should |
| 42 | +create these resources in separate projects. |
| 43 | + |
| 44 | + |
| 45 | +### Creating the istio-system and istio-cni Projects |
| 46 | + |
| 47 | +1. In the OpenShift Container Platform web console, click **Home** -> **Projects**. |
| 48 | + |
| 49 | +1. Click **Create Project**. |
| 50 | + |
| 51 | +1. At the prompt, you must enter a name for the project in the **Name** field. |
| 52 | +For example, `istio-system`. The Operator deploys Istio to the project you |
| 53 | +specify. The other fields provide supplementary information and are optional. |
| 54 | + |
| 55 | +1. Click **Create**. |
| 56 | + |
| 57 | +Repeat the process to create a project named `istio-cni`. |
| 58 | + |
| 59 | + |
| 60 | +### Creating the Istio resource |
| 61 | + |
| 62 | +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. |
| 63 | +1. Select the `istio-system` project from the **Namespace** drop-down menu. |
| 64 | +1. Click the Sail Operator. |
| 65 | +1. Click **Istio**. |
| 66 | +1. Click **Create Istio**. |
| 67 | +1. Click **Create**. This action deploys the Istio control plane. |
| 68 | +1. When `State: Healthy` appears in the `Status` column, Istio is successfully deployed. |
| 69 | + |
| 70 | + |
| 71 | +### Creating the IstioCNI resource |
| 72 | + |
| 73 | +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. |
| 74 | +1. Click the Sail Operator. |
| 75 | +1. Click **IstioCNI**. |
| 76 | +1. Click **Create IstioCNI**. |
| 77 | +1. Ensure that the name is `default`. |
| 78 | +1. Select the `istio-cni` project from the **Namespace** drop-down menu. |
| 79 | +1. Click **Create**. This action deploys the Istio CNI plugin. |
| 80 | +1. When `State: Healthy` appears in the `Status` column, the Istio CNI plugin is successfully deployed. |
| 81 | + |
| 82 | + |
| 83 | +### Selecting the Istio and IstioCNI versions |
| 84 | + |
| 85 | +The `version` field of the `Istio` and `IstioCNI` resource defines which version |
| 86 | +of each component should be deployed. This can be set using the `Istio Version` |
| 87 | +drop down menu when creating a new `Istio` with the OpenShift Container Platform |
| 88 | +web console. For a list of available versions, see the [versions.yaml](/versions.yaml) file |
| 89 | +or use the command: |
| 90 | + |
| 91 | +```sh |
| 92 | +$ kubectl explain istio.spec.version |
| 93 | +``` |
| 94 | + |
| 95 | +### Customizing Istio configuration |
| 96 | + |
| 97 | +The `spec.values` field of the `Istio` and `IstioCNI` resource can be used to |
| 98 | +customize Istio and Istio CNI plugin configuration using Istio's `Helm` |
| 99 | +configuration values. When you create this resource using the OpenShift |
| 100 | +Container Platform web console, it is pre-populated with configuration settings |
| 101 | +to enable Istio to run on OpenShift. |
| 102 | + |
| 103 | +To view or modify the `Istio` resource from the OpenShift Container Platform web console: |
| 104 | + |
| 105 | +1. Click **Operators** -> **Installed Operators**. |
| 106 | +1. Click **Istio** in the **Provided APIs** column. |
| 107 | +1. Click `Istio` instance, "istio-sample" by default, in the **Name** column. |
| 108 | +1. Click **YAML** to view the `Istio` configuration and make modifications. |
| 109 | + |
| 110 | +An example configuration: |
| 111 | + |
| 112 | +``` |
| 113 | +apiVersion: sailoperator.io/v1 |
| 114 | +kind: Istio |
| 115 | +metadata: |
| 116 | + name: example |
| 117 | +spec: |
| 118 | + version: v1.20.0 |
| 119 | + values: |
| 120 | + global: |
| 121 | + mtls: |
| 122 | + enabled: true |
| 123 | + trustDomainAliases: |
| 124 | + - example.net |
| 125 | + meshConfig: |
| 126 | + trustDomain: example.com |
| 127 | + trustDomainAliases: |
| 128 | + - example.net |
| 129 | +``` |
| 130 | + |
| 131 | +For a list of available configuration for the `spec.values` field, run the |
| 132 | +following command: |
| 133 | + |
| 134 | +```sh |
| 135 | +$ kubectl explain istio.spec.values |
| 136 | +``` |
| 137 | + |
| 138 | +For the `IstioCNI` resource, replace `istio` with `istiocni` in the command above. |
| 139 | + |
| 140 | +Alternatively, refer to [Istio's artifacthub chart documentation](https://artifacthub.io/packages/search?org=istio&sort=relevance&page=1) for: |
| 141 | + |
| 142 | +- [Base parameters](https://artifacthub.io/packages/helm/istio-official/base?modal=values) |
| 143 | +- [Istiod parameters](https://artifacthub.io/packages/helm/istio-official/istiod?modal=values) |
| 144 | +- [Gateway parameters](https://artifacthub.io/packages/helm/istio-official/gateway?modal=values) |
| 145 | +- [CNI parameters](https://artifacthub.io/packages/helm/istio-official/cni?modal=values) |
| 146 | +- [ZTunnel parameters](https://artifacthub.io/packages/helm/istio-official/ztunnel?modal=values) |
| 147 | + |
| 148 | + |
| 149 | +## Installing the istioctl tool |
| 150 | + |
| 151 | +The `istioctl` tool is a configuration command line utility that allows service |
| 152 | +operators to debug and diagnose Istio service mesh deployments. |
| 153 | + |
| 154 | +For installation steps, refer to the following [link](../docs/common/install-istioctl-tool.md). |
| 155 | + |
| 156 | +## Installing the Bookinfo Application |
| 157 | + |
| 158 | +You can use the `bookinfo` example application to explore service mesh features. |
| 159 | +Using the `bookinfo` application, you can easily confirm that requests from a |
| 160 | +web browser pass through the mesh and reach the application. |
| 161 | + |
| 162 | +For installation steps, refer to the following [link](../docs/common/install-bookinfo-app.md). |
| 163 | + |
| 164 | + |
| 165 | +## Creating and Configuring Gateways |
| 166 | + |
| 167 | +The Sail Operator does not deploy Ingress or Egress Gateways. Gateways are not |
| 168 | +part of the control plane. As a security best-practice, Ingress and Egress |
| 169 | +Gateways should be deployed in a different namespace than the namespace that |
| 170 | +contains the control plane. |
| 171 | + |
| 172 | +You can deploy gateways using either the Gateway API or Gateway Injection methods. |
| 173 | + |
| 174 | +For installation steps, refer to the following [link](../docs/common/create-and-configure-gateways.md). |
| 175 | + |
| 176 | + |
| 177 | +## Istio Addons Integrations |
| 178 | + |
| 179 | +Istio can be integrated with other software to provide additional functionality |
| 180 | +(More information can be found in: https://istio.io/latest/docs/ops/integrations/). |
| 181 | +The following addons are for demonstration or development purposes only and |
| 182 | +should not be used in production environments: |
| 183 | + |
| 184 | +For installation steps, refer to the following [link](../docs/common/istio-addons-integrations.md). |
| 185 | + |
| 186 | + |
| 187 | +## Undeploying Istio and the Sail Operator |
| 188 | + |
| 189 | +### Deleting Istio |
| 190 | +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. |
| 191 | +1. Click **Istio** in the **Provided APIs** column. |
| 192 | +1. Click the Options menu, and select **Delete Istio**. |
| 193 | +1. At the prompt to confirm the action, click **Delete**. |
| 194 | + |
| 195 | +### Deleting IstioCNI |
| 196 | +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. |
| 197 | +1. Click **IstioCNI** in the **Provided APIs** column. |
| 198 | +1. Click the Options menu, and select **Delete IstioCNI**. |
| 199 | +1. At the prompt to confirm the action, click **Delete**. |
| 200 | + |
| 201 | +### Deleting the Sail Operator |
| 202 | +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. |
| 203 | +1. Locate the Sail Operator. Click the Options menu, and select **Uninstall Operator**. |
| 204 | +1. At the prompt to confirm the action, click **Uninstall**. |
| 205 | + |
| 206 | +### Deleting the Projects |
| 207 | +1. In the OpenShift Container Platform web console, click **Home** -> **Projects**. |
| 208 | +1. Locate the name of the project and click the Options menu. |
| 209 | +1. Click **Delete Project**. |
| 210 | +1. At the prompt to confirm the action, enter the name of the project. |
| 211 | +1. Click **Delete**. |
0 commit comments