Red Hat OpenShift Service Mesh establishes a centralized point of control within an application to address a number of issues with microservice architectures. Without requiring any modifications to the application code, it gives already-existing distributed applications an additional transparent layer.
Enterprise application's tasks are divided into modular services using microservice designs, which can facilitate maintenance and scalability. But when a business program based on a microservice design gets bigger and more complicated, it gets harder to comprehend and maintain. By recording or intercepting communication between services and having the ability to change, divert, or originate new requests to other services, Service Mesh can solve those architectural issues.
Service Mesh, built on the open source Istio project, makes it simple to establish a network of deployed services that includes discovery, load balancing, service-to-service authentication, failure recovery, metrics, and monitoring. A service mesh also supports more advanced operational features like as A/B testing, canary releases, access control, and end-to-end authentication.
Features:
Red Hat OpenShift Service Mesh provides a number of key capabilities uniformly across a network of services:
- Traffic Management -Control the flow of traffic and API calls between services, making communications more reliable and the network more resilient in the face of unfavorable conditions.
- Service Identity and Security - Give services in the mesh a verifiable identification and the ability to secure service traffic as it travels across networks of different trustworthiness.
- Policy Enforcement - Apply organizational policy to service interactions, ensuring that access policies are implemented and resources are distributed equally among consumers. Policy changes are made by setting the mesh, rather than altering application code.
- Telemetry - Gain a grasp of service dependencies as well as the nature and flow of traffic between them, allowing you to recognize problems quickly.
Installing the Operators
To install Red Hat OpenShift Service Mesh, first install the Red Hat OpenShift Service Mesh Operator and any additional Operators on the OpenShift Container Platform. Next, establish a ServiceMeshControlPlane resource to deploy the control plane.
Red Hat OpenShift Service Mesh requires the Red Hat OpenShift Service Mesh Operator, which lets you to connect, secure, control, and monitor the microservices that make up your applications. You can also add additional Operators to improve your service mesh experience.
The following Operator is required:
-
Red Hat OpenShift Service Mesh Operator: Allows you to connect, secure, control, and monitor the microservices that make up your applications. It also specifies and monitors the
ServiceMeshControlPlane
resources, which control the deployment, updating, and deletion of Service Mesh components. It's based on the open-source Istio project.
The following Operators are optional:
- Red Hat Kiali Operator: Offers your service mesh observability. In a single console, you can examine setups, track traffic, and examine traces. The open-source Kiali project serves as its foundation.
- Red Hat OpenShift distributed tracing platform (Tempo): The distributed tracing platform (Tempo) of Red Hat OpenShift allows for the monitoring and troubleshooting of transactions in intricate distributed systems. Its foundation is the Grafana Tempo project, which is open source.
- Red Hat OpenShift distributed tracing platform (Jaeger): The distributed tracing platform (Jaeger) of Red Hat OpenShift: Offers distributed tracing for monitoring and debugging transactions in intricate distributed systems. The open-source Jaeger project serves as its foundation.
- OpenShift Elasticsearch Operator: Offers database storage for distributed tracing and logging using Jaeger, a tracing tool. The open source Elasticsearch project serves as its foundation.
Steps
- Log in to the OpenShift Container Platform web console as a user with the
cluster-admin
role. - In the OpenShift Container Platform web console, click Operators → OperatorHub.
- Type the name of the Operator into the filter box and select the Red Hat version of the Operator. Community versions of the Operators are not supported.
- Click Install.
- On the Install Operator page for each Operator, accept the default settings.
- Click Install. Wait until the Operator installs before repeating the steps for the next Operator you want to install.
- All namespaces in the cluster can use the Red Hat OpenShift Service Mesh Operator after it is installed in the
openshift-operators
namespace. - Red Hat provides the Kiali Operator, which installs in the
openshift-operators
namespace and is accessible for all cluster namespaces. - The Tempo Operator can be used with any namespace in the cluster and installs in the
openshift-tempo-operator
namespace. - All namespaces in the cluster can use the Red Hat OpenShift distributed tracing platform (Jaeger), which installs under the
openshift-distributed-tracing namespace
. - All namespaces in the cluster can use the OpenShift Elasticsearch Operator, which installs under the
openshift-operators-redhat
namespace. - Once all four Operators have been installed, confirm their installation by clicking Operators → Installed Operators.
Configuring the Service Mesh Operator
This task should only be completed if the Service Mesh Operator is running on an infrastructure node. If the operator will run on a worker node, skip this step.
- List the operators installed in the namespace:
oc -n openshift-operators get subscriptions
- Edit the Service Mesh Operator Subscription resource to specify where the operator should run:
oc -n openshift-operators edit subscription servicemeshoperator
- Add the
nodeSelector
andtolerations
tospec.config
in the Subscription resource:
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
labels:
operators.coreos.com/servicemeshoperator.openshift-operators: ""
name: servicemeshoperator
namespace: openshift-operators
# ...
spec:
config:
nodeSelector: #Ensures that the operator pod is only scheduled on an infrastructure node.
node-role.kubernetes.io/infra: ""
tolerations: #Ensures that the pod is accepted by the infrastructure node.
- effect: NoSchedule
key: node-role.kubernetes.io/infra
value: reserved
- effect: NoExecute
key: node-role.kubernetes.io/infra
value: reserved
- Verify the Service Mesh Operator is running on infrastructure node
oc -n openshift-operators get po -l name=istio-operator -owide
Ref: https://docs.openshift.com/container-platform/4.16/service_mesh/v2x/installing-ossm.html
Top comments (0)