Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 7. Reference
7.1. Migrating references
Many configuration options in the OpenShift Service Mesh 2 ServiceMeshControlPlane resource have changed location in the OpenShift Service Mesh 3 Istio resource. The following tables provide guidance for creating a new Istio resource in OpenShift Service Mesh 3 based on your existing OpenShift Service Mesh 2 ServiceMeshControlPlane resource.
7.1.1. Configuration fields mapping between Service Mesh 2 and Service Mesh 3
Many of the spec fields in the OpenShift Service Mesh 2 ServiceMeshControlPlane can be configured in the the OpenShift Service Mesh 3 Istio resource.
The following tables provide guidance for configuring your Istio resource in OpenShift Service Mesh 3.
7.1.1.1. Cluster configurations
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.cluster.multiCluster.enabled | spec.values.global.multiCluster.enabled |
| spec.cluster.multiCluster.meshNetworks | spec.values.global.meshNetworks |
| spec.cluster.multiCluster.meshNetworks.endpoints | spec.values.global.meshNetworks.endpoints |
| spec.cluster.multiCluster.meshNetworks.endpoints.fromCID | spec.values.global.meshNetworks.endpoints.fromCidr |
| spec.cluster.multiCluster.meshNetworks.endpoints.fromRegistry | spec.values.global.meshNetworks.endpoints.fromRegistry |
| spec.cluster.multiCluster.meshNetworks.gateways | spec.values.global.meshNetworks.gateways |
| spec.cluster.multiCluster.meshNetworks.gateways.address | spec.values.global.meshNetworks.gateways.address |
| spec.cluster.multiCluster.meshNetworks.gateways.port | spec.values.global.meshNetworks.gateways.port |
| spec.cluster.multiCluster.meshNetworks.gateways.registryServiceName | spec.values.global.meshNetworks.gateways.registryServiceName |
| spec.cluster.name | spec.values.global.multiCluster.clusterName |
| spec.cluster.network | spec.values.global.network |
7.1.1.2. General configurations
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.general.logging.componentLevels | spec.values.global.logging.levels |
| spec.general.logging.logAsJSON | spec.values.global.logAsJson |
| spec.general.validationMessages | spec.values.global.istiod.enableAnalysis |
7.1.1.3. MeshConfig configurations
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.values.meshConfig.discoverySelectors | spec.values.meshConfig.discoverySelectors |
| spec.values.meshConfig.extensionProviders | spec.values.meshConfig.extensionProviders |
7.1.1.4. Mode configurations
The mode configurations in the OpenShift Service Mesh 2 ServiceMeshControlPlane resource were:
- Multitenant
- Cluster-wide
- Federation
In OpenShift Service Mesh 3, the mode is not configured by using a single field in the Istio resource.
By default, the OpenShift Service Mesh 3 control plane has access to all namespaces which is equivalent to cluster-wide mode in OpenShift Service Mesh 2. For a similar configuration to MultiTenant mode in OpenShift Service Mesh 2 in OpenShift Service Mesh 3, you must use the discoverySelectors field. For more information, see "Deploying multiple service meshes on a single cluster".
7.1.1.5. Profile configurations
The profile configuration options for OpenShift Service Mesh 3 are:
-
ambient -
default -
demo -
empty -
openshift-ambient -
openshift -
preview -
stable
7.1.1.6. Proxy configurations
7.1.1.6.1. Access logging configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.proxy.accessLogging.envoyService.address | spec.values.meshConfig.defaultConfig.envoyAccessLogService.address |
| spec.proxy.accessLogging.envoyService.enabled | spec.values.meshConfig.enableEnvoyAccessLogService |
| spec.proxy.accessLogging.envoyService.tcpKeepalive | spec.values.meshConfig.defaultConfig.envoyAccessLogService.tcpKeepalive |
| spec.proxy.accessLogging.envoyService.tcpKeepalive.interval | spec.values.meshConfig.defaultConfig.envoyAccessLogService.tcpKeepalive.interval |
| spec.proxy.accessLogging.envoyService.tcpKeepalive.probes | spec.values.meshConfig.defaultConfig.envoyAccessLogService.tcpKeepalive.probes |
| spec.proxy.accessLogging.envoyService.tcpKeepalive.time | spec.values.meshConfig.defaultConfig.envoyAccessLogService.tcpKeepalive.time |
| spec.proxy.accessLogging.envoyService.tlsSettings | spec.values.meshConfig.defaultConfig.envoyAccessLogService.tlsSettings |
| spec.proxy.accessLogging.file.encoding | spec.values.meshConfig.accessLogEncoding |
| spec.proxy.accessLogging.file.format | spec.values.meshConfig.accessLogFormat |
| spec.proxy.accessLogging.file.name | spec.values.meshConfig.accessLogFile |
7.1.1.6.2. Basic proxy configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.proxy.adminPort | spec.values.meshConfig.defaultConfig.proxyAdminPort |
| spec.proxy.concurrency | spec.values.meshConfig.defaultConfig.concurrency |
7.1.1.6.3. Envoy metrics service fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.proxy.envoyMetricsService.address | spec.values.meshConfig.defaultConfig.envoyMetricsService.address |
| spec.proxy.envoyMetricsService.enabled | spec.values.meshConfig.enableEnvoyAccessLogService |
| spec.proxy.envoyMetricsService.tcpKeepalive | spec.values.meshConfig.defaultConfig.envoyMetricsService.tcpKeepalive |
| spec.proxy.envoyMetricsService.tlsSettings | spec.values.meshConfig.defaultConfig.envoyMetricsService.tlsSettings |
7.1.1.6.4. Injection configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.proxy.injection.alwaysInjectSelector | spec.values.sidecarInjectorWebhook.alwaysInjectSelector |
| spec.proxy.injection.neverInjectSelector | spec.values.sidecarInjectorWebhook.neverInjectSelector |
| spec.proxy.injection.injectedAnnotations | spec.values.sidecarInjectorWebhook.injectedAnnotations |
| spec.proxy.injection.autoInject | spec.values.global.proxy.autoInject |
7.1.1.6.5. Proxy logging configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.proxy.logging.componentLevels | spec.values.global.proxy.componentLogLevel |
| spec.proxy.logging.level | spec.values.global.logging.level |
7.1.1.6.6. Proxy networking configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.proxy.networking.clusterDomain | spec.values.global.proxy.clusterDomain |
| spec.proxy.networking.connectionTimeout | spec.values.meshConfig.connectTimeout |
| spec.proxy.networking.dns.refreshRate | spec.values.meshConfig.dnsRefreshRate |
| spec.proxy.networking.dns.searchSuffixes | spec.values.global.podDNSSearchNamespaces |
| spec.proxy.networking.initialization.initContainer.runtime.imageName | spec.values.global.proxy_init.image |
| spec.proxy.networking.initialization.initContainer.runtime.imagePullPolicy | spec.values.global.imagePullPolicy |
| spec.proxy.networking.initialization.initContainer.runtime.imagePullSecrets | spec.values.global.imagePullSecrets |
| spec.proxy.networking.initialization.initContainer.runtime.imageRegistry | spec.values.global.hub |
| spec.proxy.networking.initialization.initContainer.runtime.imageTag | spec.values.global.tag |
| spec.proxy.networking.initialization.initContainer.runtime.resources | spec.values.global.proxy_init.resources |
| spec.proxy.networking.maxConnectionAge | spec.values.pilot.keepaliveMaxServerConnectionAge |
| spec.proxy.networking.protocol.timeout | spec.values.meshConfig.protocolDetectionTimeout |
7.1.1.6.7. Traffic control configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.proxy.networking.trafficControl.inbound.excludedPorts | spec.values.global.proxy.excludeInboundPorts |
| spec.proxy.networking.trafficControl.inbound.includedPorts | spec.values.global.proxy.includeInboundPorts |
| spec.proxy.networking.trafficControl.inbound.interceptionMode | spec.values.meshConfig.defaultConfig.interceptionMode |
| spec.proxy.networking.trafficControl.outbound.excludedIPRanges | spec.values.global.proxy.excludeIPRanges |
| spec.proxy.networking.trafficControl.outbound.excludedPorts | spec.values.global.proxy.excludeOutboundPorts |
| spec.proxy.networking.trafficControl.outbound.includedIPRanges | spec.values.global.proxy.includeIPRanges |
| spec.proxy.networking.trafficControl.outbound.policy | spec.values.meshConfig.outboundTrafficPolicy.mode |
7.1.1.6.8. Proxy runtime configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.proxy.runtime.container.env | spec.values.meshConfig.defaultConfig.proxyMetadata |
| spec.proxy.runtime.container.imageName | spec.values.global.proxy.image |
| spec.proxy.runtime.container.imagePullPolicy | spec.values.global.imagePullPolicy |
| spec.proxy.runtime.container.imagePullSecrets | spec.values.global.imagePullSecrets |
| spec.proxy.runtime.container.imageRegistry | spec.values.global.hub |
| spec.proxy.runtime.container.imageTag | spec.values.global.tag |
| spec.proxy.runtime.container.resources | spec.values.global.proxy.resources |
| spec.proxy.runtime.readiness.failureThreshold | spec.values.global.proxy.readinessFailureThreshold |
| spec.proxy.runtime.readiness.initialDelaySeconds | spec.values.global.proxy.readinessInitialDelaySeconds |
| spec.proxy.runtime.readiness.periodSeconds | spec.values.global.proxy.readinessPeriodSeconds |
| spec.proxy.runtime.readiness.rewriteApplicationProbes | spec.values.sidecarInjectorWebhook.rewriteAppHTTPProbe |
| spec.proxy.runtime.readiness.statusPort | spec.values.global.proxy.statusPort |
7.1.1.7. Runtime configurations
7.1.1.7.1. Container configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.runtime.components.container.env | spec.values.pilot.env |
| spec.runtime.components.container.imageName | spec.values.pilot.image |
| spec.runtime.components.container.imagePullPolicy | spec.values.global.imagePullPolicy |
| spec.runtime.components.container.imagePullSecrets | spec.values.global.imagePullSecrets |
| spec.runtime.components.container.imageRegistry | spec.values.global.hub |
| spec.runtime.components.container.imageTag | spec.values.pilot.tag |
| spec.runtime.components.container.resources | spec.values.pilot.resources |
7.1.1.7.2. Deployment configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.runtime.components.deployment.autoScaling.enabled | spec.values.pilot.autoscaleEnabled |
| spec.runtime.components.deployment.autoScaling.maxReplicas | spec.values.pilot.autoscaleMax |
| spec.runtime.components.deployment.autoScaling.minReplicas | spec.values.pilot.autoscaleMin |
| spec.runtime.components.deployment.autoScaling.targetCPUUtilizationPercentage | spec.values.pilot.cpu.targetAverageUtilization |
| spec.runtime.components.deployment.replicas | spec.values.pilot.replicaCount |
| spec.runtime.components.deployment.strategy.rollingUpdate.maxSurge | spec.values.pilot.rollingMaxSurge |
| spec.runtime.components.deployment.strategy.rollingUpdate.maxUnavailable | spec.values.pilot.rollingMaxUnavailable |
7.1.1.7.3. Pod configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.runtime.components.pod.affinity | spec.values.pilot.affinity |
| spec.runtime.components.pod.affinity.nodeAffinity | spec.values.pilot.affinity.nodeAffinity |
| spec.runtime.components.pod.affinity.podAffinity | spec.values.pilot.affinity.podAffinity |
| spec.runtime.components.pod.affinity.podAntiAffinity | spec.values.pilot.affinity.podAntiAffinity |
| spec.runtime.components.pod.metadata.annotations | spec.values.pilot.podAnnotations |
| spec.runtime.components.pod.metadata.labels | spec.values.pilot.podLabels |
| spec.runtime.components.pod.nodeSelector | spec.values.pilot.nodeSelector |
| spec.runtime.components.pod.tolerations | spec.values.pilot.tolerations |
7.1.1.7.4. Defaults configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.runtime.defaults.container.imagePullPolicy | spec.values.global.imagePullPolicy |
| spec.runtime.defaults.container.imagePullSecrets | spec.values.global.imagePullSecrets |
| spec.runtime.defaults.container.imageRegistry | spec.values.global.hub |
| spec.runtime.defaults.container.imageTag | spec.values.global.tag |
| spec.runtime.defaults.container.resources | spec.values.global.defaultResources |
| spec.runtime.defaults.deployment.podDisruption.enabled | spec.values.global.defaultPodDisruptionBudget.enabled |
| spec.runtime.defaults.pod.nodeSelector | spec.values.global.defaultNodeSelector |
| spec.runtime.defaults.pod.tolerations | spec.values.global.defaultTolerations |
7.1.1.8. Security configurations
7.1.1.8.1. Certificate Authority (CA) fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.security.certificateAuthority.cert-manager | spec.values.meshConfig.ca AND spec.values.global.pilotCertProvider |
| spec.security.certificateAuthority.cert-manager.address | spec.values.meshConfig.ca.address |
| spec.security.certificateAuthority.custom.address | spec.values.meshConfig.ca.address |
7.1.1.8.2. Istiod CA fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.security.certificateAuthority.istiod.type | spec.values.global.pilotCertProvider |
7.1.1.8.3. Control plane security fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.security.controlPlane.certProvider | spec.values.global.pilotCertProvider |
| spec.security.controlPlane.mtls | spec.values.meshConfig.enableAutoMtls |
| spec.security.controlPlane.tls.cipherSuites | spec.values.meshConfig.tlsDefaults.cipherSuites |
| spec.security.controlPlane.tls.ecdhCurves | spec.values.meshConfig.tlsDefaults.ecdhCurves |
| spec.security.controlPlane.tls.minProtocolVersion | spec.values.meshConfig.tlsDefaults.minProtocolVersion |
7.1.1.8.4. Data plane security fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.security.dataPlane.automtls | spec.values.meshConfig.enableAutoMtls |
| spec.security.dataPlane.mtls | spec.values.meshConfig.meshMTLS |
7.1.1.8.5. Identity configuration fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.security.identity.thirdParty.audience | spec.values.global.sds.token.aud |
7.1.1.8.6. Other security fields
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.security.jwksResolverCA | spec.values.pilot.jwksResolverExtraRootCA |
| spec.security.trust.domain | spec.values.meshConfig.trustDomain |
| spec.security.trust.additionalDomains | spec.values.meshConfig.trustDomainAliases |
7.1.1.9. Tracing configurations
| SMCP 2.6 configuration | Istio 3.0 configuration |
|---|---|
| spec.tracing.sampling | spec.values.pilot.traceSampling |
7.1.2. Unsupported configuration fields in Service Mesh 3
The following tables list OpenShift Service Mesh 2 ServiceMeshControlPlane configuration fields that are not supported in Red Hat OpenShift Service Mesh 3. This does not necessarily mean the functionality has been removed. In some cases, such as add ons, you need to install the application separately and configure it separately.
7.1.2.1. Unsupported add-on configurations
Add-ons, such as Red Hat OpenShift distributed tracing platform, Kiali Operator provided by Red Hat, and others, are managed and configured separately in OpenShift Service Mesh 3. For more information, see "Observability and Service Mesh".
| spec.addons.3scale |
| spec.addons.grafana |
| spec.addons.jaeger |
| spec.addons.kiali |
| spec.addons.prometheus |
| spec.addons.stackdriver |
7.1.2.2. Unsupported cluster configurations
| spec.cluster.meshExpansion.ilbGateway, |
| spec.cluster.multiCluster.meshNetworks.gateways.service |
7.1.2.3. Unsupported Gateways configurations
Gateways are managed separately in OpenShift Service Mesh 3.
7.1.2.4. Unsupported policy configurations
| spec.policy.type |
| spec.policy.mixer |
| spec.policy.remote |
7.1.2.5. Unsupported Proxy configurations
7.1.2.5.1. Unsupported Proxy networking configuration fields
| spec.proxy.networking.initialization.type |
| spec.proxy.networking.initialization.initContainer.runtime.env |
| spec.proxy.networking.protocol.autoDetect |
| spec.proxy.networking.protocol.inbound |
| spec.proxy.networking.protocol.outbound |
7.1.2.6. Unsupported runtime configurations
7.1.2.6.1. Unsupported deployment configuration fields
| spec.runtime.components.deployment.strategy.type |
7.1.2.6.2. Unsupported defaults configuration fields
| spec.runtime.defaults.deployment.podDisruption.maxUnavailable |
| spec.runtime.defaults.deployment.podDisruption.minAvailable |
7.1.2.7. Unsupported security configurations
7.1.2.7.1. Unsupported certificate Authority (CA) fields
| spec.security.certificateAuthority.cert-manager.pilotSecretName |
| spec.security.certificateAuthority.cert-manager.rootCAConfigMapName |
7.1.2.7.2. Unsupported Istiod CA fields
| spec.security.certificateAuthority.istiod.privateKey.rootCADir |
| spec.security.certificateAuthority.istiod.selfSigned.checkPeriod |
| spec.security.certificateAuthority.istiod.selfSigned.enableJitter |
| spec.security.certificateAuthority.istiod.selfSigned.gracePeriod |
| spec.security.certificateAuthority.istiod.selfSigned.ttl |
| spec.security.certificateAuthority.istiod.workloadCertTTLDefault |
| spec.security.certificateAuthority.istiod.workloadCertTTLMax |
7.1.2.7.3. Unsupported control plane security fields
| spec.security.controlPlane.tls.maxProtocolVersion |
7.1.2.7.4. Unsupported identity configuration fields
| spec.security.identity.thirdParty.issuer |
| spec.security.identity.type |
7.1.2.8. Unsupported Telemetry configurations
| spec.telemetry.type |
| spec.telemetry.mixer |
| spec.telemetry.remote |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}