Jump To Close Expand all Collapse all Table of contents Service Mesh 1. Service Mesh 1.x Expand section "1. Service Mesh 1.x" Collapse section "1. Service Mesh 1.x" 1.1. Service Mesh Release Notes Expand section "1.1. Service Mesh Release Notes" Collapse section "1.1. Service Mesh Release Notes" 1.1.1. Red Hat OpenShift Service Mesh overview 1.1.2. Getting support Expand section "1.1.2. Getting support" Collapse section "1.1.2. Getting support" 1.1.2.1. About the must-gather tool 1.1.2.2. Prerequisites 1.1.2.3. About collecting service mesh data 1.1.3. Red Hat OpenShift Service Mesh supported configurations Expand section "1.1.3. Red Hat OpenShift Service Mesh supported configurations" Collapse section "1.1.3. Red Hat OpenShift Service Mesh supported configurations" 1.1.3.1. Supported configurations for Kiali on Red Hat OpenShift Service Mesh 1.1.3.2. Supported Mixer adapters 1.1.4. New Features Expand section "1.1.4. New Features" Collapse section "1.1.4. New Features" 1.1.4.1. Component versions included in Red Hat OpenShift Service Mesh version 1.1.10 1.1.4.2. New features Red Hat OpenShift Service Mesh 1.1.10 1.1.4.3. New features Red Hat OpenShift Service Mesh 1.1.9 1.1.4.4. New features Red Hat OpenShift Service Mesh 1.1.8 1.1.4.5. New features Red Hat OpenShift Service Mesh 1.1.7 1.1.4.6. New features Red Hat OpenShift Service Mesh 1.1.6 1.1.4.7. New features Red Hat OpenShift Service Mesh 1.1.5 1.1.4.8. New features Red Hat OpenShift Service Mesh 1.1.4 Expand section "1.1.4.8. New features Red Hat OpenShift Service Mesh 1.1.4" Collapse section "1.1.4.8. New features Red Hat OpenShift Service Mesh 1.1.4" 1.1.4.8.1. Manual updates required by CVE-2020-8663 1.1.4.8.2. Upgrading from Elasticsearch 5 to Elasticsearch 6 1.1.4.9. New features Red Hat OpenShift Service Mesh 1.1.3 1.1.4.10. New features Red Hat OpenShift Service Mesh 1.1.2 1.1.4.11. New features Red Hat OpenShift Service Mesh 1.1.1 1.1.4.12. New features Red Hat OpenShift Service Mesh 1.1.0 Expand section "1.1.4.12. New features Red Hat OpenShift Service Mesh 1.1.0" Collapse section "1.1.4.12. New features Red Hat OpenShift Service Mesh 1.1.0" 1.1.4.12.1. Manual updates from 1.0 to 1.1 1.1.4.13. New features Red Hat OpenShift Service Mesh 1.0.11 1.1.4.14. New features Red Hat OpenShift Service Mesh 1.0.10 1.1.4.15. New features Red Hat OpenShift Service Mesh 1.0.9 1.1.4.16. New features Red Hat OpenShift Service Mesh 1.0.8 1.1.4.17. New features Red Hat OpenShift Service Mesh 1.0.7 1.1.4.18. New features Red Hat OpenShift Service Mesh 1.0.6 1.1.4.19. New features Red Hat OpenShift Service Mesh 1.0.5 1.1.4.20. New features Red Hat OpenShift Service Mesh 1.0.4 1.1.4.21. New features Red Hat OpenShift Service Mesh 1.0.3 1.1.4.22. New features Red Hat OpenShift Service Mesh 1.0.2 Expand section "1.1.4.22. New features Red Hat OpenShift Service Mesh 1.0.2" Collapse section "1.1.4.22. New features Red Hat OpenShift Service Mesh 1.0.2" 1.1.4.22.1. Manual updates required to upgrade from 1.0.1 to 1.0.2 1.1.4.23. New features Red Hat OpenShift Service Mesh 1.0.1 1.1.4.24. New features Red Hat OpenShift Service Mesh 1.0 1.1.5. Deprecated features Expand section "1.1.5. Deprecated features" Collapse section "1.1.5. Deprecated features" 1.1.5.1. Deprecated features Red Hat OpenShift Service Mesh 1.1.5 1.1.6. Known issues Expand section "1.1.6. Known issues" Collapse section "1.1.6. Known issues" 1.1.6.1. Service Mesh known issues 1.1.6.2. Kiali known issues 1.1.6.3. Jaeger known issues 1.1.7. Fixed issues Expand section "1.1.7. Fixed issues" Collapse section "1.1.7. Fixed issues" 1.1.7.1. Service Mesh fixed issues 1.1.7.2. Kiali fixed issues 1.2. Understanding Red Hat OpenShift Service Mesh Expand section "1.2. Understanding Red Hat OpenShift Service Mesh" Collapse section "1.2. Understanding Red Hat OpenShift Service Mesh" 1.2.1. Understanding service mesh 1.2.2. Red Hat OpenShift Service Mesh Architecture 1.2.3. Differences between Istio and Red Hat OpenShift Service Mesh Expand section "1.2.3. Differences between Istio and Red Hat OpenShift Service Mesh" Collapse section "1.2.3. Differences between Istio and Red Hat OpenShift Service Mesh" 1.2.3.1. Command line tool 1.2.3.2. Automatic injection 1.2.3.3. Istio Role Based Access Control features 1.2.3.4. OpenSSL 1.2.3.5. Component modifications 1.2.3.6. Envoy, Secret Discovery Service, and certificates 1.2.3.7. Istio Container Network Interface (CNI) plug-in 1.2.3.8. Routes for Istio Gateways Expand section "1.2.3.8. Routes for Istio Gateways" Collapse section "1.2.3.8. Routes for Istio Gateways" 1.2.3.8.1. Catch-all domains 1.2.3.8.2. Subdomains 1.2.3.8.3. Transport layer security 1.3. Understanding Kiali Expand section "1.3. Understanding Kiali" Collapse section "1.3. Understanding Kiali" 1.3.1. Kiali overview 1.3.2. Kiali architecture 1.3.3. Kiali features 1.4. Understanding Jaeger Expand section "1.4. Understanding Jaeger" Collapse section "1.4. Understanding Jaeger" 1.4.1. Jaeger overview 1.4.2. Jaeger architecture 1.4.3. Jaeger features 1.4.4. Next steps 1.5. Service Mesh and Istio differences Expand section "1.5. Service Mesh and Istio differences" Collapse section "1.5. Service Mesh and Istio differences" 1.5.1. Red Hat OpenShift Service Mesh multitenant installation Expand section "1.5.1. Red Hat OpenShift Service Mesh multitenant installation" Collapse section "1.5.1. Red Hat OpenShift Service Mesh multitenant installation" 1.5.1.1. Multitenancy versus cluster-wide installations 1.5.1.2. Cluster scoped resources 1.5.2. Differences between Istio and Red Hat OpenShift Service Mesh Expand section "1.5.2. Differences between Istio and Red Hat OpenShift Service Mesh" Collapse section "1.5.2. Differences between Istio and Red Hat OpenShift Service Mesh" 1.5.2.1. Command line tool 1.5.2.2. Automatic injection 1.5.2.3. Istio Role Based Access Control features 1.5.2.4. OpenSSL 1.5.2.5. Component modifications 1.5.2.6. Envoy, Secret Discovery Service, and certificates 1.5.2.7. Istio Container Network Interface (CNI) plug-in 1.5.2.8. Routes for Istio Gateways Expand section "1.5.2.8. Routes for Istio Gateways" Collapse section "1.5.2.8. Routes for Istio Gateways" 1.5.2.8.1. Catch-all domains 1.5.2.8.2. Subdomains 1.5.2.8.3. Transport layer security 1.5.3. Kiali and service mesh 1.5.4. Jaeger and service mesh 1.6. Preparing to install Red Hat OpenShift Service Mesh Expand section "1.6. Preparing to install Red Hat OpenShift Service Mesh" Collapse section "1.6. Preparing to install Red Hat OpenShift Service Mesh" 1.6.1. Prerequisites 1.6.2. Red Hat OpenShift Service Mesh supported configurations Expand section "1.6.2. Red Hat OpenShift Service Mesh supported configurations" Collapse section "1.6.2. Red Hat OpenShift Service Mesh supported configurations" 1.6.2.1. Supported configurations for Kiali on Red Hat OpenShift Service Mesh 1.6.2.2. Supported Mixer adapters 1.6.3. Red Hat OpenShift Service Mesh installation activities 1.6.4. Next steps 1.7. Installing Red Hat OpenShift Service Mesh Expand section "1.7. Installing Red Hat OpenShift Service Mesh" Collapse section "1.7. Installing Red Hat OpenShift Service Mesh" 1.7.1. Prerequisites 1.7.2. Installing the Elasticsearch Operator 1.7.3. Installing the Jaeger Operator 1.7.4. Installing the Kiali Operator 1.7.5. Installing the Red Hat OpenShift Service Mesh Operator 1.7.6. Deploying the Red Hat OpenShift Service Mesh control plane Expand section "1.7.6. Deploying the Red Hat OpenShift Service Mesh control plane" Collapse section "1.7.6. Deploying the Red Hat OpenShift Service Mesh control plane" 1.7.6.1. Deploying the control plane from the web console 1.7.6.2. Deploying the control plane from the CLI 1.7.7. Creating the Red Hat OpenShift Service Mesh member roll Expand section "1.7.7. Creating the Red Hat OpenShift Service Mesh member roll" Collapse section "1.7.7. Creating the Red Hat OpenShift Service Mesh member roll" 1.7.7.1. Creating the member roll from the web console 1.7.7.2. Creating the member roll from the CLI 1.7.7.3. Creating the Red Hat OpenShift Service Mesh members 1.7.8. Adding or removing projects from the service mesh Expand section "1.7.8. Adding or removing projects from the service mesh" Collapse section "1.7.8. Adding or removing projects from the service mesh" 1.7.8.1. Modifying the member roll from the web console 1.7.8.2. Modifying the member roll from the CLI 1.7.9. Manual updates Expand section "1.7.9. Manual updates" Collapse section "1.7.9. Manual updates" 1.7.9.1. Updating your application pods 1.8. Removing Red Hat OpenShift Service Mesh Expand section "1.8. Removing Red Hat OpenShift Service Mesh" Collapse section "1.8. Removing Red Hat OpenShift Service Mesh" 1.8.1. Removing the Red Hat OpenShift Service Mesh member roll 1.8.2. Removing the Red Hat OpenShift Service Mesh control plane Expand section "1.8.2. Removing the Red Hat OpenShift Service Mesh control plane" Collapse section "1.8.2. Removing the Red Hat OpenShift Service Mesh control plane" 1.8.2.1. Removing the control plane with the web console 1.8.2.2. Removing the control plane from the CLI 1.8.3. Removing the installed Operators Expand section "1.8.3. Removing the installed Operators" Collapse section "1.8.3. Removing the installed Operators" 1.8.3.1. Removing the Red Hat OpenShift Service Mesh Operator 1.8.3.2. Removing the Jaeger Operator 1.8.3.3. Removing the Kiali Operator 1.8.3.4. Removing the Elasticsearch Operator 1.8.3.5. Clean up Operator resources 1.8.4. Next steps 1.9. Customizing the Red Hat OpenShift Service Mesh installation Expand section "1.9. Customizing the Red Hat OpenShift Service Mesh installation" Collapse section "1.9. Customizing the Red Hat OpenShift Service Mesh installation" 1.9.1. Prerequisites 1.9.2. Red Hat OpenShift Service Mesh custom resources 1.9.3. ServiceMeshControlPlane parameters Expand section "1.9.3. ServiceMeshControlPlane parameters" Collapse section "1.9.3. ServiceMeshControlPlane parameters" 1.9.3.1. Istio global example 1.9.3.2. Istio gateway configuration 1.9.3.3. Automatic route creation Expand section "1.9.3.3. Automatic route creation" Collapse section "1.9.3.3. Automatic route creation" 1.9.3.3.1. Enabling Automatic Route Creation 1.9.3.3.2. Subdomains 1.9.3.4. Istio Mixer configuration 1.9.3.5. Istio Pilot configuration 1.9.4. Configuring Kiali Expand section "1.9.4. Configuring Kiali" Collapse section "1.9.4. Configuring Kiali" 1.9.4.1. Configuring Kiali for Grafana 1.9.4.2. Configuring Kiali for Jaeger 1.9.5. Configuring Jaeger Expand section "1.9.5. Configuring Jaeger" Collapse section "1.9.5. Configuring Jaeger" 1.9.5.1. Configuring Elasticsearch 1.9.5.2. Configuring the Elasticsearch index cleaner job 1.9.6. 3scale configuration 1.9.7. Next steps 1.10. Deploying applications on Red Hat OpenShift Service Mesh Expand section "1.10. Deploying applications on Red Hat OpenShift Service Mesh" Collapse section "1.10. Deploying applications on Red Hat OpenShift Service Mesh" 1.10.1. Prerequisites 1.10.2. Creating control plane templates Expand section "1.10.2. Creating control plane templates" Collapse section "1.10.2. Creating control plane templates" 1.10.2.1. Creating the ConfigMap 1.10.3. Red Hat OpenShift Service Mesh's sidecar injection Expand section "1.10.3. Red Hat OpenShift Service Mesh's sidecar injection" Collapse section "1.10.3. Red Hat OpenShift Service Mesh's sidecar injection" 1.10.3.1. Setting environment variables on the proxy in applications through annotations 1.10.3.2. Enabling automatic sidecar injection 1.10.4. Updating Mixer policy enforcement Expand section "1.10.4. Updating Mixer policy enforcement" Collapse section "1.10.4. Updating Mixer policy enforcement" 1.10.4.1. Setting the correct network policy 1.10.5. Bookinfo example application Expand section "1.10.5. Bookinfo example application" Collapse section "1.10.5. Bookinfo example application" 1.10.5.1. Installing the Bookinfo application 1.10.5.2. Adding default destination rules 1.10.5.3. Verifying the Bookinfo installation 1.10.5.4. Removing the Bookinfo application Expand section "1.10.5.4. Removing the Bookinfo application" Collapse section "1.10.5.4. Removing the Bookinfo application" 1.10.5.4.1. Delete the Bookinfo project 1.10.5.4.2. Remove the Bookinfo project from the Service Mesh member roll 1.10.6. Generating example traces and analyzing trace data 1.11. Data visualization and observability Expand section "1.11. Data visualization and observability" Collapse section "1.11. Data visualization and observability" 1.11.1. Accessing the Kiali console 1.11.2. Visualizing your service Expand section "1.11.2. Visualizing your service" Collapse section "1.11.2. Visualizing your service" 1.11.2.1. Namespace graphs 1.12. Customizing security in a Service Mesh Expand section "1.12. Customizing security in a Service Mesh" Collapse section "1.12. Customizing security in a Service Mesh" 1.12.1. Enabling mutual Transport Layer Security (mTLS) Expand section "1.12.1. Enabling mutual Transport Layer Security (mTLS)" Collapse section "1.12.1. Enabling mutual Transport Layer Security (mTLS)" 1.12.1.1. Enabling strict mTLS across the mesh Expand section "1.12.1.1. Enabling strict mTLS across the mesh" Collapse section "1.12.1.1. Enabling strict mTLS across the mesh" 1.12.1.1.1. Configuring sidecars for incoming connections for specific services 1.12.1.2. Configuring sidecars for outgoing connections 1.12.1.3. Setting the minimum and maximum protocol versions 1.12.2. Configuring cipher suites and ECDH curves 1.12.3. Adding an external certificate authority key and certificate Expand section "1.12.3. Adding an external certificate authority key and certificate" Collapse section "1.12.3. Adding an external certificate authority key and certificate" 1.12.3.1. Adding an existing certificate and key 1.12.3.2. Verifying your certificates 1.12.3.3. Removing the certificates 1.13. Traffic management Expand section "1.13. Traffic management" Collapse section "1.13. Traffic management" 1.13.1. Routing and managing traffic Expand section "1.13.1. Routing and managing traffic" Collapse section "1.13.1. Routing and managing traffic" 1.13.1.1. Traffic management with virtual services Expand section "1.13.1.1. Traffic management with virtual services" Collapse section "1.13.1.1. Traffic management with virtual services" 1.13.1.1.1. Configuring virtual services 1.13.1.2. Configuring your virtual host Expand section "1.13.1.2. Configuring your virtual host" Collapse section "1.13.1.2. Configuring your virtual host" 1.13.1.2.1. Hosts 1.13.1.2.2. Routing rules 1.13.1.2.3. Destination rules Expand section "1.13.1.2.3. Destination rules" Collapse section "1.13.1.2.3. Destination rules" 1.13.1.2.3.1. Load balancing options 1.13.1.2.4. Gateways 1.13.1.2.5. Service entries 1.13.1.2.6. Sidecar 1.13.2. Managing ingress traffic Expand section "1.13.2. Managing ingress traffic" Collapse section "1.13.2. Managing ingress traffic" 1.13.2.1. Determining the ingress IP and ports 1.13.3. Routing example using the bookinfo application Expand section "1.13.3. Routing example using the bookinfo application" Collapse section "1.13.3. Routing example using the bookinfo application" 1.13.3.1. Applying a virtual service 1.13.3.2. Test the new routing configuration 1.13.3.3. Route based on user identity 1.14. Using the 3scale Istio adapter Expand section "1.14. Using the 3scale Istio adapter" Collapse section "1.14. Using the 3scale Istio adapter" 1.14.1. Integrate the 3scale adapter with Red Hat OpenShift Service Mesh Expand section "1.14.1. Integrate the 3scale adapter with Red Hat OpenShift Service Mesh" Collapse section "1.14.1. Integrate the 3scale adapter with Red Hat OpenShift Service Mesh" 1.14.1.1. Generating 3scale custom resources Expand section "1.14.1.1. Generating 3scale custom resources" Collapse section "1.14.1.1. Generating 3scale custom resources" 1.14.1.1.1. Generate templates from URL examples 1.14.1.2. Generating manifests from a deployed adapter 1.14.1.3. Routing service traffic through the adapter 1.14.2. Configure the integration settings in 3scale 1.14.3. Caching behavior 1.14.4. Authenticating requests Expand section "1.14.4. Authenticating requests" Collapse section "1.14.4. Authenticating requests" 1.14.4.1. Applying authentication patterns Expand section "1.14.4.1. Applying authentication patterns" Collapse section "1.14.4.1. Applying authentication patterns" 1.14.4.1.1. API key authentication method 1.14.4.1.2. Application ID and application key pair authentication method 1.14.4.1.3. OpenID authentication method 1.14.4.1.4. Hybrid authentication method 1.14.5. 3scale Adapter metrics Legal Notice Settings Close Language: 简体中文 日本語 English Language: 简体中文 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 简体中文 日本語 English Language: 简体中文 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Service Mesh OpenShift Container Platform 4.3Service Mesh installation, usage, and release notesRed Hat OpenShift Documentation TeamLegal NoticeAbstract This document provides information on how to use Service Mesh in OpenShift Container Platform Next