Prerequisites

Adding the Git Repository to ArgoCD

  1. Log in to ArgoCD UI, go to Settings > Repositories, and then click Connect Repo.
  2. Fill in the required details; there are multiple ways to connect:
    • Via SSH (Private Key needed)
    • Via HTTPS
    • Via Github App

Configuring Istio-Ingress Gateway (Prerequisite)

The following section of the document outlines the steps to install the OpenShift Service Mesh in an OCP cluster. It also provides an overview of concepts such as routes and the implementation of the Istio Ingress Gateway Proxy in OpenShift.

  1. Login into OCP cluster UI.
  2. Navigate to the Operator section.
  3. As a prerequisite install Jaeger and Kiali operators.
  4. Install OpenShift Service Mesh operator.
  5. Once the Red Hat Openshift Service Mesh operator is up and running, go to Operator Details.
  6. The operator will have custom resource definitions (CRDs).
    • ServiceMeshControlPlane
    • Istio Service Mesh Member
    • Istio Service Mesh Member Roll
  7. Create the instance of ServiceMeshControlPlane using the configuration mentioned in the screenshot below.
  8. This configuration creates an Istio control plane with the name basic, and deploys istiod and istio-ingress-gateway in the istio-system namespace.
    Execute the below command to view the istio pod status:
    kubectl get po -n istio-system
  9. To install the istio-ingressgateway-proxy, go to ServiceMeshControlPlane and edit the existing instance of ServiceMeshControlPlane.
  10. In the spec.gateway section add the istio-ingressgateway-proxy configuration. 
       additionalIngress:
     istio-ingressgateway-proxy:
       enabled: true
       service:
         metadata:
           labels:
             app: istio-ingressgateway-proxy
             istio: istio-ingressgateway-proxy
         type: ClusterIP
    Once the configuration is saved Operator will spin up istio-ingressgateway-proxy of type gateway.
  11. To enable the istio injection in avx namespace, create the Istio Service Mesh Member and configuration mentioned in the screenshot below.
  12. In the servicemesh controller yaml, ensure that autoinject is enabled as configured in below screenshots.

    To expose istio-ingressgateway and istio-ingressgateway-proxy routes have to be created. Route for istio-ingressgateway will be created automatically at the time of instance creation of ServiceMeshControlPlane.

    To create a route of istio-ingressgateway-proxy follow the steps below:

    1. Login to OCP dashboard.
    2. Navigate to the Networking section.
    3. In the Networking section, click Routes.
    4. Change the Project Name to istio-system.
    5. Click the Create Route button.
    6. Fill in the mandatory fields.
      1. The service field lists all the services available in the istio-system field.
      2. Select istio-ingressgateway-proxy service
      3. Select target port 443.
      4. Enable Secure Route and configure TLS termination as pass through.
      5. Once configured, a route will be created for istio-ingressgateway-proxy.
      Reference: OpenShift Documentation: Installing OSSM
      Note:
      • By default Istio-ingressgateway route will be exposed on 8080, Configure it to use port 443 and use the TLS termination option Passthrough.
      • Ensure the above steps are followed before AppViewX installation.

Creating the Ingress Gateway's Certificates

Create the ingress gateway's certificates and place it in the kubernetes secret name tls-credential in istio-system namespace.
Execute the command:
kubectl create -n istio-system secret tls tls-credential --key=<absolute path of .key file> --cert=<absolute path of .crt file>