#Installing Alauda Service Mesh

Installing Alauda Service Mesh consists four major parts:

• Installing the Alauda Service Mesh v2 Operator
• Deploying the Istio CNI plugin
• Deploying the Istio control plane

#Deploying Istio with the Alauda Service Mesh v2 Operator

To deploy Istio using Alauda Service Mesh v2 Operator, Istio resource is required to be created. The Operator then creates an IstioRevision resources, representing a distinct revision of the Istio control plane. The Istio control plane is subsequently deployed based on these IstioRevision resources.

If the update strategy of the Istio resource is set to RevisionBased, the Operator may create additional IstioRevision resources to manage control plane upgrades.

#Installing the Alauda Service Mesh v2 Operator

#Installing via the web console

Prerequisites

• The Alauda Service Mesh v2 must be uploaded.
• You are logged in to the Alauda Container Platform web console as cluster-admin.
• The Alauda Container Platform Networking for Multus plugin must be installed, and kube-ovn must be v4.1.5 or later.

Procedure

1. In the Alauda Container Platform web console, navigate to Administrator.
2. Select Marketplace > OperatorHub.
3. Search for the Alauda Service Mesh v2.
4. Locate the Alauda Service Mesh v2, and click to select it.
5. Click Install.
6. On the Install Alauda Service Mesh v2 dialogue, perform the following steps:
   1. Select an Channel
      • Choose the stable channel to install the latest stable version of the Alauda Service Mesh v2 Operator. It is the default channel for installing the Operator.
      • To install a specific version of the Alauda Service Mesh v2 Operator, choose the corresponding stable-<version> channel. For example, to install the Alauda Service Mesh v2 Operator version 2.0.x, use the stable-2.0 channel.
7. Click Install and Confirm to install the Operator.

Verification

Verify that the Operator installation status is reported as Succeeded in the Installation Info section.

#Installing via the CLI

Prerequisites

• The Alauda Service Mesh v2 must be uploaded.
• An active ACP CLI (kubectl) session by a cluster administrator with the cluster-admin role.
• The Alauda Container Platform Networking for Multus plugin must be installed, and kube-ovn must be v4.1.5 or later.

Procedure

1. Check available versions

   (
     echo -e "CHANNEL\tNAME\tVERSION"
     kubectl get packagemanifest servicemesh-operator2 -o json | jq -r '
       .status.channels[] |
       .name as $channel |
       .entries[] |
       [$channel, .name, .version] | @tsv
     '
   ) | column -t -s $'\t'

   Example output

   CHANNEL     NAME                          VERSION
   stable      servicemesh-operator2.v2.1.0  2.1.0
   stable-2.1  servicemesh-operator2.v2.1.0  2.1.0

   Fields:

   • CHANNEL: Operator channel name
   • NAME: CSV resource name
   • VERSION: Operator version

2. Confirm catalogSource

   kubectl get packagemanifests servicemesh-operator2 -ojsonpath='{.status.catalogSource}'

   Example output

   platform

   This indicates the servicemesh-operator2 comes from the platform catalogSource.

3. Create a namespace

   kubectl get namespace sail-operator || kubectl create namespace sail-operator

4. Create a Subscription

   kubectl apply -f - <<EOF
   apiVersion: operators.coreos.com/v1alpha1
   kind: Subscription
   metadata:
     annotations:
       cpaas.io/target-namespaces: ""
     labels:
       catalog: platform
     name: servicemesh-operator2
     namespace: sail-operator
   spec:
     channel: stable
     installPlanApproval: Manual
     name: servicemesh-operator2
     source: platform
     sourceNamespace: cpaas-system
     startingCSV: servicemesh-operator2.v2.1.0
   EOF

   Field explanations

   • annotation cpaas.io/target-namespaces: It is recommended to set this to empty; empty indicates cluster-wide installation.
   • .metadata.name: Subscription name (DNS-compliant, max 253 characters).
   • .metadata.namespace: Namespace where the Operator will be installed.
   • .spec.channel: Subscribed Operator channel.
   • .spec.installPlanApproval: Approval strategy (Manual or Automatic). Here, Manual requires manual approval for install/upgrade.
   • .spec.source: Operator catalogSource.
   • .spec.sourceNamespace: Must be set to cpaas-system because all catalogSources provided by the platform are located in this namespace.
   • .spec.startingCSV: Specifies the version to install for Manual approval; defaults to the latest in the channel if empty. Not required for Automatic.

5. Check Subscription status

   kubectl -n sail-operator get subscriptions servicemesh-operator2 -o yaml

   Key output

   • .status.state: UpgradePending indicates the Operator is awaiting installation or upgrade.
   • Condition InstallPlanPending = True: Waiting for manual approval.
   • .status.currentCSV: Latest subscribed CSV.
   • .status.installPlanRef: Associated InstallPlan; must be approved before installation proceeds.

   Wait for the InstallPlanPending condition to be True:

   kubectl -n sail-operator wait --for=condition=InstallPlanPending subscription servicemesh-operator2 --timeout=2m

6. Approve InstallPlan

   kubectl -n sail-operator get installplan \
     "$(kubectl -n sail-operator get subscriptions servicemesh-operator2 -o jsonpath='{.status.installPlanRef.name}')"

   Example output

   NAME            CSV                            APPROVAL   APPROVED
   install-rlgnp   servicemesh-operator2.v2.1.0   Manual     false

   Approve manually

   PLAN="$(kubectl -n sail-operator get subscription servicemesh-operator2 -o jsonpath='{.status.installPlanRef.name}')"
   kubectl -n sail-operator patch installplan "$PLAN" --type=json -p='[{"op": "replace", "path": "/spec/approved", "value": true}]'

Verification

Wait for CSV creation; Phase changes to Succeeded:

kubectl wait --for=jsonpath='{.status.phase}'=Succeeded csv --all -n sail-operator --timeout=3m

Check CSV status:

kubectl -n sail-operator get csv

Example output

NAME                           DISPLAY                  VERSION   REPLACES   PHASE
servicemesh-operator2.v2.1.0   Alauda Service Mesh v2   2.1.0                Succeeded

Fields

• NAME: Installed CSV name
• DISPLAY: Operator display name
• VERSION: Operator version
• REPLACES: CSV replaced during upgrade
• PHASE: Installation status (Succeeded indicates success)

#Custom Resource Definitions Installed by the Operator

The Operator installs the following categories of Custom Resource Definitions (CRDs):

• Sail Operator CRDs: These CRDs belong to the sailoperator.io API group and define custom resources for managing Istio components, including Istio, IstioRevision, IstioCNI, and ZTunnel. Refer to the Sail Operator API reference for details.

• Istio CRDs: These CRDs manage mesh configuration, service discovery, traffic routing, and observability. They belong to the istio.io API groups such as networking.istio.io, security.istio.io, and telemetry.istio.io. See the Istio documentation for configuration guidance.

#Deploying Istio Components

Both Istio and IstioCNI custom resources must be created to deploy the control plane and the Istio CNI plugin.

It's required to create these Istio and IstioCNI resources in separate namespaces.

#Creating the namespace for IstioCNI

kubectl create namespace istio-cni

#Creating the IstioCNI resource

#Creating via the web console

Create an Istio Container Network Interface (CNI) resource, which contains the configuration file for the Istio CNI plugin. The Alauda Service Mesh v2 Operator uses this resource's configuration to deploy the CNI pod.

Prerequisites

• You are logged in to the Alauda Container Platform web console as cluster-admin.
• The Alauda Service Mesh v2 Operator must be installed.
• The Alauda Container Platform Networking for Multus plugin must be installed, and kube-ovn must be v4.1.5 or later.

Procedure

1. In the Alauda Container Platform web console, navigate to Administrator.
2. Select Marketplace > OperatorHub.
3. Search for the Alauda Service Mesh v2.
4. Locate the Alauda Service Mesh v2, and click to select it.
5. Click All Instances tab.
6. Click Create.
7. Locate and Select IstioCNI and then click Create.
8. Select the istio-cni from the Namespace drop down.
9. Click YAML tab.
10. Add the following YAML snippet to the YAML code editor:

    apiVersion: sailoperator.io/v1
    kind: IstioCNI
    spec:
      # Applying the following contents to the yaml code editor:
      values:
        cni:
          cniConfDir: /etc/cni/multus/net.d # /etc/cni/net.d in ACP 4.0
          excludeNamespaces:
            - istio-cni
            - kube-system
11. Click Create.

Verification

Wait until the .status.state field of the IstioCNI resource to be Healthy.

#Creating via the CLI

Prerequisites

• An active ACP CLI (kubectl) session by a cluster administrator with the cluster-admin role.
• The Alauda Service Mesh v2 Operator must be installed.
• The Alauda Container Platform Networking for Multus plugin must be installed, and kube-ovn must be v4.1.5 or later.

Procedure

1. Create the IstioCNI resource by running the following command:

   cat <<EOF | kubectl apply -f -
   apiVersion: sailoperator.io/v1
   kind: IstioCNI
   metadata:
     name: default
   spec:
     namespace: istio-cni
     values:
       cni:
         cniConfDir: /etc/cni/multus/net.d # /etc/cni/net.d in ACP 4.0
         excludeNamespaces:
           - istio-cni
           - kube-system
   EOF

2. Wait for the IstioCNI resource to return the Ready status condition by running the following command:

   kubectl wait --for condition=Ready istiocni/default --timeout=3m

#Creating the namespace for Istio

kubectl create namespace istio-system
kubectl label namespace istio-system cpaas.io/project=cpaas-system

#Creating the Istio Resource

#Creating via the web console

Create the Istio resource that will contain the YAML configuration for your Istio deployment. The Alauda Service Mesh v2 Operator leverages this resource's configuration to deploy the Istio Control Plane.

Prerequisites

• The Alauda Service Mesh v2 Operator must be installed.
• You are logged in to the Alauda Container Platform web console as cluster-admin.
• The Alauda Container Platform Networking for Multus plugin must be installed, and kube-ovn must be v4.1.5 or later.

Procedure

1. In the Alauda Container Platform web console, navigate to Administrator.
2. Select Marketplace > OperatorHub.
3. Search for the Alauda Service Mesh v2.
4. Locate the Alauda Service Mesh v2, and click to select it.
5. Click All Instances tab.
6. Click Create.
7. Locate and Select Istio and then click Create.
8. Select the istio-system from the Namespace drop down.
9. Click Create.

Verification

Wait until the .status.state field of the Istio resource to be Healthy.

#Creating via the CLI

Prerequisites

• An active ACP CLI (kubectl) session by a cluster administrator with the cluster-admin role.
• The Alauda Service Mesh v2 Operator must be installed.
• The Alauda Container Platform Networking for Multus plugin must be installed, and kube-ovn must be v4.1.5 or later.

Procedure

1. Create the Istio resource by running the following command:

   cat <<EOF | kubectl apply -f -
   apiVersion: sailoperator.io/v1
   kind: Istio
   metadata:
     name: default
   spec:
     namespace: istio-system
     version: v1.28.3
   EOF

2. Wait for the Istio control plane to return the Ready status condition by running the following command:

   kubectl wait --for condition=Ready istio/default --timeout=3m

#Additional resources

• Deploying the Bookinfo Demo Application