Skip to content

feat(snc): add servicemesh profile with OpenShift Service Mesh 3 support#741

Open
jangel97 wants to merge 1 commit intoredhat-developer:mainfrom
jangel97:feat/ocp-snc-istio-servicemesh
Open

feat(snc): add servicemesh profile with OpenShift Service Mesh 3 support#741
jangel97 wants to merge 1 commit intoredhat-developer:mainfrom
jangel97:feat/ocp-snc-istio-servicemesh

Conversation

@jangel97
Copy link
Contributor

@jangel97 jangel97 commented Mar 6, 2026

Installs the Red Hat OpenShift Service Mesh 3 operator (servicemeshoperator3) via OLM and deploys cluster-scoped IstioCNI and Istio CRs using the sailoperator.io/v1 API. Also updates findResource to support cluster-scoped resource lookups when namespace is empty.

@jangel97
Copy link
Contributor Author

jangel97 commented Mar 6, 2026

Testing servicemesh profile

1. Create the SNC cluster with servicemesh profile

export AWS_SECRET_ACCESS_KEY=""
export AWS_ACCESS_KEY_ID=""
export PULUMI_CONFIG_PASSPHRASE=""

./out/mapt aws openshift-snc create \
  --project-name jmorenas-snc-test-istio \
  --backed-url file:///tmp/mapt-workspace-istio \
  --version 4.21.0 \
  --pull-secret-file /path/to/pull-secret \
  --conn-details-output /tmp/snc-istio \
  --spot \
  --tags owner=jmorenas \
  --profile servicemesh

2. Verify the service mesh control plane

export KUBECONFIG=/tmp/snc-istio/kubeconfig

oc get istiocni default -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
# True

oc get istio default -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
# True

oc get pods -n istio-system
# NAME                      READY   STATUS    RESTARTS   AGE
# istiod-8454464677-6djg8   1/1     Running   0          2m37s

oc get pods -n istio-cni
# NAME                   READY   STATUS    RESTARTS   AGE
# istio-cni-node-7p92t   1/1     Running   0          3m6s

3. Deploy a test app with sidecar injection

oc new-project bookinfo
oc label namespace bookinfo istio-injection=enabled
oc apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/release-1.24/samples/bookinfo/platform/kube/bookinfo.yaml
oc wait -n bookinfo --for=condition=Ready pods --all --timeout=120s
oc get pods -n bookinfo

4. Verify sidecars are injected

oc get pods -n bookinfo -o jsonpath='{range .items[*]}{.metadata.name}{" init: "}{range .spec.initContainers[*]}{.name}{" "}{end}{" containers: "}{range .spec.containers[*]}{.name}{" "}{end}{"\n"}{end}'

All 6 pods have istio-validation and istio-proxy init containers injected, demonstrating that the service mesh is working end-to-end.

5. Quick connectivity test

oc exec -n bookinfo deploy/ratings-v1 -c ratings -- curl -sI productpage:9080/productpage

HTTP/1.1 200 OK
server: envoy
date: Fri, 06 Mar 2026 17:13:38 GMT
content-type: text/html; charset=utf-8
content-length: 15072
vary: Cookie
x-envoy-upstream-service-time: 403

Traffic is flowing through the Envoy proxy (server: envoy).

6. Cleanup

./out/mapt aws openshift-snc destroy \
  --project-name jmorenas-snc-test-istio \
  --backed-url file:///tmp/mapt-workspace-istio

@jangel97
feat(snc): add servicemesh profile with OpenShift Service Mesh 3 support
f7504a9 
Installs the Red Hat OpenShift Service Mesh 3 operator (servicemeshoperator3)
via OLM and deploys cluster-scoped IstioCNI and Istio CRs using the
sailoperator.io/v1 API. Also updates findResource to support cluster-scoped
resource lookups when namespace is empty.
@jangel97 jangel97 force-pushed the feat/ocp-snc-istio-servicemesh branch from fa5e17b to f7504a9 Compare March 8, 2026 21:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jangel97