From 5001476ef256a26d1fcc3e5c5f222272ee614302 Mon Sep 17 00:00:00 2001
From: loganhz <logan@rancher.com>
Date: Tue, 4 Jun 2019 21:15:50 +0800
Subject: [PATCH] Istio

---
 .../tools/service-mesh/_index.md              | 46 ++++++++++
 .../tools/service-mesh/istio/_index.md        | 89 +++++++++++++++++++
 .../en/project-admin/service-mesh/_index.md   | 48 ++++++++++
 3 files changed, 183 insertions(+)
 create mode 100644 content/rancher/v2.x/en/cluster-admin/tools/service-mesh/_index.md
 create mode 100644 content/rancher/v2.x/en/cluster-admin/tools/service-mesh/istio/_index.md
 create mode 100644 content/rancher/v2.x/en/project-admin/service-mesh/_index.md

diff --git a/content/rancher/v2.x/en/cluster-admin/tools/service-mesh/_index.md b/content/rancher/v2.x/en/cluster-admin/tools/service-mesh/_index.md
new file mode 100644
index 00000000000..6f747286cef
--- /dev/null
+++ b/content/rancher/v2.x/en/cluster-admin/tools/service-mesh/_index.md
@@ -0,0 +1,46 @@
+---
+title: Service Mesh
+weight: 5
+---
+
+_Available as of v2.3.0-alpha_
+
+Using Rancher, you can connect, secure, control, and observe services through integration with [Istio](https://istio.io/), a leading open-source service mesh solution. Istio provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.
+
+## Enabling Service Mesh
+
+As an [administrator]({{< baseurl >}}/rancher/v2.x/en/admin-settings/rbac/global-permissions/) or [cluster owner]({{< baseurl >}}/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/#cluster-roles), you can configure Rancher to deploy Istio to your Kubernetes cluster.
+
+1. From the **Global** view, navigate to the cluster that you want to configure service mesh.
+
+1. Select **Tools > Service Mesh** in the navigation bar.
+
+1. Select **Enable** to show the [Service mesh configuration options]({{< baseurl >}}/rancher/v2.x/en/cluster-admin/tools/service-mesh/istio/). Ensure you have enough resources for service mesh and on your worker nodes to enable service mesh. Enter in your desired configuration options.
+
+1. Click **Save**.
+
+**Result:** The istio will be deployed as well as an application. The istio application, `cluster-istio`, is added as an [application]({{< baseurl >}}/rancher/v2.x/en/catalog/apps/) to the cluster's `system` project.  After the application is `active`, you can start using Istio.
+
+> **Note:** When enabling service mesh, you need to ensure your worker nodes and Istio pod have enough resources. In larger deployments, it is strongly advised that the service mesh infrastructure be placed on dedicated nodes in the cluster.
+
+## Using Service Mesh
+
+Once the service mesh is `active`, you can:
+
+1. Access [Kiali UI](https://www.kiali.io/) by clicking Kiali UI icon in service mesh page.
+1. Access [Jaeger UI](https://www.jaegertracing.io/) by clicking Jaeger UI icon in service mesh page.
+1. Access [Grafana UI](https://grafana.com/) by clicking Grafana UI icon in service mesh page.
+1. Access [Prometheus UI](https://prometheus.io/) by clicking Prometheus UI icon in service mesh page.
+1. Go to project to [view traffic graph, traffic metrics and manage traffic]({{< baseurl >}}/rancher/v2.x/en/project-admin/service-mesh/).
+
+## Disabling Service Mesh
+
+To disable the service mesh:
+
+1. From the **Global** view, navigate to the cluster that you want to disable service mesh.
+
+1. Select **Tools > Service Mesh** in the navigation bar.
+
+1. Click **Disable Istio**, then click the red button again to confirm the disable action.
+
+**Result:** The `cluster-istio` application in the cluster's `system` project gets removed.
diff --git a/content/rancher/v2.x/en/cluster-admin/tools/service-mesh/istio/_index.md b/content/rancher/v2.x/en/cluster-admin/tools/service-mesh/istio/_index.md
new file mode 100644
index 00000000000..d91485dcc96
--- /dev/null
+++ b/content/rancher/v2.x/en/cluster-admin/tools/service-mesh/istio/_index.md
@@ -0,0 +1,89 @@
+---
+title: Service Mesh Configuration
+weight: 1
+---
+
+_Available as of v2.3.0-alpha_
+
+While configuring service mesh, there are multiple options that can be configured.
+
+## PILOT
+
+Option | Description
+-------|-------------
+Pilot CPU Limit | CPU resource limit for the istio-pilot pod.
+Pilot CPU Reservation | CPU reservation for the istio-pilot pod.
+Pilot Memory Limit | Memory resource limit for the istio-pilot pod.
+Pilot Memory Reservation | Memory resource requests for the istio-pilot pod.
+Trace sampling Percentage | [Trace sampling percentage](https://istio.io/docs/tasks/telemetry/distributed-tracing/overview/#trace-sampling)
+Pilot Selector | Ability to select the nodes in which istio-pilot pod is deployed to. To use this option, the nodes must have labels.
+
+## TELEMETRY
+
+Option | Description
+-------|-------------
+Telemetry CPU Limit | CPU resource limit for the istio-telemetry pod.
+Telemetry CPU Reservation | CPU reservation for the istio-telemetry pod.
+Telemetry Memory Limit | Memory resource limit for the istio-telemetry pod.
+Telemetry Memory Reservation | Memory resource requests for the istio-telemetry pod.
+Telemetry Selector | Ability to select the nodes in which istio-telemetry pod is deployed to. To use this option, the nodes must have labels.
+
+## POLICY
+
+Option | Description
+-------|-------------
+Enable Policy | Whether or not to deploy the istio-policy.
+Policy CPU Limit | CPU resource limit for the istio-policy pod.
+Policy CPU Reservation | CPU reservation for the istio-policy pod.
+Policy Memory Limit | Memory resource limit for the istio-policy pod.
+Policy Memory Reservation | Memory resource requests for the istio-policy pod.
+Policy Selector | Ability to select the nodes in which istio-policy pod is deployed to. To use this option, the nodes must have labels.
+
+## PROMETHEUS
+
+Option | Description
+-------|-------------
+Prometheus CPU Limit | CPU resource limit for the Prometheus pod.
+Prometheus CPU Reservation | CPU reservation for the Prometheus pod.
+Prometheus Memory Limit | Memory resource limit for the Prometheus pod.
+Prometheus Memory Reservation | Memory resource requests for the Prometheus pod.
+Retention for Prometheus | How long your Prometheus instance retains data
+Prometheus Selector | Ability to select the nodes in which Prometheus pod is deployed to. To use this option, the nodes must have labels.
+
+## GRAFANA
+
+Option | Description
+-------|-------------
+Enable Grafana | Whether or not to deploy the Grafana.
+Grafana CPU Limit | CPU resource limit for the Grafana pod.
+Grafana CPU Reservation | CPU reservation for the Grafana pod.
+Grafana Memory Limit | Memory resource limit for the Grafana pod.
+Grafana Memory Reservation | Memory resource requests for the Grafana pod.
+Grafana Selector | Ability to select the nodes in which Grafana pod is deployed to. To use this option, the nodes must have labels.
+
+## TRACING
+
+Option | Description
+-------|-------------
+Enable Tracing | Whether or not to deploy the istio-tracing.
+Tracing CPU Limit | CPU resource limit for the istio-tracing pod.
+Tracing CPU Reservation | CPU reservation for the istio-tracing pod.
+Tracing Memory Limit | Memory resource limit for the istio-tracing pod.
+Tracing Memory Reservation | Memory resource requests for the istio-tracing pod.
+Tracing Selector | Ability to select the nodes in which tracing pod is deployed to. To use this option, the nodes must have labels.
+
+## GATEWAY
+
+Option | Description
+-------|-------------
+Enable Gateway | Whether or not to deploy the istio-ingressgateway.
+Service Type of Istio Ingress Gateway | How to expose the gateway. You can choose NodePort or Loadbalancer
+Http2 Port | The NodePort for http2 requests
+Https Port | The NodePort for https requests
+Load Balancer IP | Ingress Gateway Load Balancer IP
+Load Balancer Source Ranges | Ingress Gateway Load Balancer Source Ranges
+Gateway CPU Limit | CPU resource limit for the istio-ingressgateway pod.
+Gateway CPU Reservation | CPU reservation for the istio-ingressgateway pod.
+Gateway Memory Limit | Memory resource limit for the istio-ingressgateway pod.
+Gateway Memory Reservation | Memory resource requests for the istio-ingressgateway pod.
+Gateway Selector | Ability to select the nodes in which istio-ingressgateway pod is deployed to. To use this option, the nodes must have labels.
diff --git a/content/rancher/v2.x/en/project-admin/service-mesh/_index.md b/content/rancher/v2.x/en/project-admin/service-mesh/_index.md
new file mode 100644
index 00000000000..50f79ba842f
--- /dev/null
+++ b/content/rancher/v2.x/en/project-admin/service-mesh/_index.md
@@ -0,0 +1,48 @@
+---
+title: Service Mesh
+weight: 3528
+---
+
+_Available as of v2.3.0-alpha_
+
+Using Rancher, you can connect, secure, control, and observe services through integration with [Istio](https://istio.io/), a leading open-source service mesh solution. Istio provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.
+
+>**Prerequisites:**
+>
+>- [Service Mesh]({{< baseurl >}}/rancher/v2.x/en/cluster-admin/tools/service-mesh/) must be enabled in cluster level.
+>- To be a part of an Istio service mesh, pods and services in a Kubernetes cluster must satisfy the [Istio Pods and Services Requirements](https://istio.io/docs/setup/kubernetes/prepare/requirements/)  
+
+## Istio sidecar auto injection
+
+In create and edit namespace page, you can enable or disable [Istio sidecar auto injection](https://istio.io/blog/2019/data-plane-setup/#automatic-injection). When you enable it, Rancher will add `istio-injection=enabled` label to the namespace automatically.
+
+## View Traffic Graph
+
+Rancher integrates Kiali Graph into Rancher UI. The Kiali graph provides a powerful way to visualize the topology of your service mesh. It shows you which services communicate with each other.
+
+To see the traffic graph for a particular namespace:
+
+1. From the **Global** view, navigate to the project that you want to view traffic graph.
+
+1. Select **Service Mesh** in the navigation bar.
+
+1. Select **Traffic Graph** in the navigation bar.
+
+1. Select the namespace. Note: It only shows the namespaces which has `istio-injection=enabled` label
+
+## View Traffic Metrics
+
+With Istio’s monitoring features, it provides visibility into the performance of all your services.
+
+To see the Success Rate, Request Volume, 4xx Request Count, Project 5xx Request Count and Request Duration metrics:
+
+1. From the **Global** view, navigate to the project that you want to view traffic metrics.
+
+1. Select **Service Mesh** in the navigation bar.
+
+1. Select **Traffic Metrics** in the navigation bar.
+
+
+## Other Istio Features
+
+As Istio has been deployed in your cluster, you can use all [Istio Features](https://istio.io/docs/concepts/what-is-istio/#core-features) in the cluster.