Troubleshooting OpenShift Container Platform 4.x: Service Mesh

Solution Verified - Updated 6 Sept 2019

Environment

Red Hat OpenShift Container Platform
- 4.1

Issue

How to troubleshoot Service Mesh related issues in RHOCP 4.x?

Diagnostic Steps

1. What namespace does the Service Mesh control plane reside in?
You can find the Service Mesh control plane in the istio-system namespace.

2. What is a ServiceMeshControlPlane and how do I view it?
The ServiceMeshControlPlane (smcp) defines the components available in the service mesh and related configuration for those components. The smcp lives in the istio-system namespace and can be viewed a few different ways. The general method is:

$ oc get smcp $(oc get smcp --no-headers=true -n istio-system | cut -f1 -d' ') -n istio-system -o yaml

3. What is a ServiceMeshMemberRole and how do I view it?
The ServiceMeshMemberRole (smmr) defines the namespaces that a service mesh control plane monitors. The smmr lives in the istio-system namespace and should be named default This content is not included.as a requirement. The smmr can be viewed a few different ways. The general method is:

$ oc get smmr default -n istio-system -o yaml

4. What namespace do the Service Mesh related operators reside in?
You can find the Elasticsearch, Istio, Kiali and Jaeger operators in the openshift-operators namespace.

5. How to identify the Istio operator version?
One way is to use the following command:

$ oc get deploy istio-operator -n openshift-operators -o yaml | grep 'olm.owner:'

6. How to identify the version of Service Mesh a customer is using?
Inspect the labels of the deployments in the istio-system namespace. Look for the maistra-version label. The following shell code will return the deployment name and maistra-version for each Istio deployment in the istio-system namespace.

for dp in $(oc get deployments -n istio-system -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}'); do
 if [[ $dp == istio-* ]]; then
 ver=$(oc -n istio-system get deploy ${dp} -o jsonpath='{ .metadata.labels.maistra-version }')
 echo "${dp} - ${ver}"
 fi
done

7. When an application pod is part of a service mesh, what containers should I expect to see in my application pods?
The application container as well as the Envoy proxy sidecar container (istio-proxy).

8. How do I know if a pod is part of a mesh?
The quickest way is to view the annotations on the pod using the oc utility. Look for the following annotations.

$ oc describe pod ...
...
sidecar.istio.io/inject: true
sidecar.istio.io/status: ...

SBR

Shift

Product(s)

Red Hat OpenShift Container Platform

Category

Troubleshoot

Tags

openshift

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.