OWLS-92894: Implement Istio support based on Istio version

[lennyphan]

Due to networking changes starting in Istio v1.10, as described in https://istio.io/latest/blog/2021/upcoming-networking-changes/, the operator needs to generate the appropriate WebLogic NAP's based on a version attribute in the Istio configuration of the domain custom resource:

e.g.

Istio

configuration:
istio:
enabled: true
readinessPort: 8888
replicationChannelPort: 4564
localhostBindingsEnabled: false

This PR implements the following for all domain types:

1. Adds Istio configuration attributes 'replicationChannelPort' and 'version' to the domain custom resource.
2. For Istio versions earlier than 1.10, the introspector continues to generate NAP's with a listening address of localhost (127.0.0.1) for all protocols.
3. For Istio version 1.10 and later, the introspector only generates an additional readiness probe bound to the server pod's IP.
4. To enable WebLogic replication traffic with Istio, the introspector will create a NAP specifically for replication and configure the 'replication-channel' attribute of the all the clusters in the domain.
5. Update the Istio page of the User Guide.
6. Switched from using version attribute to localhostBindingsEnabled boolean attribute.
7. Added operator helm chart value istioLocalhostBindingsEnabled.

[jshum2479]

The code use 4358 as default

[lennyphan]

Changed to default to port 4564 and searched to verify it's consistent everywhere in the implementation change.

[jshum2479]

This will cause unexpected introspection job runs when upgrading the operator. The introspect job checks for environment variable hashed value, if they are different then it will run the introspect job, which eventually will triggers a domain roll because we added a replication channel now.

[lennyphan]

Fixed as not to cause unnecessary introspection runs unless explicitly changed from the default in the Istio configuration of the custom domain resource.

[jshum2479]

Please check for the consistency of the default replication channel port value

[lennyphan]

Changed so that we consistently use port 4564 as the default.

[tbarnes-us]

I have multiple questions:

What is the WebLogic Replication Service? Why is it the only kind of traffic that needs special treatment?
Can you add a reference to the replication discussion below?
Why "If [replicationChannelPort] not provided, the operator will assume it's supporting Istio version 1.9 or earlier."? So what if it's "not provided" AND version 1.10 is supplied?
Why is the version important? How do you get the Istio version from Istio? What happens if 'version:' doesn't match the actual version?
What happens if using 1.10 and version is configured to 1.9?
What happens if using 1.9 and version is configured to 1.10?

(Maybe we don't need a version, just a boolean?)

[tbarnes-us]

The limitations section at beginning mentions testing up to 1.7 only.

[tbarnes-us]

Should "prerequisites.md" mention Istio?

[tbarnes-us]

The 'port forwarding' documentation mentions that the Istio option enables localhost. If that no longer occurs, then the port forwarding doc should be amended...

[tbarnes-us]

To be clear, I think we know the answers to most of these questions - I'm asking them as prompts for updating the documentation in case a customer has the same questions...

[lennyphan]

Switched to localhostBindingsEnabled attribute (instead of specifying version) to simplify configuration and updated documentation. 'port-forwarding' documentation has been updated with information about using domain.spec.adminServer.adminChannelPortForwardingEnableddomain resource attribute for both Istio v1.10 and later and if not istio enabled, the use cases are the same (we need to generate localhost bindings for port-forwarding)

[tbarnes-us]

What if the replication port has already been defined by the user in the WL configuration itself?

[lennyphan]

Tom and Lenny had updated the documentation about ignoring the replication channel configuration if already defined by the user.

[tbarnes-us]

The istio.md states this expects a numeric version. Here it says 'true' 'false'.

[lennyphan]

Switched to 'localhostBindingsEnabled' true/false attribute and updated the documentation

[tbarnes-us]

channe --> channel

[lennyphan]

Fixed.

[jshum2479]

Does this depends on the ReplicatonChannel already injected in the cluster before, assuming user didn't define any ReplicationChannel in cluster of their model?

[lennyphan]

Yes, we should have already configured the cluster with a replication channel named 'istiorepl'. If a replication channel is already defined that is not named 'istiorepl' or there is no replication channel configured at all then we shouldn't generate the NAP named 'istiorepl'. The only time we should generated the 'istiorepl' NAP is if the cluster has been configured with replication channel named 'istiorepl'.

[lennyphan]

I've found some issues with the logic in introspectionDomain.py for injecting replication channel that isn't the same as in MII so I have to fix it.

[tbarnes-us]

running Istio versions prior to 1.10

[tbarnes-us]

I have doc feedback -- let's meet to discuss.

[rosemarymarano]

I think that the best way for me to review this doc would be to take it over after you've added all your input (and it is technically reviewed and approved). Does that work for you?

[rosemarymarano]

from 1.7.3 up to 1.11.x. (period at the end of the sentence)

[rosemarymarano]

setup -> set up

[rosemarymarano]

In this section -> In this section, (comma)
we discuss -> we describe

[rosemarymarano]

we will discuss -> we will describe
the steps for domain -> the steps for the domain

[rosemarymarano]

Let's discuss each -> See the following description of each

[rosemarymarano]

provided; -> provided. (period) If you want to use a semi-colon, then "The operator" -> "the operator"

[rosemarymarano]

server -> Server

[rosemarymarano]

I suggest using sub-bullets to separate each of these version-related sub-items.

[rosemarymarano]

only supports -> supports only

[lennyphan]

@rosemarymarano Yes, let me make the current set of changes you've suggested and then you can review after it's technically reviewed.

[anpanigr]

Can we move this method to common IstioUtils class so that it can be manged in one calss instead of repeating in each Istio It class.

[anpanigr]

Modify the copyright statement to -> Copyright (c) 2021, Oracle and/or its affiliates.

[rjeberhard]

You can only use relref in the main documentation markdown. Here we have to use a fully-qualified URL.

[rjeberhard]

@rosemarymarano, we will need your help wording this. :)

We are adding a field that lets the customer configure whether the operator should behave in a certain way with the implication that one choice is appropriate for Istio versions 1.10 and greater and the other choice for Istio versions prior to 1.10. For the 3.x versions of the operator we will support Istio 1.7.3 through 1.10. For the (future) 4.0 release of the operator we will only support Istio 1.10 and greater. We need to release an operator 3.3.3 with these changes as soon as possible, but the operator 4.0 release is still a future release. Therefore, this wording is a little off since it fails to capture that 4.0 isn't available yet.

[rosemarymarano]

The way I see it, you have two choices: one is remove the references to 4.0 and just describe the current situation with operator 3.x and the second is to keep it as written but add the caveat that version 4.0 is not yet available. With either choice, you will have to go back and edit the information when 4.0 becomes available. From a technical writing "best practices " POV, you should remove references to 4.0. We are instructed to almost never refer to releases/versions that exist only in the future.

[tbarnes-us]

Instead of removing references to 4.0 or adding a qualifier sentence, maybe we tag all mentions of 4.0 with the word unreleased - e.g. something change "4.0" to something like "4.0 (unreleased)" or "4.beta"?

4.0 is technically available in that the full source is public in "main".

This is going to keep happening, and it's hard to juggle fine distinctions between source and documentation, and even harder to maintain multiple versions of the same doc.

[rjeberhard]

Similarly, we need to work with @rosemarymarano to figure out how to properly reference 4.0 as a future release.

[rosemarymarano]

I'll wait until you have a final version for me to review.

[rjeberhard]

Must use fully-qualifed URL here.

[tbarnes-us]

Or simply change [Operator Helm value]({{< relref \"/userguide/managing-operators/using-helm.md\" >}}) to Operator Helm value?

[rjeberhard]

Same... Fix here as well when we work with Rosemary to wordsmith.

[rjeberhard]

Per our team conversation, I'm going to merge this PR as is. We will then update the documentation first as part of a backport to release/3.3 as part of one PR and make follow-on documentation changes to main as part of a second new PR.