OSSM-8296: Add a mTLS configuration doc

[yxun]

What type of PR is this?

• Enhancement / New Feature
• Bug Fix
• Refactor
• Optimization
• Test
• Documentation Update

What this PR does / why we need it:

This PR is part of OSSM-8296 Istio Security User Doc topics. It adds a new common doc file about configuring mTLS and concepts using OpenShift Service Mesh.
It also improves User doc explanations according to the existing OpenShift Service Mesh 2.x Security mTLS topic:
ref: https://docs.openshift.com/container-platform/4.17/service_mesh/v2x/ossm-security.html

[istio-testing]

Hi @yxun. Thanks for your PR.

I'm waiting for a istio-ecosystem or istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[fjglira]

Hey @yxun I added some comments, also I think we should reference this documentation in the main doc to be able to get views there

[fjglira]

I just saw this PR in midstream repo: openshift-service-mesh#159. Make sense to have the doc here also?

[yxun]

I just saw this PR in midstream repo: openshift-service-mesh#159. Make sense to have the doc here also?

Hello @fjglira , Which target repo should I create this PR to ? the [openshift-service-mesh:main](https://github.com/openshift-service-mesh/sail-operator/tree/main) or the [istio-ecosystem:main](https://github.com/istio-ecosystem/sail-operator/tree/main)

I am not familiar with the automation between those two. I assume I only need to target one and then some automation will apply the doc change to the other one , right ?
Is this the upstream of the doc change or is this the downstream ?

[fjglira]

I just saw this PR in midstream repo: openshift-service-mesh#159. Make sense to have the doc here also?

Hello @fjglira , Which target repo should I create this PR to ? the [openshift-service-mesh:main](https://github.com/openshift-service-mesh/sail-operator/tree/main) or the [istio-ecosystem:main](https://github.com/istio-ecosystem/sail-operator/tree/main)

I am not familiar with the automation between those two. I assume I only need to target one and then some automation will apply the doc change to the other one , right ? Is this the upstream of the doc change or is this the downstream ?

Hey, we have a sync job that takes all the changes from the istio-ecosystem org to the openshift-service-mesh.. So, if this documentation is useful for the community (I think it is), it is ok only to create the PR here because it will also be merged in the midstream repo. We will need to mention to our docs folks the changes needed to take this docs to the openshift docs later (For example: replace kubectl for oc)

[fjglira]

LGTM, only one small change. Also I think you should reference this document in the main document, take this example from gateway

[fjglira]

Only small change here: you can remove the two time that is mentioned this and replace it at the end with: Note: replace <namespace> with the name of the namespace where the service is located

[fjglira]

/ok-to-test

[dgn]

Hey @yxun, as this isn't really related to sail-operator, maybe this should go into the openshift-service-mesh org instead?

[yxun]

Hey @yxun, as this isn't really related to sail-operator, maybe this should go into the openshift-service-mesh org instead?

right, it's more about istio configuration not about operator configuration. i will close this PR and open an OSM org repo PR today.