Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gh 361 single cluster walk through #362

Merged
merged 7 commits into from
Dec 12, 2023
Merged

Gh 361 single cluster walk through #362

merged 7 commits into from
Dec 12, 2023

Conversation

maleck13
Copy link
Collaborator

@maleck13 maleck13 commented Dec 8, 2023
edited
Loading

closes #361
depends on #323
related to Kuadrant/docs.kuadrant.io#44

Verification

Note it is expected that you will need to setup a managed zone and provider secret currently. The quickstart script will do this but to verify this, do that step yourself

We don't have the quick start script yet so to get an environment ready in the same way do the following:

cd ~/kuadrant-operator

make local-cluster-setup ISTIO_INSTALL_SAIL=true
make install-olm
make deploy-catalog CATALOG_IMG=quay.io/kuadrant/kuadrant-operator-catalog:main


kubectl apply -f - <<EOF 
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: glbc-ca
spec:
  selfSigned: {}
EOF

kubectl apply -f - <<EOF
apiVersion: operator.istio.io/v1alpha1
kind: Istio
metadata:
  name: istiocontrolplane
  namespace: istio-system
spec:
  version: v1.20.0
  rawValues:
    pilot:
      resources:
        requests:
          cpu: 100m
          memory: 1024Mi
EOF

setup managed zone (for now)

export AWS_ACCESS_KEY_ID=xxxxxx
export AWS_SECRET_ACCESS_KEY=yyyyy

kubectl create secret generic my-aws-credentials \
  --namespace=kuadrant-system \
  --type=kuadrant.io/aws \
  --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
  --from-literal=AWS_REGION=eu-west-1 \
  --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}


export KUADRANT_ZONE_ROOT_DOMAIN=something.I.own
export KUADRANT_ZONE_ROOT_DOMAIN_ID=someid

kubectl apply -f - <<EOF
apiVersion: kuadrant.io/v1alpha1
kind: ManagedZone
metadata:
  name: my-test-aws-zone
  namespace: kuadrant-system
spec:
  id: ${KUADRANT_ZONE_ROOT_DOMAIN_ID}
  domainName: ${KUADRANT_ZONE_ROOT_DOMAIN}
  description: "My Managed Zone"
  dnsProviderSecretRef:
    name: my-aws-credentials
EOF


## Initialise Kuadrant

kubectl -n kuadrant-system apply -f - <<EOF
apiVersion: kuadrant.io/v1beta1
kind: Kuadrant
metadata:
  name: kuadrant
spec: {}
EOF

@maleck13 maleck13 requested a review from a team as a code owner December 8, 2023 10:58
@codecov Codecov
Copy link

codecov bot commented Dec 8, 2023
edited
Loading

Codecov Report

Merging #362 (685a5ef) into main (13c75de) will decrease coverage by 0.84%.
The diff coverage is n/a.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #362      +/-   ##
==========================================
- Coverage   66.14%   65.31%   -0.84%     
==========================================
  Files          35       35              
  Lines        3843     3843              
==========================================
- Hits         2542     2510      -32     
- Misses       1113     1136      +23     
- Partials      188      197       +9
Flag Coverage Δ
integration 70.48% <ø> (-1.58%) ⬇️
unit 59.54% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
api/v1beta1 (u) ∅ <ø> (∅)
pkg/common (u) 76.92% <ø> (ø)
pkg/istio (u) 37.11% <ø> (ø)
pkg/log (u) 31.81% <ø> (ø)
pkg/reconcilers (u) 33.21% <ø> (ø)
pkg/rlptools (u) 56.46% <ø> (ø)
controllers (i) 70.48% <ø> (-1.58%) ⬇️

see 5 files with indirect coverage changes

@david-martin david-martin self-requested a review December 8, 2023 12:12
@david-martin
Copy link
Member

david-martin commented Dec 8, 2023
edited
Loading

@maleck13 The Istio CRD is missing. I get this error when applying the example resource in the PR instructions:

error: resource mapping not found for name: "istiocontrolplane" namespace: "istio-system" from "STDIN": no matches for kind "Istio" in version "operator.istio.io/v1alpha1"
ensure CRDs are installed first

Other istio CRDs are there

kubectl get crd|grep -i istio
authorizationpolicies.security.istio.io       2023-12-08T12:17:30Z
destinationrules.networking.istio.io          2023-12-08T12:17:30Z
envoyfilters.networking.istio.io              2023-12-08T12:17:30Z
gateways.networking.istio.io                  2023-12-08T12:17:30Z
istiooperators.install.istio.io               2023-12-08T12:17:06Z
peerauthentications.security.istio.io         2023-12-08T12:17:30Z
proxyconfigs.networking.istio.io              2023-12-08T12:17:30Z
requestauthentications.security.istio.io      2023-12-08T12:17:30Z
serviceentries.networking.istio.io            2023-12-08T12:17:30Z
sidecars.networking.istio.io                  2023-12-08T12:17:30Z
telemetries.telemetry.istio.io                2023-12-08T12:17:30Z
virtualservices.networking.istio.io           2023-12-08T12:17:30Z
wasmplugins.extensions.istio.io               2023-12-08T12:17:30Z
workloadentries.networking.istio.io           2023-12-08T12:17:30Z
workloadgroups.networking.istio.io            2023-12-08T12:17:30Z

@maleck13
Copy link
Collaborator Author

maleck13 commented Dec 8, 2023

Yes sorry you need to check out this branch #323

@david-martin
Copy link
Member

Yes sorry you need to check out this branch #323

I'll check out that branch, and follow steps from this PR branch.

@adam-cattermole
Copy link
Member

@david-martin I've just merged the branch to main so you could try from main

@maleck13 maleck13 force-pushed the gh-361-single-cluster-walk-through branch from dcacb19 to 4804b5e Compare December 8, 2023 14:49
@alexsnaps alexsnaps added this to the v0.6.0 milestone Dec 8, 2023
@jasonmadigan
Copy link
Member

curl -k --resolve "api.${KUADRANT_ZONE_ROOT_DOMAIN}:443:172.18.200.2" "https://api.${KUADRANT_ZONE_ROOT_DOMAIN}/cars" -vvv

200 OK

david-martin
david-martin reviewed Dec 11, 2023
View reviewed changes
Copy link
Member

@david-martin david-martin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some issues with curl on macos, but a workaround with --resolve works well.

Output at end of walkthrough:

while :; do curl -k --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMALICE' "https://api.$KUADRANT_ZONE_ROOT_DOMAIN/cars" | grep -E --color "\b(429)\b|$"; sleep 1; done
200
429
429
200
429
429
200
429
429
200
^C

$ while :; do curl -k --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMBOB' "https://api.$KUADRANT_ZONE_ROOT_DOMAIN/cars" | grep -E --color "\b(429)\b|$"; sleep 1; done
200
429
429
200
429
429
200

@jasonmadigan
Copy link
Member

got to the same stage as @david-martin, so I think this looks like it works all-in (probably want to update the cURL commands to use --resolve)

@maleck13 maleck13 force-pushed the gh-361-single-cluster-walk-through branch from cba3d16 to 05d5f0a Compare December 12, 2023 07:53
@maleck13 maleck13 force-pushed the gh-361-single-cluster-walk-through branch from 05d5f0a to 817c3c5 Compare December 12, 2023 07:54
@maleck13
Copy link
Collaborator Author

@jasonmadigan @david-martin I have updated the curl commands now

@maleck13 maleck13 mentioned this pull request Dec 12, 2023
Closed
4 tasks
jasonmadigan
jasonmadigan requested changes Dec 12, 2023
View reviewed changes
doc/user-guides/secure-protect-connect.md Outdated Show resolved Hide resolved
doc/user-guides/secure-protect-connect.md Outdated Show resolved Hide resolved
doc/user-guides/secure-protect-connect.md Outdated Show resolved Hide resolved
doc/user-guides/secure-protect-connect.md Outdated Show resolved Hide resolved
doc/user-guides/secure-protect-connect.md Outdated Show resolved Hide resolved
doc/user-guides/secure-protect-connect.md Outdated Show resolved Hide resolved
@jasonmadigan
Copy link
Member

@maleck13 couple of tweaks w/ suggestions

@maleck13
Copy link
Collaborator Author

thanks @jasonmadigan updated

jasonmadigan
jasonmadigan approved these changes Dec 12, 2023
View reviewed changes
Copy link
Member

@jasonmadigan jasonmadigan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 👍

jasonmadigan

This comment was marked as duplicate.

Sign in to view

@eguzki eguzki merged commit 0e08054 into Kuadrant:main Dec 12, 2023
16 checks passed
guicassolato
guicassolato reviewed Dec 12, 2023
View reviewed changes
Copy link
Contributor

@guicassolato guicassolato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving a few comments despite already merged.

doc/user-guides/secure-protect-connect.md Show resolved Hide resolved
doc/user-guides/secure-protect-connect.md Show resolved Hide resolved
doc/user-guides/secure-protect-connect.md Show resolved Hide resolved
doc/user-guides/secure-protect-connect.md Show resolved Hide resolved
@maleck13
Copy link
Collaborator Author

@guicassolato #374 follow ups

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guicassolato guicassolato guicassolato left review comments

@jasonmadigan jasonmadigan jasonmadigan approved these changes

@eguzki eguzki eguzki approved these changes

@david-martin david-martin david-martin approved these changes

Assignees

@maleck13 maleck13

Labels
None yet
Projects
Kuadrant
Archived in project
Milestone
v0.6.0
Development

Successfully merging this pull request may close these issues.

New document in place to walkthrough getting setup and trying the different policies
7 participants
@maleck13 @david-martin @adam-cattermole @jasonmadigan @eguzki @guicassolato @alexsnaps