refactor: layout and setup

Signed-off-by: KevFan <[email protected]>

doc/user-guides/anonymous-access.md → doc/user-guides/auth/anonymous-access.md

@@ -2,43 +2,24 @@
 
 Learn how to allow anonymous access to certain endpoints using Kuadrant's `AuthPolicy`
 
-## Requisites
+## Prerequisites
 
-- [Docker](https://docker.io)
+You have installed Kuadrant in a [kubernetes](https://docs.kuadrant.io/latest/kuadrant-operator/doc/install/install-kubernetes/) or [OpenShift](https://docs.kuadrant.io/latest/kuadrant-operator/doc/install/install-openshift/) cluster.
 
-## Run the guide ① → ④
+## Run the guide ① → ⑦
+### ① Deploy Toy Store application
 
-### ①  Setup 
-
-Clone the repo:
+Deploy a simple HTTP application service that echoes back the request data:
 
 ```sh
-git clone git@github.com:Kuadrant/kuadrant-operator.git && cd kuadrant-operator
+kubectl apply -f https://raw.githubusercontent.com/Kuadrant/kuadrant-operator/refs/heads/main/examples/toystore/toystore.yaml
 ```
 
-Run the following command to create a local Kubernetes cluster with [Kind](https://kind.sigs.k8s.io/), install & deploy Kuadrant:
-
-```sh
-make local-setup
-```
+### ② Expose the Application
 
-Request an instance of Kuadrant in the `kuadrant-system` namespace:
+Create an `HTTPRoute` to expose an `/cars` and `/public` path to the application:
 
 ```sh
-kubectl -n kuadrant-system apply -f - <<EOF
-apiVersion: kuadrant.io/v1beta1
-kind: Kuadrant
-metadata:
-  name: kuadrant
-spec: {}
-EOF
-```
-
-### ② Deploy the Talker API
-
-```sh
-kubectl apply -f examples/toystore/toystore.yaml
-
 kubectl apply -f - <<EOF
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
@@ -70,14 +51,15 @@ spec:
 EOF
 ```
 
-Export the gateway hostname and port:
+Export the gateway hostname and port for testing:
 
 ```sh
 export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')
 export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}')
 export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
 ```
 
+### ③ Test the Unprotected Application
 Test requests to the unprotected application:
 
 ```sh
@@ -90,9 +72,9 @@ curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/public -i
 # HTTP/1.1 200 OK
 ```
 
-### ③ Protect the Toy Store application
+### ④ Deny All Traffic with AuthPolicy
 
-Create an `AuthPolicy` to protect the `HTTPRoute`:
+Apply an `AuthPolicy` to deny all traffic to the `HTTPRoute`:
 
 ```sh
 kubectl apply -f - <<EOF
@@ -115,7 +97,7 @@ spec:
 EOF
 ```
 
-Test requests to the protected application:
+### ⑤ Test the Protected Application
 
 ```sh
 curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/cars -i
@@ -127,8 +109,8 @@ curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/public -i
 # HTTP/1.1 403 Forbidden
 ```
 
-### ④ Allow Anonymous Access to the Public Route
-Create an `AuthPolicy` to enable anonymous access for the `/public` rule:
+### ⑥ Allow Anonymous Access to /public
+Create an `AuthPolicy` to allow anonymous access to the `/public` endpoint:
 
 ```sh
 kubectl apply -f - <<EOF
@@ -152,7 +134,7 @@ EOF
 
 The example above enables anonymous access (i.e. removes authentication) to the `/public` rule of the `HTTPRoute`.
 
-### ④ Consume the API
+### ⑦ Test the Application with Anonymous Access
 
 Test requests to the application protected by Kuadrant:
 
@@ -169,7 +151,7 @@ curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/public -i
 ## Cleanup
 
 ```sh
-kubectl delete -f examples/toystore/toystore.yaml
+kubectl delete -f https://raw.githubusercontent.com/Kuadrant/kuadrant-operator/refs/heads/main/examples/toystore/toystore.yaml
 kubectl delete httproute toystore
 kubectl delete authpolicy route-auth
 kubectl delete authpolicy rule-2-auth