diff --git a/config/dependencies/envoy-gateway/gateway/gateway.yaml b/config/dependencies/envoy-gateway/gateway/gateway.yaml index 332c66f7f..798383087 100644 --- a/config/dependencies/envoy-gateway/gateway/gateway.yaml +++ b/config/dependencies/envoy-gateway/gateway/gateway.yaml @@ -2,7 +2,7 @@ apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: - name: eg + name: kuadrant-ingressgateway spec: gatewayClassName: envoygateway listeners: diff --git a/config/dependencies/envoy-gateway/gateway/kustomization.yaml b/config/dependencies/envoy-gateway/gateway/kustomization.yaml index f7cd51264..fdfd9e6dc 100644 --- a/config/dependencies/envoy-gateway/gateway/kustomization.yaml +++ b/config/dependencies/envoy-gateway/gateway/kustomization.yaml @@ -1,6 +1,7 @@ --- # Adds namespace to all resources. -namespace: envoy-gateway-system +namespace: gateway-system resources: +- namespace.yaml - gateway-class.yaml - gateway.yaml diff --git a/config/dependencies/envoy-gateway/gateway/namespace.yaml b/config/dependencies/envoy-gateway/gateway/namespace.yaml new file mode 100644 index 000000000..99f749f52 --- /dev/null +++ b/config/dependencies/envoy-gateway/gateway/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: gateway-system diff --git a/config/dependencies/istio/gateway/gateway.yaml b/config/dependencies/istio/gateway/gateway.yaml index 22be12636..45c141eb6 100644 --- a/config/dependencies/istio/gateway/gateway.yaml +++ b/config/dependencies/istio/gateway/gateway.yaml @@ -4,7 +4,7 @@ kind: Gateway metadata: labels: istio: ingressgateway - name: istio-ingressgateway + name: kuadrant-ingressgateway spec: gatewayClassName: istio listeners: diff --git a/config/dependencies/istio/gateway/kustomization.yaml b/config/dependencies/istio/gateway/kustomization.yaml index b489ae5d3..6a519b4df 100644 --- a/config/dependencies/istio/gateway/kustomization.yaml +++ b/config/dependencies/istio/gateway/kustomization.yaml @@ -1,5 +1,6 @@ --- # Adds namespace to all resources. -namespace: istio-system +namespace: gateway-system resources: +- namespace.yaml - gateway.yaml diff --git a/config/dependencies/istio/gateway/namespace.yaml b/config/dependencies/istio/gateway/namespace.yaml new file mode 100644 index 000000000..99f749f52 --- /dev/null +++ b/config/dependencies/istio/gateway/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: gateway-system diff --git a/config/observability/openshift/telemetry.yaml b/config/observability/openshift/telemetry.yaml index c3a7509b2..7b6c6f11f 100644 --- a/config/observability/openshift/telemetry.yaml +++ b/config/observability/openshift/telemetry.yaml @@ -2,7 +2,7 @@ apiVersion: telemetry.istio.io/v1alpha1 kind: Telemetry metadata: name: namespace-metrics - namespace: istio-system + namespace: gateway-system spec: metrics: - providers: diff --git a/config/observability/prometheus/monitors/pod-monitor-envoy.yaml b/config/observability/prometheus/monitors/pod-monitor-envoy.yaml index 1d98a8f8a..e10c5c54d 100644 --- a/config/observability/prometheus/monitors/pod-monitor-envoy.yaml +++ b/config/observability/prometheus/monitors/pod-monitor-envoy.yaml @@ -5,10 +5,10 @@ metadata: spec: namespaceSelector: matchNames: - - istio-system + - gateway-system selector: matchLabels: - app: istio-ingressgateway + app: kuadrant-ingressgateway podMetricsEndpoints: - port: http-envoy-prom path: /stats/prometheus diff --git a/config/observability/prometheus/monitors/service-monitor-istiod.yaml b/config/observability/prometheus/monitors/service-monitor-istiod.yaml index 656cd440b..54dcd4257 100644 --- a/config/observability/prometheus/monitors/service-monitor-istiod.yaml +++ b/config/observability/prometheus/monitors/service-monitor-istiod.yaml @@ -5,7 +5,7 @@ metadata: spec: namespaceSelector: matchNames: - - istio-system + - gateway-system selector: matchLabels: app: istiod diff --git a/config/observability/prometheus/telemetry.yaml b/config/observability/prometheus/telemetry.yaml index ac6796fce..df37e0aab 100644 --- a/config/observability/prometheus/telemetry.yaml +++ b/config/observability/prometheus/telemetry.yaml @@ -2,7 +2,7 @@ apiVersion: telemetry.istio.io/v1alpha1 kind: Telemetry metadata: name: namespace-metrics - namespace: istio-system + namespace: gateway-system spec: metrics: - providers: diff --git a/doc/install/install-openshift.md b/doc/install/install-openshift.md index a5139b961..7117f0462 100644 --- a/doc/install/install-openshift.md +++ b/doc/install/install-openshift.md @@ -61,7 +61,7 @@ Kuadrant integrates with Istio as a Gateway API provider. You can set up an Isti To install the Istio Gateway provider, run the following commands: ```bash -kubectl create ns istio-system +kubectl create ns gateway-system ``` ```bash @@ -70,7 +70,7 @@ kind: OperatorGroup apiVersion: operators.coreos.com/v1 metadata: name: sail - namespace: istio-system + namespace: gateway-system spec: upgradeStrategy: Default --- @@ -78,7 +78,7 @@ apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sailoperator - namespace: istio-system + namespace: gateway-system spec: channel: 3.0-dp1 installPlanApproval: Automatic @@ -91,7 +91,7 @@ EOF Check the status of the installation as follows: ```bash -kubectl get installplan -n istio-system -o=jsonpath='{.items[0].status.phase}' +kubectl get installplan -n gateway-system -o=jsonpath='{.items[0].status.phase}' ``` When ready, the status will change from `installing` to `complete`. @@ -108,7 +108,7 @@ metadata: name: default spec: version: v1.21.0 - namespace: istio-system + namespace: gateway-system # Disable autoscaling to reduce dev resources values: pilot: @@ -119,7 +119,7 @@ EOF Wait for Istio to be ready as follows: ```bash -kubectl wait istio/default -n istio-system --for="condition=Ready=true" +kubectl wait istio/default -n gateway-system --for="condition=Ready=true" ``` ### Step 5 - (Optional) Install Envoy Gateway as a Gateway API provider diff --git a/doc/observability/metrics.md b/doc/observability/metrics.md index d054896c8..d2075eaab 100644 --- a/doc/observability/metrics.md +++ b/doc/observability/metrics.md @@ -47,7 +47,7 @@ apiVersion: telemetry.istio.io/v1alpha1 kind: Telemetry metadata: name: namespace-metrics - namespace: istio-system + namespace: gateway-system spec: metrics: - providers: diff --git a/doc/observability/tracing.md b/doc/observability/tracing.md index 16ecd1184..c04a82c45 100644 --- a/doc/observability/tracing.md +++ b/doc/observability/tracing.md @@ -22,7 +22,7 @@ apiVersion: telemetry.istio.io/v1alpha1 kind: Telemetry metadata: name: mesh-default - namespace: istio-system + namespace: gateway-system spec: tracing: - providers: @@ -34,7 +34,7 @@ kind: Istio metadata: name: default spec: - namespace: istio-system + namespace: gateway-system values: meshConfig: defaultConfig: diff --git a/doc/rate-limiting.md b/doc/rate-limiting.md index 04a8074f6..5e8432219 100644 --- a/doc/rate-limiting.md +++ b/doc/rate-limiting.md @@ -391,19 +391,19 @@ A Kuadrant wasm-shim configuration for 2 RateLimitPolicy custom resources (a Gat apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: - name: kuadrant-istio-ingressgateway - namespace: istio-system + name: kuadrant-kuadrant-ingressgateway + namespace: gateway-system … spec: phase: STATS pluginConfig: failureMode: deny rateLimitPolicies: - - domain: istio-system/gw-rlp # allows isolating policy rules and improve performance of the rate limit service + - domain: gateway-system/gw-rlp # allows isolating policy rules and improve performance of the rate limit service hostnames: - '*.website' - '*.io' - name: istio-system/gw-rlp + name: gateway-system/gw-rlp rules: # match rules from the gateway and according to conditions specified in the policy - conditions: - allOf: @@ -478,6 +478,6 @@ spec: service: kuadrant-rate-limiting-service selector: matchLabels: - istio.io/gateway-name: istio-ingressgateway + istio.io/gateway-name: kuadrant-ingressgateway url: oci://quay.io/kuadrant/wasm-shim:v0.3.0 ``` diff --git a/doc/user-guides/auth-for-app-devs-and-platform-engineers.md b/doc/user-guides/auth-for-app-devs-and-platform-engineers.md index 8fdbf2b4b..a8e582acf 100644 --- a/doc/user-guides/auth-for-app-devs-and-platform-engineers.md +++ b/doc/user-guides/auth-for-app-devs-and-platform-engineers.md @@ -7,7 +7,7 @@ Two AuthPolicies will be declared: | Use case | AuthPolicy | |--------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **App developer** | 1 AuthPolicy targeting a HTTPRoute that routes traffic to a sample Toy Store application, and enforces API key authentication to all requests in this route, as well as requires API key owners to be mapped to `groups:admins` metadata to access a specific HTTPRouteRule of the route. | -| **Platform engineer use-case** | 1 AuthPolicy targeting the `istio-ingressgateway` Gateway that enforces a trivial "deny-all" policy that locks down any other HTTPRoute attached to the Gateway. | +| **Platform engineer use-case** | 1 AuthPolicy targeting the `kuadrant-ingressgateway` Gateway that enforces a trivial "deny-all" policy that locks down any other HTTPRoute attached to the Gateway. | Topology: @@ -18,19 +18,19 @@ Topology: └───────┬───────┘ │ ▼ - ┌──────────────────────┐ - │ (Gateway) │ - │ istio-ingressgateway │ - ┌────►│ │◄───┐ - │ │ * │ │ - │ └──────────────────────┘ │ - │ │ - ┌────────┴─────────┐ ┌────────┴─────────┐ - │ (HTTPRoute) │ │ (HTTPRoute) │ - │ toystore │ │ other │ - │ │ │ │ - │ api.toystore.com │ │ *.other-apps.com │ - └──────────────────┘ └──────────────────┘ + ┌─────────────────────────┐ + │ (Gateway) │ + │ kuadrant-ingressgateway │ + ┌────►│ │◄───┐ + │ │ * │ │ + │ └─────────────────────────┘ │ + │ │ + ┌────────┴─────────┐ ┌────────┴─────────┐ + │ (HTTPRoute) │ │ (HTTPRoute) │ + │ toystore │ │ other │ + │ │ │ │ + │ api.toystore.com │ │ *.other-apps.com │ + └──────────────────┘ └──────────────────┘ ▲ │ ┌───────┴───────┐ @@ -83,8 +83,8 @@ metadata: name: toystore spec: parentRefs: - - name: istio-ingressgateway - namespace: istio-system + - name: kuadrant-ingressgateway + namespace: gateway-system hostnames: - api.toystore.com rules: @@ -113,8 +113,8 @@ EOF Export the gateway hostname and port: ```sh -export INGRESS_HOST=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}') -export INGRESS_PORT=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') +export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}') +export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT ``` @@ -231,7 +231,7 @@ curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamanadmin' http://$G Create the policy: ```sh -kubectl -n istio-system apply -f - < **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost: > > ```sh -> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 >/dev/null 2>&1 & +> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 & > export GATEWAY_URL=localhost:9080 > ``` > ```sh diff --git a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md index 9c39c508f..7646cfed1 100644 --- a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md +++ b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md @@ -85,8 +85,8 @@ kubectl apply -f examples/toystore/httproute.yaml Export the gateway hostname and port: ```sh -export INGRESS_HOST=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}') -export INGRESS_PORT=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') +export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}') +export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT ``` @@ -100,7 +100,7 @@ It should return `200 OK`. > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost: > > ```sh -> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 >/dev/null 2>&1 & +> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 & > export GATEWAY_URL=localhost:9080 > ``` > ```sh diff --git a/doc/user-guides/gateway-rl-for-cluster-operators.md b/doc/user-guides/gateway-rl-for-cluster-operators.md index c3edc398a..e112fa10d 100644 --- a/doc/user-guides/gateway-rl-for-cluster-operators.md +++ b/doc/user-guides/gateway-rl-for-cluster-operators.md @@ -40,7 +40,7 @@ EOF ### ② Create the ingress gateways ```sh -kubectl -n istio-system apply -f - </dev/null 2>&1 & -kubectl port-forward -n istio-system service/internal-istio 9082:80 >/dev/null 2>&1 & +kubectl port-forward -n gateway-system service/external-istio 9081:80 >/dev/null 2>&1 & +kubectl port-forward -n gateway-system service/internal-istio 9082:80 >/dev/null 2>&1 & ``` Up to 5 successful (`200 OK`) requests every 10 seconds through the `external` ingress gateway (`*.io`), then `429 Too Many Requests`: diff --git a/doc/user-guides/simple-rl-for-app-developers.md b/doc/user-guides/simple-rl-for-app-developers.md index 4f151f238..a978320fb 100644 --- a/doc/user-guides/simple-rl-for-app-developers.md +++ b/doc/user-guides/simple-rl-for-app-developers.md @@ -4,7 +4,7 @@ This user guide walks you through an example of how to configure rate limiting f
-In this guide, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API listens to requests at the hostname `api.toystore.com`, where it exposes the endpoints `GET /toys*` and `POST /toys`, respectively, to mimic a operations of reading and writing toy records. +In this guide, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API listens to requests at the hostname `api.toystore.com`, where it exposes the endpoints `GET /toys*` and `POST /toys`, respectively, to mimic operations of reading and writing toy records. We will rate limit the `POST /toys` endpoint to a maximum of 5rp10s ("5 requests every 10 seconds"). @@ -63,8 +63,8 @@ metadata: name: toystore spec: parentRefs: - - name: istio-ingressgateway - namespace: istio-system + - name: kuadrant-ingressgateway + namespace: gateway-system hostnames: - api.toystore.com rules: @@ -90,8 +90,8 @@ EOF Export the gateway hostname and port: ```sh -export INGRESS_HOST=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}') -export INGRESS_PORT=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') +export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}') +export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT ``` @@ -105,7 +105,7 @@ curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toys -i > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost: > > ```sh -> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 >/dev/null 2>&1 & +> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 & > export GATEWAY_URL=localhost:9080 > ``` > ```sh diff --git a/examples/toystore/authpolicy.yaml b/examples/toystore/authpolicy.yaml index a7a404b71..cf646b48d 100644 --- a/examples/toystore/authpolicy.yaml +++ b/examples/toystore/authpolicy.yaml @@ -37,12 +37,12 @@ apiVersion: kuadrant.io/v1beta1 kind: AuthPolicy metadata: name: toystore - namespace: istio-system + namespace: gateway-system spec: targetRef: group: gateway.networking.k8s.io kind: Gateway - name: istio-ingressgateway + name: kuadrant-ingressgateway rules: authentication: "apikey": diff --git a/examples/toystore/httproute.yaml b/examples/toystore/httproute.yaml index f44f9f9e5..941e2db4b 100644 --- a/examples/toystore/httproute.yaml +++ b/examples/toystore/httproute.yaml @@ -7,8 +7,8 @@ metadata: app: toystore spec: parentRefs: - - name: istio-ingressgateway - namespace: istio-system + - name: kuadrant-ingressgateway + namespace: gateway-system hostnames: ["*.toystore.com"] rules: - matches: diff --git a/examples/toystore/ratelimitpolicy_gateway.yaml b/examples/toystore/ratelimitpolicy_gateway.yaml index 57b53002b..b7cabca1d 100644 --- a/examples/toystore/ratelimitpolicy_gateway.yaml +++ b/examples/toystore/ratelimitpolicy_gateway.yaml @@ -2,12 +2,12 @@ apiVersion: kuadrant.io/v1beta2 kind: RateLimitPolicy metadata: name: toystore-gw - namespace: istio-system + namespace: gateway-system spec: targetRef: group: gateway.networking.k8s.io kind: Gateway - name: istio-ingressgateway + name: kuadrant-ingressgateway limits: "expensive-operation": rates: diff --git a/make/development-environments.mk b/make/development-environments.mk index 72e9089c8..91c016d27 100644 --- a/make/development-environments.mk +++ b/make/development-environments.mk @@ -109,12 +109,12 @@ istio-env-setup: ## Install Istio, istio gateway and gatewayapi-env-setup $(MAKE) deploy-istio-gateway @echo @echo "Now you can open local access to the istio gateway by doing:" - @echo "kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 &" + @echo "kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 &" @echo "export GATEWAY_URL=localhost:9080" @echo "after that, you can curl -H \"Host: myhost.com\" \$$GATEWAY_URL" @echo "-- Linux only -- Ingress gateway is exported using loadbalancer service in port 80" - @echo "export INGRESS_HOST=\$$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}')" - @echo "export INGRESS_PORT=\$$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name==\"http\")].port}')" + @echo "export INGRESS_HOST=\$$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')" + @echo "export INGRESS_PORT=\$$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name==\"http\")].port}')" @echo "export GATEWAY_URL=\$$INGRESS_HOST:\$$INGRESS_PORT" @echo "curl -H \"Host: myhost.com\" \$$GATEWAY_URL" @echo diff --git a/make/envoy-gateway.mk b/make/envoy-gateway.mk index 81fd4d973..ad97af2dd 100644 --- a/make/envoy-gateway.mk +++ b/make/envoy-gateway.mk @@ -41,26 +41,26 @@ egctl: $(EGCTL) ## Download egctl locally if necessary. envoy-gateway-enable-envoypatchpolicy: $(YQ) $(eval TMP := $(shell mktemp -d)) - kubectl get configmap -n envoy-gateway-system envoy-gateway-config -o jsonpath='{.data.envoy-gateway\.yaml}' > $(TMP)/envoy-gateway.yaml + kubectl get configmap -n $(EG_NAMESPACE) envoy-gateway-config -o jsonpath='{.data.envoy-gateway\.yaml}' > $(TMP)/envoy-gateway.yaml yq e '.extensionApis.enableEnvoyPatchPolicy = true' -i $(TMP)/envoy-gateway.yaml - kubectl create configmap -n envoy-gateway-system envoy-gateway-config --from-file=envoy-gateway.yaml=$(TMP)/envoy-gateway.yaml -o yaml --dry-run=client | kubectl replace -f - + kubectl create configmap -n $(EG_NAMESPACE) envoy-gateway-config --from-file=envoy-gateway.yaml=$(TMP)/envoy-gateway.yaml -o yaml --dry-run=client | kubectl replace -f - -rm -rf $(TMP) - kubectl rollout restart deployment envoy-gateway -n envoy-gateway-system + kubectl rollout restart deployment envoy-gateway -n $(EG_NAMESPACE) EG_VERSION ?= v1.1.0 .PHONY: envoy-gateway-install envoy-gateway-install: kustomize $(HELM) - $(HELM) install eg oci://docker.io/envoyproxy/gateway-helm --version $(EG_VERSION) -n envoy-gateway-system --create-namespace + $(HELM) install eg oci://docker.io/envoyproxy/gateway-helm --version $(EG_VERSION) -n $(EG_NAMESPACE) --create-namespace $(MAKE) envoy-gateway-enable-envoypatchpolicy - kubectl wait --timeout=5m -n envoy-gateway-system deployment/envoy-gateway --for=condition=Available + kubectl wait --timeout=5m -n $(EG_NAMESPACE) deployment/envoy-gateway --for=condition=Available .PHONY: deploy-eg-gateway deploy-eg-gateway: kustomize ## Deploy Gateway API gateway $(KUSTOMIZE) build $(EG_CONFIG_DIR)/gateway | kubectl apply -f - - kubectl wait --timeout=5m -n envoy-gateway-system gateway/eg --for=condition=Programmed + kubectl wait --timeout=5m -n gateway-system gateway/kuadrant-ingressgateway --for=condition=Programmed @echo @echo "-- Linux only -- Ingress gateway is exported using loadbalancer service in port 80" - @echo "export INGRESS_HOST=\$$(kubectl get gtw eg -n envoy-gateway-system -o jsonpath='{.status.addresses[0].value}')" - @echo "export INGRESS_PORT=\$$(kubectl get gtw eg -n envoy-gateway-system -o jsonpath='{.spec.listeners[?(@.name==\"http\")].port}')" + @echo "export INGRESS_HOST=\$$(kubectl get gtw kuadrant-ingressgateway -n gateway-system-o jsonpath='{.status.addresses[0].value}')" + @echo "export INGRESS_PORT=\$$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name==\"http\")].port}')" @echo "Now you can hit the gateway:" @echo "curl --verbose --resolve www.example.com:\$${INGRESS_PORT}:\$${INGRESS_HOST} http://www.example.com:\$${INGRESS_PORT}/get" diff --git a/make/istio.mk b/make/istio.mk index 20b3a79f5..d9df5202a 100644 --- a/make/istio.mk +++ b/make/istio.mk @@ -31,7 +31,7 @@ istioctl: $(ISTIOCTL) ## Download istioctl locally if necessary. .PHONY: istioctl-install istioctl-install: istioctl ## Install istio. - $(ISTIOCTL) operator init + $(ISTIOCTL) operator init --operatorNamespace $(ISTIO_NAMESPACE) --watchedNamespaces $(ISTIO_NAMESPACE) kubectl apply -f $(ISTIO_INSTALL_DIR)/istio-operator.yaml .PHONY: istioctl-uninstall @@ -45,7 +45,7 @@ istioctl-verify-install: istioctl ## Verify istio installation. .PHONY: sail-install sail-install: kustomize $(KUSTOMIZE) build $(ISTIO_INSTALL_DIR)/sail | kubectl apply -f - - kubectl -n istio-system wait --for=condition=Available deployment istio-operator --timeout=300s + kubectl -n $(ISTIO_NAMESPACE) wait --for=condition=Available deployment istio-operator --timeout=300s kubectl apply -f $(ISTIO_INSTALL_DIR)/sail/istio.yaml .PHONY: sail-uninstall