From f28b2b0da396ff93c62c005381d83efefd52c734 Mon Sep 17 00:00:00 2001 From: Adam Cattermole Date: Mon, 22 Jul 2024 13:51:08 +0100 Subject: [PATCH] Update docs gateway name/namespace Signed-off-by: Adam Cattermole --- doc/install/install-openshift.md | 12 ++--- doc/observability/metrics.md | 2 +- doc/observability/tracing.md | 4 +- doc/rate-limiting.md | 10 ++--- ...uth-for-app-devs-and-platform-engineers.md | 44 +++++++++---------- .../authenticated-rl-for-app-developers.md | 10 ++--- ...uthenticated-rl-with-jwt-and-k8s-authnz.md | 6 +-- .../gateway-rl-for-cluster-operators.md | 12 ++--- .../simple-rl-for-app-developers.md | 12 ++--- 9 files changed, 56 insertions(+), 56 deletions(-) diff --git a/doc/install/install-openshift.md b/doc/install/install-openshift.md index 966870546..e73995164 100644 --- a/doc/install/install-openshift.md +++ b/doc/install/install-openshift.md @@ -57,7 +57,7 @@ Kuadrant integrates with Istio as a Gateway API provider. You can set up an Isti To install the Istio Gateway provider, run the following commands: ```bash -kubectl create ns istio-system +kubectl create ns gateway-system ``` ```bash @@ -66,7 +66,7 @@ kind: OperatorGroup apiVersion: operators.coreos.com/v1 metadata: name: sail - namespace: istio-system + namespace: gateway-system spec: upgradeStrategy: Default --- @@ -74,7 +74,7 @@ apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: sailoperator - namespace: istio-system + namespace: gateway-system spec: channel: 3.0-dp1 installPlanApproval: Automatic @@ -87,7 +87,7 @@ EOF Check the status of the installation as follows: ```bash -kubectl get installplan -n istio-system -o=jsonpath='{.items[0].status.phase}' +kubectl get installplan -n gateway-system -o=jsonpath='{.items[0].status.phase}' ``` When ready, the status will change from `installing` to `complete`. @@ -104,7 +104,7 @@ metadata: name: default spec: version: v1.21.0 - namespace: istio-system + namespace: gateway-system # Disable autoscaling to reduce dev resources values: pilot: @@ -115,7 +115,7 @@ EOF Wait for Istio to be ready as follows: ```bash -kubectl wait istio/default -n istio-system --for="condition=Ready=true" +kubectl wait istio/default -n gateway-system --for="condition=Ready=true" ``` ### Step 5 - Optional: Configure observability and metrics diff --git a/doc/observability/metrics.md b/doc/observability/metrics.md index d054896c8..d2075eaab 100644 --- a/doc/observability/metrics.md +++ b/doc/observability/metrics.md @@ -47,7 +47,7 @@ apiVersion: telemetry.istio.io/v1alpha1 kind: Telemetry metadata: name: namespace-metrics - namespace: istio-system + namespace: gateway-system spec: metrics: - providers: diff --git a/doc/observability/tracing.md b/doc/observability/tracing.md index 16ecd1184..c04a82c45 100644 --- a/doc/observability/tracing.md +++ b/doc/observability/tracing.md @@ -22,7 +22,7 @@ apiVersion: telemetry.istio.io/v1alpha1 kind: Telemetry metadata: name: mesh-default - namespace: istio-system + namespace: gateway-system spec: tracing: - providers: @@ -34,7 +34,7 @@ kind: Istio metadata: name: default spec: - namespace: istio-system + namespace: gateway-system values: meshConfig: defaultConfig: diff --git a/doc/rate-limiting.md b/doc/rate-limiting.md index 04a8074f6..5e8432219 100644 --- a/doc/rate-limiting.md +++ b/doc/rate-limiting.md @@ -391,19 +391,19 @@ A Kuadrant wasm-shim configuration for 2 RateLimitPolicy custom resources (a Gat apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: - name: kuadrant-istio-ingressgateway - namespace: istio-system + name: kuadrant-kuadrant-ingressgateway + namespace: gateway-system … spec: phase: STATS pluginConfig: failureMode: deny rateLimitPolicies: - - domain: istio-system/gw-rlp # allows isolating policy rules and improve performance of the rate limit service + - domain: gateway-system/gw-rlp # allows isolating policy rules and improve performance of the rate limit service hostnames: - '*.website' - '*.io' - name: istio-system/gw-rlp + name: gateway-system/gw-rlp rules: # match rules from the gateway and according to conditions specified in the policy - conditions: - allOf: @@ -478,6 +478,6 @@ spec: service: kuadrant-rate-limiting-service selector: matchLabels: - istio.io/gateway-name: istio-ingressgateway + istio.io/gateway-name: kuadrant-ingressgateway url: oci://quay.io/kuadrant/wasm-shim:v0.3.0 ``` diff --git a/doc/user-guides/auth-for-app-devs-and-platform-engineers.md b/doc/user-guides/auth-for-app-devs-and-platform-engineers.md index 8fdbf2b4b..a8e582acf 100644 --- a/doc/user-guides/auth-for-app-devs-and-platform-engineers.md +++ b/doc/user-guides/auth-for-app-devs-and-platform-engineers.md @@ -7,7 +7,7 @@ Two AuthPolicies will be declared: | Use case | AuthPolicy | |--------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **App developer** | 1 AuthPolicy targeting a HTTPRoute that routes traffic to a sample Toy Store application, and enforces API key authentication to all requests in this route, as well as requires API key owners to be mapped to `groups:admins` metadata to access a specific HTTPRouteRule of the route. | -| **Platform engineer use-case** | 1 AuthPolicy targeting the `istio-ingressgateway` Gateway that enforces a trivial "deny-all" policy that locks down any other HTTPRoute attached to the Gateway. | +| **Platform engineer use-case** | 1 AuthPolicy targeting the `kuadrant-ingressgateway` Gateway that enforces a trivial "deny-all" policy that locks down any other HTTPRoute attached to the Gateway. | Topology: @@ -18,19 +18,19 @@ Topology: └───────┬───────┘ │ ▼ - ┌──────────────────────┐ - │ (Gateway) │ - │ istio-ingressgateway │ - ┌────►│ │◄───┐ - │ │ * │ │ - │ └──────────────────────┘ │ - │ │ - ┌────────┴─────────┐ ┌────────┴─────────┐ - │ (HTTPRoute) │ │ (HTTPRoute) │ - │ toystore │ │ other │ - │ │ │ │ - │ api.toystore.com │ │ *.other-apps.com │ - └──────────────────┘ └──────────────────┘ + ┌─────────────────────────┐ + │ (Gateway) │ + │ kuadrant-ingressgateway │ + ┌────►│ │◄───┐ + │ │ * │ │ + │ └─────────────────────────┘ │ + │ │ + ┌────────┴─────────┐ ┌────────┴─────────┐ + │ (HTTPRoute) │ │ (HTTPRoute) │ + │ toystore │ │ other │ + │ │ │ │ + │ api.toystore.com │ │ *.other-apps.com │ + └──────────────────┘ └──────────────────┘ ▲ │ ┌───────┴───────┐ @@ -83,8 +83,8 @@ metadata: name: toystore spec: parentRefs: - - name: istio-ingressgateway - namespace: istio-system + - name: kuadrant-ingressgateway + namespace: gateway-system hostnames: - api.toystore.com rules: @@ -113,8 +113,8 @@ EOF Export the gateway hostname and port: ```sh -export INGRESS_HOST=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}') -export INGRESS_PORT=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') +export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}') +export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT ``` @@ -231,7 +231,7 @@ curl -H 'Host: api.toystore.com' -H 'Authorization: APIKEY iamanadmin' http://$G Create the policy: ```sh -kubectl -n istio-system apply -f - < **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost: > > ```sh -> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 >/dev/null 2>&1 & +> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 & > export GATEWAY_URL=localhost:9080 > ``` > ```sh diff --git a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md index 9c39c508f..7646cfed1 100644 --- a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md +++ b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md @@ -85,8 +85,8 @@ kubectl apply -f examples/toystore/httproute.yaml Export the gateway hostname and port: ```sh -export INGRESS_HOST=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}') -export INGRESS_PORT=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') +export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}') +export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT ``` @@ -100,7 +100,7 @@ It should return `200 OK`. > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost: > > ```sh -> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 >/dev/null 2>&1 & +> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 & > export GATEWAY_URL=localhost:9080 > ``` > ```sh diff --git a/doc/user-guides/gateway-rl-for-cluster-operators.md b/doc/user-guides/gateway-rl-for-cluster-operators.md index c3edc398a..e112fa10d 100644 --- a/doc/user-guides/gateway-rl-for-cluster-operators.md +++ b/doc/user-guides/gateway-rl-for-cluster-operators.md @@ -40,7 +40,7 @@ EOF ### ② Create the ingress gateways ```sh -kubectl -n istio-system apply -f - </dev/null 2>&1 & -kubectl port-forward -n istio-system service/internal-istio 9082:80 >/dev/null 2>&1 & +kubectl port-forward -n gateway-system service/external-istio 9081:80 >/dev/null 2>&1 & +kubectl port-forward -n gateway-system service/internal-istio 9082:80 >/dev/null 2>&1 & ``` Up to 5 successful (`200 OK`) requests every 10 seconds through the `external` ingress gateway (`*.io`), then `429 Too Many Requests`: diff --git a/doc/user-guides/simple-rl-for-app-developers.md b/doc/user-guides/simple-rl-for-app-developers.md index 4f151f238..a978320fb 100644 --- a/doc/user-guides/simple-rl-for-app-developers.md +++ b/doc/user-guides/simple-rl-for-app-developers.md @@ -4,7 +4,7 @@ This user guide walks you through an example of how to configure rate limiting f
-In this guide, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API listens to requests at the hostname `api.toystore.com`, where it exposes the endpoints `GET /toys*` and `POST /toys`, respectively, to mimic a operations of reading and writing toy records. +In this guide, we will rate limit a sample REST API called **Toy Store**. In reality, this API is just an echo service that echoes back to the user whatever attributes it gets in the request. The API listens to requests at the hostname `api.toystore.com`, where it exposes the endpoints `GET /toys*` and `POST /toys`, respectively, to mimic operations of reading and writing toy records. We will rate limit the `POST /toys` endpoint to a maximum of 5rp10s ("5 requests every 10 seconds"). @@ -63,8 +63,8 @@ metadata: name: toystore spec: parentRefs: - - name: istio-ingressgateway - namespace: istio-system + - name: kuadrant-ingressgateway + namespace: gateway-system hostnames: - api.toystore.com rules: @@ -90,8 +90,8 @@ EOF Export the gateway hostname and port: ```sh -export INGRESS_HOST=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}') -export INGRESS_PORT=$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') +export INGRESS_HOST=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}') +export INGRESS_PORT=$(kubectl get gtw kuadrant-ingressgateway -n gateway-system -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT ``` @@ -105,7 +105,7 @@ curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toys -i > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost: > > ```sh -> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 >/dev/null 2>&1 & +> kubectl port-forward -n gateway-system service/kuadrant-ingressgateway-istio 9080:80 >/dev/null 2>&1 & > export GATEWAY_URL=localhost:9080 > ``` > ```sh