mirror of https://github.com/istio/istio.io.git
				
				
				
			gateway-api: add Gateway API instructions to wildcard egress doc (#14654)
* gateway-api: add Gateway API instructions to wildcard egress doc * v1beta1 * regen
This commit is contained in:
		
							parent
							
								
									ed153b9f3b
								
							
						
					
					
						commit
						0997aa87fc
					
				|  | @ -0,0 +1,30 @@ | |||
| #!/usr/bin/env bash | ||||
| # shellcheck disable=SC1090,SC2154 | ||||
| 
 | ||||
| # Copyright Istio Authors | ||||
| # | ||||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| # you may not use this file except in compliance with the License. | ||||
| # You may obtain a copy of the License at | ||||
| # | ||||
| #    http://www.apache.org/licenses/LICENSE-2.0 | ||||
| # | ||||
| # Unless required by applicable law or agreed to in writing, software | ||||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| # See the License for the specific language governing permissions and | ||||
| # limitations under the License. | ||||
| 
 | ||||
| source "tests/util/gateway-api.sh" | ||||
| install_gateway_api_crds | ||||
| 
 | ||||
| # @setup profile=none | ||||
| source "content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/test.sh" | ||||
| 
 | ||||
| # @cleanup | ||||
| snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_2 | ||||
| snip_cleanup_1 | ||||
| snip_cleanup_2 | ||||
| kubectl delete ns istio-system | ||||
| kubectl label namespace default istio-injection- | ||||
| remove_gateway_api_crds | ||||
|  | @ -23,22 +23,42 @@ Each version of `wikipedia.org` in a particular language has its own hostname, e | |||
| You want to enable egress traffic by common configuration items for all the Wikipedia sites, | ||||
| without the need to specify every language's site separately. | ||||
| 
 | ||||
| {{< boilerplate gateway-api-gamma-support >}} | ||||
| 
 | ||||
| ## Before you begin | ||||
| 
 | ||||
| *   Install Istio using the `demo` [configuration profile](/docs/setup/additional-setup/config-profiles/) | ||||
|     and with the blocking-by-default outbound traffic policy: | ||||
| *   Install Istio with access logging enabled and with the blocking-by-default outbound traffic policy: | ||||
| 
 | ||||
|     {{< text bash >}} | ||||
|     $ istioctl install --set profile=demo --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY | ||||
|     {{< /text >}} | ||||
| {{< tabset category-name="config-api" >}} | ||||
| 
 | ||||
|     {{< tip >}} | ||||
|     You can run this task on an Istio configuration other than the `demo` profile as long as you make sure to | ||||
|     [deploy the Istio egress gateway](/docs/tasks/traffic-management/egress/egress-gateway/#deploy-istio-egress-gateway), | ||||
|     [enable Envoy’s access logging](/docs/tasks/observability/logs/access-log/#enable-envoy-s-access-logging), and | ||||
|     [apply the blocking-by-default outbound traffic policy](/docs/tasks/traffic-management/egress/egress-control/#change-to-the-blocking-by-default-policy) | ||||
|     in your installation. | ||||
|     {{< /tip >}} | ||||
| {{< tab name="Istio APIs" category-value="istio-apis" >}} | ||||
| 
 | ||||
| {{< text bash >}} | ||||
| $ istioctl install --set profile=demo --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY | ||||
| {{< /text >}} | ||||
| 
 | ||||
| {{< tip >}} | ||||
| You can run this task on an Istio configuration other than the `demo` profile as long as you make sure to | ||||
| [deploy the Istio egress gateway](/docs/tasks/traffic-management/egress/egress-gateway/#deploy-istio-egress-gateway), | ||||
| [enable Envoy’s access logging](/docs/tasks/observability/logs/access-log/#enable-envoy-s-access-logging), and | ||||
| [apply the blocking-by-default outbound traffic policy](/docs/tasks/traffic-management/egress/egress-control/#change-to-the-blocking-by-default-policy) | ||||
| in your installation. | ||||
| {{< /tip >}} | ||||
| 
 | ||||
| {{< /tab >}} | ||||
| 
 | ||||
| {{< tab name="Gateway API" category-value="gateway-api" >}} | ||||
| 
 | ||||
| {{< text bash >}} | ||||
| $ istioctl install --set profile=minimal -y \ | ||||
|     --set values.pilot.env.PILOT_ENABLE_ALPHA_GATEWAY_API=true \ | ||||
|     --set meshConfig.accessLogFile=/dev/stdout \ | ||||
|     --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY | ||||
| {{< /text >}} | ||||
| 
 | ||||
| {{< /tab >}} | ||||
| 
 | ||||
| {{< /tabset >}} | ||||
| 
 | ||||
| *   Deploy the [sleep]({{< github_tree >}}/samples/sleep) sample app to use as a test source for sending requests. | ||||
|     If you have | ||||
|  | @ -124,77 +144,154 @@ the configured route destination will not be the same as the configured host, | |||
| i.e., the wildcard. It will instead be configured with the host of the single server for | ||||
| the set of domains. | ||||
| 
 | ||||
| 1.  Create an egress `Gateway` for _*.wikipedia.org_, a destination rule and a virtual service | ||||
|     to direct the traffic through the egress gateway and from the egress gateway to the external service. | ||||
| 1.  Create an egress `Gateway` for _*.wikipedia.org_ and route rules | ||||
|     to direct the traffic through the egress gateway and from the egress gateway to the external service: | ||||
| 
 | ||||
|     {{< text bash >}} | ||||
|     $ kubectl apply -f - <<EOF | ||||
|     apiVersion: networking.istio.io/v1alpha3 | ||||
|     kind: Gateway | ||||
|     metadata: | ||||
|       name: istio-egressgateway | ||||
|     spec: | ||||
|       selector: | ||||
|         istio: egressgateway | ||||
|       servers: | ||||
|       - port: | ||||
|           number: 443 | ||||
|           name: https | ||||
|           protocol: HTTPS | ||||
|         hosts: | ||||
|         - "*.wikipedia.org" | ||||
|         tls: | ||||
|           mode: PASSTHROUGH | ||||
|     --- | ||||
|     apiVersion: networking.istio.io/v1alpha3 | ||||
|     kind: DestinationRule | ||||
|     metadata: | ||||
|       name: egressgateway-for-wikipedia | ||||
|     spec: | ||||
|       host: istio-egressgateway.istio-system.svc.cluster.local | ||||
|       subsets: | ||||
|         - name: wikipedia | ||||
|     --- | ||||
|     apiVersion: networking.istio.io/v1alpha3 | ||||
|     kind: VirtualService | ||||
|     metadata: | ||||
|       name: direct-wikipedia-through-egress-gateway | ||||
|     spec: | ||||
|       hosts: | ||||
|       - "*.wikipedia.org" | ||||
|       gateways: | ||||
| {{< tabset category-name="config-api" >}} | ||||
| 
 | ||||
| {{< tab name="Istio APIs" category-value="istio-apis" >}} | ||||
| 
 | ||||
| {{< text bash >}} | ||||
| $ kubectl apply -f - <<EOF | ||||
| apiVersion: networking.istio.io/v1alpha3 | ||||
| kind: Gateway | ||||
| metadata: | ||||
|   name: istio-egressgateway | ||||
| spec: | ||||
|   selector: | ||||
|     istio: egressgateway | ||||
|   servers: | ||||
|   - port: | ||||
|       number: 443 | ||||
|       name: https | ||||
|       protocol: HTTPS | ||||
|     hosts: | ||||
|     - "*.wikipedia.org" | ||||
|     tls: | ||||
|       mode: PASSTHROUGH | ||||
| --- | ||||
| apiVersion: networking.istio.io/v1alpha3 | ||||
| kind: DestinationRule | ||||
| metadata: | ||||
|   name: egressgateway-for-wikipedia | ||||
| spec: | ||||
|   host: istio-egressgateway.istio-system.svc.cluster.local | ||||
|   subsets: | ||||
|     - name: wikipedia | ||||
| --- | ||||
| apiVersion: networking.istio.io/v1alpha3 | ||||
| kind: VirtualService | ||||
| metadata: | ||||
|   name: direct-wikipedia-through-egress-gateway | ||||
| spec: | ||||
|   hosts: | ||||
|   - "*.wikipedia.org" | ||||
|   gateways: | ||||
|   - mesh | ||||
|   - istio-egressgateway | ||||
|   tls: | ||||
|   - match: | ||||
|     - gateways: | ||||
|       - mesh | ||||
|       port: 443 | ||||
|       sniHosts: | ||||
|       - "*.wikipedia.org" | ||||
|     route: | ||||
|     - destination: | ||||
|         host: istio-egressgateway.istio-system.svc.cluster.local | ||||
|         subset: wikipedia | ||||
|         port: | ||||
|           number: 443 | ||||
|       weight: 100 | ||||
|   - match: | ||||
|     - gateways: | ||||
|       - istio-egressgateway | ||||
|       tls: | ||||
|       - match: | ||||
|         - gateways: | ||||
|           - mesh | ||||
|           port: 443 | ||||
|           sniHosts: | ||||
|           - "*.wikipedia.org" | ||||
|         route: | ||||
|         - destination: | ||||
|             host: istio-egressgateway.istio-system.svc.cluster.local | ||||
|             subset: wikipedia | ||||
|             port: | ||||
|               number: 443 | ||||
|           weight: 100 | ||||
|       - match: | ||||
|         - gateways: | ||||
|           - istio-egressgateway | ||||
|           port: 443 | ||||
|           sniHosts: | ||||
|           - "*.wikipedia.org" | ||||
|         route: | ||||
|         - destination: | ||||
|             host: www.wikipedia.org | ||||
|             port: | ||||
|               number: 443 | ||||
|           weight: 100 | ||||
|     EOF | ||||
|     {{< /text >}} | ||||
|       port: 443 | ||||
|       sniHosts: | ||||
|       - "*.wikipedia.org" | ||||
|     route: | ||||
|     - destination: | ||||
|         host: www.wikipedia.org | ||||
|         port: | ||||
|           number: 443 | ||||
|       weight: 100 | ||||
| EOF | ||||
| {{< /text >}} | ||||
| 
 | ||||
| 1.  Create a `ServiceEntry` for the destination server, _www.wikipedia.org_. | ||||
| {{< /tab >}} | ||||
| 
 | ||||
| {{< tab name="Gateway API" category-value="gateway-api" >}} | ||||
| 
 | ||||
| {{< text bash >}} | ||||
| $ kubectl apply -f - <<EOF | ||||
| apiVersion: gateway.networking.k8s.io/v1beta1 | ||||
| kind: Gateway | ||||
| metadata: | ||||
|   name: wikipedia-egress-gateway | ||||
|   annotations: | ||||
|     networking.istio.io/service-type: ClusterIP | ||||
| spec: | ||||
|   gatewayClassName: istio | ||||
|   listeners: | ||||
|   - name: tls | ||||
|     hostname: "*.wikipedia.org" | ||||
|     port: 443 | ||||
|     protocol: TLS | ||||
|     tls: | ||||
|       mode: Passthrough | ||||
|     allowedRoutes: | ||||
|       namespaces: | ||||
|         from: Same | ||||
| --- | ||||
| apiVersion: gateway.networking.k8s.io/v1alpha2 | ||||
| kind: TLSRoute | ||||
| metadata: | ||||
|   name: direct-wikipedia-to-egress-gateway | ||||
| spec: | ||||
|   parentRefs: | ||||
|   - kind: ServiceEntry | ||||
|     group: networking.istio.io | ||||
|     name: wikipedia | ||||
|   rules: | ||||
|   - backendRefs: | ||||
|     - name: wikipedia-egress-gateway-istio | ||||
|       port: 443 | ||||
| --- | ||||
| apiVersion: gateway.networking.k8s.io/v1alpha2 | ||||
| kind: TLSRoute | ||||
| metadata: | ||||
|   name: forward-wikipedia-from-egress-gateway | ||||
| spec: | ||||
|   parentRefs: | ||||
|   - name: wikipedia-egress-gateway | ||||
|   hostnames: | ||||
|   - "*.wikipedia.org" | ||||
|   rules: | ||||
|   - backendRefs: | ||||
|     - kind: Hostname | ||||
|       group: networking.istio.io | ||||
|       name: www.wikipedia.org | ||||
|       port: 443 | ||||
| --- | ||||
| apiVersion: networking.istio.io/v1alpha3 | ||||
| kind: ServiceEntry | ||||
| metadata: | ||||
|   name: wikipedia | ||||
| spec: | ||||
|   hosts: | ||||
|   - "*.wikipedia.org" | ||||
|   ports: | ||||
|   - number: 443 | ||||
|     name: https | ||||
|     protocol: HTTPS | ||||
| EOF | ||||
| {{< /text >}} | ||||
| 
 | ||||
| {{< /tab >}} | ||||
| 
 | ||||
| {{< /tabset >}} | ||||
| 
 | ||||
| 2)  Create a `ServiceEntry` for the destination server, _www.wikipedia.org_: | ||||
| 
 | ||||
|     {{< text bash >}} | ||||
|     $ kubectl apply -f - <<EOF | ||||
|  | @ -213,7 +310,7 @@ the set of domains. | |||
|     EOF | ||||
|     {{< /text >}} | ||||
| 
 | ||||
| 1.  Send HTTPS requests to | ||||
| 3)  Send HTTPS requests to | ||||
|     [https://en.wikipedia.org](https://en.wikipedia.org) and [https://de.wikipedia.org](https://de.wikipedia.org): | ||||
| 
 | ||||
|     {{< text bash >}} | ||||
|  | @ -222,17 +319,37 @@ the set of domains. | |||
|     <title>Wikipedia – Die freie Enzyklopädie</title> | ||||
|     {{< /text >}} | ||||
| 
 | ||||
| 1.  Check the statistics of the egress gateway's proxy for the counter that corresponds to your | ||||
|     requests to _*.wikipedia.org_. If Istio is deployed in the `istio-system` namespace, the command to print the | ||||
|     counter is: | ||||
| 4)  Check the statistics of the egress gateway's proxy for the counter that corresponds to your | ||||
|     requests to _*.wikipedia.org_: | ||||
| 
 | ||||
|     {{< text bash >}} | ||||
|     $ kubectl exec "$(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n istio-system -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:' | ||||
|     outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2 | ||||
|     {{< /text >}} | ||||
| {{< tabset category-name="config-api" >}} | ||||
| 
 | ||||
| {{< tab name="Istio APIs" category-value="istio-apis" >}} | ||||
| 
 | ||||
| {{< text bash >}} | ||||
| $ kubectl exec "$(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n istio-system -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:' | ||||
| outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2 | ||||
| {{< /text >}} | ||||
| 
 | ||||
| {{< /tab >}} | ||||
| 
 | ||||
| {{< tab name="Gateway API" category-value="gateway-api" >}} | ||||
| 
 | ||||
| {{< text bash >}} | ||||
| $ kubectl exec "$(kubectl get pod -l gateway.networking.k8s.io/gateway-name=wikipedia-egress-gateway -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:' | ||||
| outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2 | ||||
| {{< /text >}} | ||||
| 
 | ||||
| {{< /tab >}} | ||||
| 
 | ||||
| {{< /tabset >}} | ||||
| 
 | ||||
| ### Cleanup egress gateway traffic to a wildcard host | ||||
| 
 | ||||
| {{< tabset category-name="config-api" >}} | ||||
| 
 | ||||
| {{< tab name="Istio APIs" category-value="istio-apis" >}} | ||||
| 
 | ||||
| {{< text bash >}} | ||||
| $ kubectl delete serviceentry www-wikipedia | ||||
| $ kubectl delete gateway istio-egressgateway | ||||
|  | @ -240,6 +357,22 @@ $ kubectl delete virtualservice direct-wikipedia-through-egress-gateway | |||
| $ kubectl delete destinationrule egressgateway-for-wikipedia | ||||
| {{< /text >}} | ||||
| 
 | ||||
| {{< /tab >}} | ||||
| 
 | ||||
| {{< tab name="Gateway API" category-value="gateway-api" >}} | ||||
| 
 | ||||
| {{< text bash >}} | ||||
| $ kubectl delete se wikipedia | ||||
| $ kubectl delete se www-wikipedia | ||||
| $ kubectl delete gtw wikipedia-egress-gateway | ||||
| $ kubectl delete tlsroute direct-wikipedia-to-egress-gateway | ||||
| $ kubectl delete tlsroute forward-wikipedia-from-egress-gateway | ||||
| {{< /text >}} | ||||
| 
 | ||||
| {{< /tab >}} | ||||
| 
 | ||||
| {{< /tabset >}} | ||||
| 
 | ||||
| ## Wildcard configuration for arbitrary domains | ||||
| 
 | ||||
| The configuration in the previous section worked because all the `*.wikipedia.org` sites can be served by any one | ||||
|  |  | |||
|  | @ -19,20 +19,28 @@ | |||
| # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: | ||||
| #          docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md | ||||
| #################################################################################################### | ||||
| source "content/en/boilerplates/snips/gateway-api-gamma-support.sh" | ||||
| 
 | ||||
| snip_before_you_begin_1() { | ||||
| istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=demo --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY | ||||
| } | ||||
| 
 | ||||
| snip_before_you_begin_2() { | ||||
| kubectl apply -f samples/sleep/sleep.yaml | ||||
| istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=minimal -y \ | ||||
|     --set values.pilot.env.PILOT_ENABLE_ALPHA_GATEWAY_API=true \ | ||||
|     --set meshConfig.accessLogFile=/dev/stdout \ | ||||
|     --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY | ||||
| } | ||||
| 
 | ||||
| snip_before_you_begin_3() { | ||||
| kubectl apply -f <(istioctl kube-inject -f samples/sleep/sleep.yaml) | ||||
| kubectl apply -f samples/sleep/sleep.yaml | ||||
| } | ||||
| 
 | ||||
| snip_before_you_begin_4() { | ||||
| kubectl apply -f <(istioctl kube-inject -f samples/sleep/sleep.yaml) | ||||
| } | ||||
| 
 | ||||
| snip_before_you_begin_5() { | ||||
| export SOURCE_POD=$(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) | ||||
| } | ||||
| 
 | ||||
|  | @ -134,6 +142,71 @@ EOF | |||
| 
 | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_2() { | ||||
| kubectl apply -f - <<EOF | ||||
| apiVersion: gateway.networking.k8s.io/v1beta1 | ||||
| kind: Gateway | ||||
| metadata: | ||||
|   name: wikipedia-egress-gateway | ||||
|   annotations: | ||||
|     networking.istio.io/service-type: ClusterIP | ||||
| spec: | ||||
|   gatewayClassName: istio | ||||
|   listeners: | ||||
|   - name: tls | ||||
|     hostname: "*.wikipedia.org" | ||||
|     port: 443 | ||||
|     protocol: TLS | ||||
|     tls: | ||||
|       mode: Passthrough | ||||
|     allowedRoutes: | ||||
|       namespaces: | ||||
|         from: Same | ||||
| --- | ||||
| apiVersion: gateway.networking.k8s.io/v1alpha2 | ||||
| kind: TLSRoute | ||||
| metadata: | ||||
|   name: direct-wikipedia-to-egress-gateway | ||||
| spec: | ||||
|   parentRefs: | ||||
|   - kind: ServiceEntry | ||||
|     group: networking.istio.io | ||||
|     name: wikipedia | ||||
|   rules: | ||||
|   - backendRefs: | ||||
|     - name: wikipedia-egress-gateway-istio | ||||
|       port: 443 | ||||
| --- | ||||
| apiVersion: gateway.networking.k8s.io/v1alpha2 | ||||
| kind: TLSRoute | ||||
| metadata: | ||||
|   name: forward-wikipedia-from-egress-gateway | ||||
| spec: | ||||
|   parentRefs: | ||||
|   - name: wikipedia-egress-gateway | ||||
|   hostnames: | ||||
|   - "*.wikipedia.org" | ||||
|   rules: | ||||
|   - backendRefs: | ||||
|     - kind: Hostname | ||||
|       group: networking.istio.io | ||||
|       name: www.wikipedia.org | ||||
|       port: 443 | ||||
| --- | ||||
| apiVersion: networking.istio.io/v1alpha3 | ||||
| kind: ServiceEntry | ||||
| metadata: | ||||
|   name: wikipedia | ||||
| spec: | ||||
|   hosts: | ||||
|   - "*.wikipedia.org" | ||||
|   ports: | ||||
|   - number: 443 | ||||
|     name: https | ||||
|     protocol: HTTPS | ||||
| EOF | ||||
| } | ||||
| 
 | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_3() { | ||||
| kubectl apply -f - <<EOF | ||||
| apiVersion: networking.istio.io/v1alpha3 | ||||
| kind: ServiceEntry | ||||
| metadata: | ||||
|  | @ -149,20 +222,28 @@ spec: | |||
| EOF | ||||
| } | ||||
| 
 | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_3() { | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_4() { | ||||
| kubectl exec "$SOURCE_POD" -c sleep -- sh -c 'curl -s https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"; curl -s https://de.wikipedia.org/wiki/Wikipedia:Hauptseite | grep -o "<title>.*</title>"' | ||||
| } | ||||
| 
 | ||||
| ! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_3_out <<\ENDSNIP | ||||
| ! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_4_out <<\ENDSNIP | ||||
| <title>Wikipedia, the free encyclopedia</title> | ||||
| <title>Wikipedia – Die freie Enzyklopädie</title> | ||||
| ENDSNIP | ||||
| 
 | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_4() { | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_5() { | ||||
| kubectl exec "$(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n istio-system -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:' | ||||
| } | ||||
| 
 | ||||
| ! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_4_out <<\ENDSNIP | ||||
| ! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_5_out <<\ENDSNIP | ||||
| outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2 | ||||
| ENDSNIP | ||||
| 
 | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_6() { | ||||
| kubectl exec "$(kubectl get pod -l gateway.networking.k8s.io/gateway-name=wikipedia-egress-gateway -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:' | ||||
| } | ||||
| 
 | ||||
| ! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_6_out <<\ENDSNIP | ||||
| outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2 | ||||
| ENDSNIP | ||||
| 
 | ||||
|  | @ -173,6 +254,14 @@ kubectl delete virtualservice direct-wikipedia-through-egress-gateway | |||
| kubectl delete destinationrule egressgateway-for-wikipedia | ||||
| } | ||||
| 
 | ||||
| snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_2() { | ||||
| kubectl delete se wikipedia | ||||
| kubectl delete se www-wikipedia | ||||
| kubectl delete gtw wikipedia-egress-gateway | ||||
| kubectl delete tlsroute direct-wikipedia-to-egress-gateway | ||||
| kubectl delete tlsroute forward-wikipedia-from-egress-gateway | ||||
| } | ||||
| 
 | ||||
| snip_cleanup_1() { | ||||
| kubectl delete -f samples/sleep/sleep.yaml | ||||
| } | ||||
|  |  | |||
|  | @ -21,14 +21,20 @@ set -e | |||
| set -u | ||||
| set -o pipefail | ||||
| 
 | ||||
| echo y | snip_before_you_begin_1 | ||||
| GATEWAY_API="${GATEWAY_API:-false}" | ||||
| 
 | ||||
| if [ "$GATEWAY_API" == "true" ]; then | ||||
|     snip_before_you_begin_2 | ||||
| else | ||||
|     echo y | snip_before_you_begin_1 | ||||
| fi | ||||
| _wait_for_deployment istio-system istiod | ||||
| 
 | ||||
| kubectl label namespace default istio-injection=enabled --overwrite | ||||
| 
 | ||||
| snip_before_you_begin_2 | ||||
| snip_before_you_begin_3 | ||||
| _wait_for_deployment default sleep | ||||
| snip_before_you_begin_4 | ||||
| snip_before_you_begin_5 | ||||
| 
 | ||||
| confirm_blocking() { | ||||
| kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -I https://www.google.com | grep  "HTTP/"; kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -I https://edition.cnn.com | grep "HTTP/" | ||||
|  | @ -42,27 +48,35 @@ _verify_same snip_configure_direct_traffic_to_a_wildcard_host_2 "$snip_configure | |||
| 
 | ||||
| snip_cleanup_direct_traffic_to_a_wildcard_host_1 | ||||
| 
 | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_1 | ||||
| _wait_for_istio gateway default istio-egressgateway | ||||
| _wait_for_istio destinationrule default egressgateway-for-wikipedia | ||||
| _wait_for_istio virtualservice default direct-wikipedia-through-egress-gateway | ||||
| if [ "$GATEWAY_API" == "true" ]; then | ||||
|     snip_configure_egress_gateway_traffic_to_a_wildcard_host_2 | ||||
|     kubectl wait --for=condition=programmed gtw wikipedia-egress-gateway | ||||
| else | ||||
|     snip_configure_egress_gateway_traffic_to_a_wildcard_host_1 | ||||
|     _wait_for_istio gateway default istio-egressgateway | ||||
|     _wait_for_istio destinationrule default egressgateway-for-wikipedia | ||||
|     _wait_for_istio virtualservice default direct-wikipedia-through-egress-gateway | ||||
| fi | ||||
| 
 | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_2 | ||||
| snip_configure_egress_gateway_traffic_to_a_wildcard_host_3 | ||||
| _wait_for_istio serviceentry default www-wikipedia | ||||
| 
 | ||||
| _verify_same snip_configure_egress_gateway_traffic_to_a_wildcard_host_3 "$snip_configure_egress_gateway_traffic_to_a_wildcard_host_3_out" | ||||
| _verify_same snip_configure_egress_gateway_traffic_to_a_wildcard_host_4 "$snip_configure_egress_gateway_traffic_to_a_wildcard_host_4_out" | ||||
| 
 | ||||
| _verify_contains snip_configure_egress_gateway_traffic_to_a_wildcard_host_4 "outbound|443||www.wikipedia.org" | ||||
| 
 | ||||
| snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_1 | ||||
| if [ "$GATEWAY_API" == "true" ]; then | ||||
|     _verify_contains snip_configure_egress_gateway_traffic_to_a_wildcard_host_6 "outbound|443||www.wikipedia.org" | ||||
|     snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_2 | ||||
| else | ||||
|     _verify_contains snip_configure_egress_gateway_traffic_to_a_wildcard_host_5 "outbound|443||www.wikipedia.org" | ||||
|     snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_1 | ||||
| fi | ||||
| 
 | ||||
| # @cleanup | ||||
| snip_cleanup_direct_traffic_to_a_wildcard_host_1 | ||||
| 
 | ||||
| snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_1 | ||||
| 
 | ||||
| snip_cleanup_1 | ||||
| echo y | snip_cleanup_2 | ||||
| 
 | ||||
| kubectl delete ns istio-system | ||||
| kubectl label namespace default istio-injection- | ||||
| if [ "$GATEWAY_API" != "true" ]; then | ||||
|     snip_cleanup_direct_traffic_to_a_wildcard_host_1 | ||||
|     snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_1 | ||||
|     snip_cleanup_1 | ||||
|     snip_cleanup_2 | ||||
|     kubectl delete ns istio-system | ||||
|     kubectl label namespace default istio-injection- | ||||
| fi | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue