From 1467b3b5b86f43924ee993dec72ca3099890b6ad Mon Sep 17 00:00:00 2001 From: Ian Rudie Date: Thu, 25 Apr 2024 15:18:17 -0500 Subject: [PATCH] remove istio api from ambient mode getting started guide (#14958) * remove istio api from getting started guide Signed-off-by: Ian Rudie * clean up old gateway file, make sure cleanup runs Signed-off-by: Ian Rudie * fix indentation Signed-off-by: Ian Rudie * fix numbering Signed-off-by: Ian Rudie * add cleanup section marker back Signed-off-by: Ian Rudie * try to fix ordered list numbering Signed-off-by: Ian Rudie * addressing comments Signed-off-by: Ian Rudie * removing gtwapi tip Signed-off-by: Ian Rudie * trying out ol for the shorter enable/test sections Signed-off-by: Ian Rudie * use ordered lists for the all sections with 2 or more steps for consistency Signed-off-by: Ian Rudie * add back alias Signed-off-by: Ian Rudie --------- Signed-off-by: Ian Rudie --- .../ambient/getting-started/gtwapi_test.sh | 30 -- .../en/docs/ambient/getting-started/index.md | 479 +++++++----------- .../en/docs/ambient/getting-started/snips.sh | 42 +- .../en/docs/ambient/getting-started/test.sh | 43 +- 4 files changed, 202 insertions(+), 392 deletions(-) delete mode 100644 content/en/docs/ambient/getting-started/gtwapi_test.sh diff --git a/content/en/docs/ambient/getting-started/gtwapi_test.sh b/content/en/docs/ambient/getting-started/gtwapi_test.sh deleted file mode 100644 index 2e20381880..0000000000 --- a/content/en/docs/ambient/getting-started/gtwapi_test.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC2154,SC2034 - -# Copyright 2023 Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# @setup profile=none -GATEWAY_API="true" - -source "content/en/docs/ambient/getting-started/test.sh" - -# @cleanup -GATEWAY_API="true" - -snip_uninstall_1 -snip_uninstall_2 -snip_uninstall_3 -samples/bookinfo/platform/kube/cleanup.sh -snip_uninstall_4 diff --git a/content/en/docs/ambient/getting-started/index.md b/content/en/docs/ambient/getting-started/index.md index 7d327e7896..47162a3118 100644 --- a/content/en/docs/ambient/getting-started/index.md +++ b/content/en/docs/ambient/getting-started/index.md @@ -53,99 +53,37 @@ Follow these steps to get started with Istio's ambient mode: { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref={{< k8s_gateway_api_version >}}" | kubectl apply -f -; } {{< /text >}} - {{< tip >}} - {{< boilerplate gateway-api-future >}} - {{< boilerplate gateway-api-choose >}} - {{< /tip >}} - 1. Install Istio with the `ambient` profile on your Kubernetes cluster, using the version of `istioctl` downloaded above: -{{< tabset category-name="config-api" >}} + {{< text bash >}} + $ istioctl install --set profile=ambient --skip-confirmation + {{< /text >}} -{{< tab name="Istio APIs" category-value="istio-apis" >}} + After running the above command, you’ll get the following output that indicates + four components (including {{< gloss "ztunnel" >}}ztunnel{{< /gloss >}}) have been installed successfully! -{{< text bash >}} -$ istioctl install --set profile=ambient --set "components.ingressGateways[0].enabled=true" --set "components.ingressGateways[0].name=istio-ingressgateway" --skip-confirmation -{{< /text >}} + {{< text syntax=plain snip_id=none >}} + ✔ Istio core installed + ✔ Istiod installed + ✔ CNI installed + ✔ Ztunnel installed + ✔ Installation complete + {{< /text >}} -{{< tip >}} -Note that this command includes `--set "components.ingressGateways[0].enabled=true"` because the ambient profile does not install the ingress gateway by default. -{{< /tip >}} +1. Verify the installed components using the following command: -After running the above command, you’ll get the following output that indicates -five components (including {{< gloss "ztunnel" >}}ztunnel{{< /gloss >}}) have been installed successfully! + {{< text bash >}} + $ kubectl get pods,daemonset -n istio-system + NAME READY STATUS RESTARTS AGE + pod/istio-cni-node-btbjf 1/1 Running 0 2m18s + pod/istiod-55b74b77bd-xggqf 1/1 Running 0 2m27s + pod/ztunnel-5m27h 1/1 Running 0 2m10s -{{< text syntax=plain snip_id=none >}} -✔ Istio core installed -✔ Istiod installed -✔ CNI installed -✔ Ingress gateways installed -✔ Ztunnel installed -✔ Installation complete -{{< /text >}} - -{{< /tab >}} - -{{< tab name="Gateway API" category-value="gateway-api" >}} - -{{< text bash >}} -$ istioctl install --set profile=ambient --skip-confirmation -{{< /text >}} - -After running the above command, you’ll get the following output that indicates -four components (including {{< gloss "ztunnel" >}}ztunnel{{< /gloss >}}) have been installed successfully! - -{{< text syntax=plain snip_id=none >}} -✔ Istio core installed -✔ Istiod installed -✔ CNI installed -✔ Ztunnel installed -✔ Installation complete -{{< /text >}} - -{{< /tab >}} - -{{< /tabset >}} - -6) Verify the installed components using the following commands: - -{{< tabset category-name="config-api" >}} - -{{< tab name="Istio APIs" category-value="istio-apis" >}} - -{{< text bash >}} -$ kubectl get pods,daemonset -n istio-system -NAME READY STATUS RESTARTS AGE -pod/istio-cni-node-zq94l 1/1 Running 0 2m7s -pod/istio-ingressgateway-56b9cb5485-ksnvc 1/1 Running 0 2m7s -pod/istiod-56d848857c-mhr5w 1/1 Running 0 2m9s -pod/ztunnel-srrnm 1/1 Running 0 2m5s - -NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE -daemonset.apps/istio-cni-node 1 1 1 1 1 kubernetes.io/os=linux 2m16s -daemonset.apps/ztunnel 1 1 1 1 1 kubernetes.io/os=linux 2m10s -{{< /text >}} - -{{< /tab >}} - -{{< tab name="Gateway API" category-value="gateway-api" >}} - -{{< text bash >}} -$ kubectl get pods,daemonset -n istio-system -NAME READY STATUS RESTARTS AGE -pod/istio-cni-node-btbjf 1/1 Running 0 2m18s -pod/istiod-55b74b77bd-xggqf 1/1 Running 0 2m27s -pod/ztunnel-5m27h 1/1 Running 0 2m10s - -NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE -daemonset.apps/istio-cni-node 1 1 1 1 1 kubernetes.io/os=linux 2m18s -daemonset.apps/ztunnel 1 1 1 1 1 kubernetes.io/os=linux 2m10s -{{< /text >}} - -{{< /tab >}} - -{{< /tabset >}} + NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE + daemonset.apps/istio-cni-node 1 1 1 1 1 kubernetes.io/os=linux 2m18s + daemonset.apps/ztunnel 1 1 1 1 1 kubernetes.io/os=linux 2m10s + {{< /text >}} ## Deploy the sample application {#bookinfo} @@ -179,53 +117,27 @@ Make sure the default namespace does not include the label `istio-injection=enab To get IP address assignment for `Loadbalancer` service types in `kind`, you may need to install a tool like [MetalLB](https://metallb.universe.tf/). Please consult [this guide](https://kind.sigs.k8s.io/docs/user/loadbalancer/) for more information. {{}} -{{< tabset category-name="config-api" >}} + Create a [Kubernetes Gateway](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Gateway) + and [HTTPRoute](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.HTTPRoute): -{{< tab name="Istio APIs" category-value="istio-apis" >}} + {{< text bash >}} + $ sed -e 's/from: Same/from: All/'\ + -e '/^ name: bookinfo-gateway/a\ + namespace: istio-system\ + ' -e '/^ - name: bookinfo-gateway/a\ + namespace: istio-system\ + ' @samples/bookinfo/gateway-api/bookinfo-gateway.yaml@ | kubectl apply -f - + {{< /text >}} -Create an Istio [Gateway](/docs/reference/config/networking/gateway/) and -[VirtualService](/docs/reference/config/networking/virtual-service/): + Set the environment variables for the Kubernetes Gateway: -{{< text bash >}} -$ kubectl apply -f @samples/bookinfo/networking/bookinfo-gateway.yaml@ -{{< /text >}} + {{< text bash >}} + $ kubectl wait --for=condition=programmed gtw/bookinfo-gateway -n istio-system + $ export GATEWAY_HOST=bookinfo-gateway-istio.istio-system + $ export GATEWAY_SERVICE_ACCOUNT=ns/istio-system/sa/bookinfo-gateway-istio + {{< /text >}} -Set the environment variables for the Istio ingress gateway: - -{{< text bash >}} -$ export GATEWAY_HOST=istio-ingressgateway.istio-system -$ export GATEWAY_SERVICE_ACCOUNT=ns/istio-system/sa/istio-ingressgateway-service-account -{{< /text >}} - -{{< /tab >}} - -{{< tab name="Gateway API" category-value="gateway-api" >}} - -Create a [Kubernetes Gateway](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Gateway) -and [HTTPRoute](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.HTTPRoute): - -{{< text bash >}} -$ sed -e 's/from: Same/from: All/'\ - -e '/^ name: bookinfo-gateway/a\ - namespace: istio-system\ -' -e '/^ - name: bookinfo-gateway/a\ - namespace: istio-system\ -' @samples/bookinfo/gateway-api/bookinfo-gateway.yaml@ | kubectl apply -f - -{{< /text >}} - -Set the environment variables for the Kubernetes gateway: - -{{< text bash >}} -$ kubectl wait --for=condition=programmed gtw/bookinfo-gateway -n istio-system -$ export GATEWAY_HOST=bookinfo-gateway-istio.istio-system -$ export GATEWAY_SERVICE_ACCOUNT=ns/istio-system/sa/bookinfo-gateway-istio -{{< /text >}} - -{{< /tab >}} - -{{< /tabset >}} - -3) Test your bookinfo application. It should work with or without the gateway: +1. Test your bookinfo application. It should work with or without the gateway: {{< text syntax=bash snip_id=verify_traffic_sleep_to_ingress >}} $ kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o ".*" @@ -244,33 +156,32 @@ $ export GATEWAY_SERVICE_ACCOUNT=ns/istio-system/sa/bookinfo-gateway-istio ## Adding your application to the ambient mesh {#addtoambient} -You can enable all pods in a given namespace to be part of an ambient mesh -by simply labeling the namespace: +1. You can enable all pods in a given namespace to be part of an ambient mesh by simply labeling the namespace: -{{< text bash >}} -$ kubectl label namespace default istio.io/dataplane-mode=ambient -namespace/default labeled -{{< /text >}} + {{< text bash >}} + $ kubectl label namespace default istio.io/dataplane-mode=ambient + namespace/default labeled + {{< /text >}} -Congratulations! You have successfully added all pods in the default namespace -to the mesh. Note that you did not have to restart or redeploy anything! + Congratulations! You have successfully added all pods in the default namespace + to the mesh. Note that you did not have to restart or redeploy anything! -Now, send some test traffic: +1. Now, send some test traffic: -{{< text bash >}} -$ kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o ".*" -Simple Bookstore App -{{< /text >}} + {{< text bash >}} + $ kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o ".*" + Simple Bookstore App + {{< /text >}} -{{< text bash >}} -$ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o ".*" -Simple Bookstore App -{{< /text >}} + {{< text bash >}} + $ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o ".*" + Simple Bookstore App + {{< /text >}} -{{< text bash >}} -$ kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o ".*" -Simple Bookstore App -{{< /text >}} + {{< text bash >}} + $ kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o ".*" + Simple Bookstore App + {{< /text >}} You’ll immediately gain mTLS communication and L4 telemetry among the applications in the ambient mesh. If you follow the instructions to install [Prometheus](/docs/ops/integrations/prometheus/#installation) @@ -287,179 +198,163 @@ identities, but not at the Layer 7 level, such as HTTP methods like `GET` and `P ### Layer 4 authorization policy -Explicitly allow the `sleep` and gateway service accounts to call the `productpage` service: +1. Explicitly allow the `sleep` and gateway service accounts to call the `productpage` service: -{{< text bash >}} -$ kubectl apply -f - <}} + {{< text bash >}} + $ kubectl apply -f - <}} -Confirm the above authorization policy is working: +1. Confirm the above authorization policy is working: -{{< text bash >}} -$ # this should succeed -$ kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o ".*" -Simple Bookstore App -{{< /text >}} + {{< text bash >}} + $ # this should succeed + $ kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o ".*" + Simple Bookstore App + {{< /text >}} -{{< text bash >}} -$ # this should succeed -$ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o ".*" -Simple Bookstore App -{{< /text >}} + {{< text bash >}} + $ # this should succeed + $ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o ".*" + Simple Bookstore App + {{< /text >}} -{{< text bash >}} -$ # this should fail with a connection reset error code 56 -$ kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o ".*" -command terminated with exit code 56 -{{< /text >}} + {{< text bash >}} + $ # this should fail with a connection reset error code 56 + $ kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o ".*" + command terminated with exit code 56 + {{< /text >}} ### Layer 7 authorization policy -Using the Kubernetes Gateway API, you can deploy a {{< gloss "waypoint" >}}waypoint proxy{{< /gloss >}} for your namespace: +1. Using the Kubernetes Gateway API, you can deploy a {{< gloss "waypoint" >}}waypoint proxy{{< /gloss >}} for your namespace: -{{< text bash >}} -$ istioctl x waypoint apply --enroll-namespace --wait -waypoint default/waypoint applied -namespace default labeled with "istio.io/use-waypoint: waypoint" -{{< /text >}} + {{< text bash >}} + $ istioctl x waypoint apply --enroll-namespace --wait + waypoint default/waypoint applied + namespace default labeled with "istio.io/use-waypoint: waypoint" + {{< /text >}} -View the waypoint proxy status; you should see the details of the gateway -resource with `Programmed` status: +1. View the waypoint proxy status; you should see the details of the gateway resource with `Programmed` status: -{{< text bash >}} -$ kubectl get gtw waypoint -o yaml -... -status: - conditions: - - lastTransitionTime: "2024-04-18T14:25:56Z" - message: Resource programmed, assigned to service(s) waypoint.default.svc.cluster.local:15008 - observedGeneration: 1 - reason: Programmed - status: "True" - type: Programmed -{{< /text >}} + {{< text bash >}} + $ kubectl get gtw waypoint -o yaml + ... + status: + conditions: + - lastTransitionTime: "2024-04-18T14:25:56Z" + message: Resource programmed, assigned to service(s) waypoint.default.svc.cluster.local:15008 + observedGeneration: 1 + reason: Programmed + status: "True" + type: Programmed + {{< /text >}} -Update your `AuthorizationPolicy` to explicitly allow the `sleep` service to `GET` the `productpage` service, but perform no other operations: +1. Update your `AuthorizationPolicy` to explicitly allow the `sleep` service to `GET` the `productpage` service, but perform no other operations: -{{< text bash >}} -$ kubectl apply -f - <}} + {{< text bash >}} + $ kubectl apply -f - <}} -{{< text bash >}} -$ # this should fail with an RBAC error because it is not a GET operation -$ kubectl exec deploy/sleep -- curl -s "http://productpage:9080/productpage" -X DELETE -RBAC: access denied -{{< /text >}} +1. Confirm the new waypoint proxy is enforcing the updated authorization policy: -{{< text bash >}} -$ # this should fail with an RBAC error because the identity is not allowed -$ kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ -RBAC: access denied -{{< /text >}} + {{< text bash >}} + $ # this should fail with an RBAC error because it is not a GET operation + $ kubectl exec deploy/sleep -- curl -s "http://productpage:9080/productpage" -X DELETE + RBAC: access denied + {{< /text >}} -{{< text bash >}} -$ # this should continue to work -$ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o ".*" -Simple Bookstore App -{{< /text >}} + {{< text bash >}} + $ # this should fail with an RBAC error because the identity is not allowed + $ kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ + RBAC: access denied + {{< /text >}} + + {{< text bash >}} + $ # this should continue to work + $ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o ".*" + Simple Bookstore App + {{< /text >}} ## Control traffic {#control} -You can use the same waypoint to control traffic to `reviews`. Configure traffic routing to send 90% of requests to `reviews` v1 and 10% to `reviews` v2: +1. You can use the same waypoint to control traffic to `reviews`. Configure traffic routing to send 90% of requests to `reviews` v1 and 10% to `reviews` v2: -{{< tabset category-name="config-api" >}} + {{< text bash >}} + $ kubectl apply -f @samples/bookinfo/platform/kube/bookinfo-versions.yaml@ + $ kubectl apply -f @samples/bookinfo/gateway-api/route-reviews-90-10.yaml@ + {{< /text >}} -{{< tab name="Istio APIs" category-value="istio-apis" >}} +1. Confirm that roughly 10% of the traffic from 100 requests goes to reviews-v2: -{{< text bash >}} -$ kubectl apply -f @samples/bookinfo/networking/virtual-service-reviews-90-10.yaml@ -$ kubectl apply -f @samples/bookinfo/networking/destination-rule-reviews.yaml@ -{{< /text >}} - -{{< /tab >}} - -{{< tab name="Gateway API" category-value="gateway-api" >}} - -{{< text bash >}} -$ kubectl apply -f @samples/bookinfo/platform/kube/bookinfo-versions.yaml@ -$ kubectl apply -f @samples/bookinfo/gateway-api/route-reviews-90-10.yaml@ -{{< /text >}} - -{{< /tab >}} - -{{< /tabset >}} - -Confirm that roughly 10% of the traffic from 100 requests goes to reviews-v2: - -{{< text bash >}} -$ kubectl exec deploy/sleep -- sh -c "for i in \$(seq 1 100); do curl -s http://productpage:9080/productpage | grep reviews-v.-; done" -{{< /text >}} + {{< text bash >}} + $ kubectl exec deploy/sleep -- sh -c "for i in \$(seq 1 100); do curl -s http://productpage:9080/productpage | grep reviews-v.-; done" + {{< /text >}} ## Uninstall {#uninstall} -The label to instruct Istio to automatically include applications in the `default` namespace to an ambient mesh is not removed by default. If no longer needed, use the following command to remove it: +1. The label to instruct Istio to automatically include applications in the `default` namespace to an ambient mesh is not removed by default. If no longer needed, use the following command to remove it: -{{< text bash >}} -$ kubectl label namespace default istio.io/dataplane-mode- -$ kubectl label namespace default istio.io/use-waypoint- -{{< /text >}} + {{< text bash >}} + $ kubectl label namespace default istio.io/dataplane-mode- + $ kubectl label namespace default istio.io/use-waypoint- + {{< /text >}} -To remove waypoint proxies, installed policies, and uninstall Istio: +1. To remove waypoint proxies, installed policies, and uninstall Istio: -{{< text bash >}} -$ istioctl x waypoint delete --all -$ istioctl uninstall -y --purge -$ kubectl delete namespace istio-system -{{< /text >}} + {{< text bash >}} + $ istioctl x waypoint delete --all + $ istioctl uninstall -y --purge + $ kubectl delete namespace istio-system + {{< /text >}} -To delete the Bookinfo sample application and its configuration, see [Bookinfo cleanup](/docs/examples/bookinfo/#cleanup). +1. To delete the Bookinfo sample application and its configuration, see [Bookinfo cleanup](/docs/examples/bookinfo/#cleanup). -To remove the `sleep` and `notsleep` applications: +1. To remove the `sleep` and `notsleep` applications: -{{< text bash >}} -$ kubectl delete -f @samples/sleep/sleep.yaml@ -$ kubectl delete -f @samples/sleep/notsleep.yaml@ -{{< /text >}} + {{< text bash >}} + $ kubectl delete -f @samples/sleep/sleep.yaml@ + $ kubectl delete -f @samples/sleep/notsleep.yaml@ + {{< /text >}} -If you installed the Gateway API CRDs, remove them: +1. If you installed the Gateway API CRDs, remove them: -{{< text bash >}} -$ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref={{< k8s_gateway_api_version >}}" | kubectl delete -f - -{{< /text >}} + {{< text bash >}} + $ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref={{< k8s_gateway_api_version >}}" | kubectl delete -f - + {{< /text >}} diff --git a/content/en/docs/ambient/getting-started/snips.sh b/content/en/docs/ambient/getting-started/snips.sh index c91ea04cb6..9861ebbe9d 100644 --- a/content/en/docs/ambient/getting-started/snips.sh +++ b/content/en/docs/ambient/getting-started/snips.sh @@ -26,34 +26,14 @@ kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \ } snip_download_and_install_3() { -istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=ambient --set "components.ingressGateways[0].enabled=true" --set "components.ingressGateways[0].name=istio-ingressgateway" --skip-confirmation -} - -snip_download_and_install_5() { istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=ambient --skip-confirmation } -snip_download_and_install_7() { +snip_download_and_install_5() { kubectl get pods,daemonset -n istio-system } -! IFS=$'\n' read -r -d '' snip_download_and_install_7_out <<\ENDSNIP -NAME READY STATUS RESTARTS AGE -pod/istio-cni-node-zq94l 1/1 Running 0 2m7s -pod/istio-ingressgateway-56b9cb5485-ksnvc 1/1 Running 0 2m7s -pod/istiod-56d848857c-mhr5w 1/1 Running 0 2m9s -pod/ztunnel-srrnm 1/1 Running 0 2m5s - -NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE -daemonset.apps/istio-cni-node 1 1 1 1 1 kubernetes.io/os=linux 2m16s -daemonset.apps/ztunnel 1 1 1 1 1 kubernetes.io/os=linux 2m10s -ENDSNIP - -snip_download_and_install_8() { -kubectl get pods,daemonset -n istio-system -} - -! IFS=$'\n' read -r -d '' snip_download_and_install_8_out <<\ENDSNIP +! IFS=$'\n' read -r -d '' snip_download_and_install_5_out <<\ENDSNIP NAME READY STATUS RESTARTS AGE pod/istio-cni-node-btbjf 1/1 Running 0 2m18s pod/istiod-55b74b77bd-xggqf 1/1 Running 0 2m27s @@ -74,15 +54,6 @@ kubectl apply -f samples/sleep/notsleep.yaml } snip_deploy_the_sample_application_3() { -kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml -} - -snip_deploy_the_sample_application_4() { -export GATEWAY_HOST=istio-ingressgateway.istio-system -export GATEWAY_SERVICE_ACCOUNT=ns/istio-system/sa/istio-ingressgateway-service-account -} - -snip_deploy_the_sample_application_5() { sed -e 's/from: Same/from: All/'\ -e '/^ name: bookinfo-gateway/a\ namespace: istio-system\ @@ -91,7 +62,7 @@ sed -e 's/from: Same/from: All/'\ ' samples/bookinfo/gateway-api/bookinfo-gateway.yaml | kubectl apply -f - } -snip_deploy_the_sample_application_6() { +snip_deploy_the_sample_application_4() { kubectl wait --for=condition=programmed gtw/bookinfo-gateway -n istio-system export GATEWAY_HOST=bookinfo-gateway-istio.istio-system export GATEWAY_SERVICE_ACCOUNT=ns/istio-system/sa/bookinfo-gateway-istio @@ -278,16 +249,11 @@ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o " ENDSNIP snip_control_traffic_1() { -kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-90-10.yaml -kubectl apply -f samples/bookinfo/networking/destination-rule-reviews.yaml -} - -snip_control_traffic_2() { kubectl apply -f samples/bookinfo/platform/kube/bookinfo-versions.yaml kubectl apply -f samples/bookinfo/gateway-api/route-reviews-90-10.yaml } -snip_control_traffic_3() { +snip_control_traffic_2() { kubectl exec deploy/sleep -- sh -c "for i in \$(seq 1 100); do curl -s http://productpage:9080/productpage | grep reviews-v.-; done" } diff --git a/content/en/docs/ambient/getting-started/test.sh b/content/en/docs/ambient/getting-started/test.sh index acc4e96692..60efd99915 100644 --- a/content/en/docs/ambient/getting-started/test.sh +++ b/content/en/docs/ambient/getting-started/test.sh @@ -15,8 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -GATEWAY_API="${GATEWAY_API:-false}" - # @setup profile=none set -e @@ -27,33 +25,20 @@ set -o pipefail snip_download_and_install_2 # install istio with ambient profile -if [ "$GATEWAY_API" == "true" ]; then - snip_download_and_install_5 -else - snip_download_and_install_3 -fi +snip_download_and_install_3 _wait_for_deployment istio-system istiod _wait_for_daemonset istio-system ztunnel _wait_for_daemonset istio-system istio-cni-node -if [ "$GATEWAY_API" == "true" ]; then - _verify_like snip_download_and_install_8 "$snip_download_and_install_8_out" -else - _verify_like snip_download_and_install_7 "$snip_download_and_install_7_out" -fi +_verify_like snip_download_and_install_5 "$snip_download_and_install_5_out" # deploy test application snip_deploy_the_sample_application_1 snip_deploy_the_sample_application_2 -if [ "$GATEWAY_API" == "true" ]; then - snip_deploy_the_sample_application_5 - snip_deploy_the_sample_application_6 -else - snip_deploy_the_sample_application_3 - snip_deploy_the_sample_application_4 -fi +snip_deploy_the_sample_application_3 +snip_deploy_the_sample_application_4 # test traffic before ambient mode is enabled _verify_contains snip_verify_traffic_sleep_to_ingress "$snip_verify_traffic_sleep_to_ingress_out" @@ -79,23 +64,17 @@ _verify_contains snip_layer_7_authorization_policy_4 "$snip_layer_7_authorizatio _verify_contains snip_layer_7_authorization_policy_5 "$snip_layer_7_authorization_policy_5_out" _verify_contains snip_layer_7_authorization_policy_6 "$snip_layer_7_authorization_policy_6_out" -if [ "$GATEWAY_API" == "true" ]; then - snip_control_traffic_2 -else - snip_control_traffic_1 -fi +snip_control_traffic_1 -_verify_lines snip_control_traffic_3 " +_verify_lines snip_control_traffic_2 " + reviews-v1 + reviews-v2 - reviews-v3 " # @cleanup -if [ "$GATEWAY_API" != "true" ]; then - snip_uninstall_1 - snip_uninstall_2 - snip_uninstall_3 - samples/bookinfo/platform/kube/cleanup.sh - snip_uninstall_4 -fi +snip_uninstall_1 +snip_uninstall_2 +snip_uninstall_3 +samples/bookinfo/platform/kube/cleanup.sh +snip_uninstall_4