Add gateway api instructions to external control plane doc (#12463)

* Add gateway api instructions to external control plane doc * regen and lint * fix test * more test fixes
2023-01-16 11:45:30 -05:00 · 2023-01-16 11:45:30 -05:00 · b4ec649054
parent a56c5842b5
commit b4ec649054
11 changed files with 211 additions and 63 deletions
--- a/content/en/boilerplates/gateway-api-install-crds.md
+++ b/content/en/boilerplates/gateway-api-install-crds.md
@ -0,0 +1,9 @@
+---
+---
+Note that the Kubernetes Gateway API CRDs do not come installed by default on most Kubernetes clusters, so make sure they are
+installed before using the Gateway API:
+
+{{< text syntax=bash snip_id=install_crds >}}
+$ kubectl get crd gateways.gateway.networking.k8s.io || \
+  { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref={{< k8s_gateway_api_version >}}" | kubectl apply -f -; }
+{{< /text >}}
--- a/content/en/boilerplates/gateway-api-support.md
+++ b/content/en/boilerplates/gateway-api-support.md
@ -4,12 +4,6 @@
 {{< boilerplate gateway-api-future >}}
 {{< boilerplate gateway-api-choose >}}

-Note that the Kubernetes Gateway API CRDs do not come installed by default on most Kubernetes clusters, so make sure they are
-installed before using the Gateway API:
-
-{{< text syntax=bash snip_id=install_crds >}}
-$ kubectl get crd gateways.gateway.networking.k8s.io || \
-  { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref={{< k8s_gateway_api_version >}}" | kubectl apply -f -; }
-{{< /text >}}
+{{< boilerplate gateway-api-install-crds >}}

 {{< /tip >}}
--- a/content/en/boilerplates/snips/gateway-api-install-crds.sh
+++ b/content/en/boilerplates/snips/gateway-api-install-crds.sh
@ -0,0 +1,26 @@
+#!/bin/bash
+# shellcheck disable=SC2034,SC2153,SC2155,SC2164
+
+# Copyright Istio Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+####################################################################################################
+# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
+#          boilerplates/gateway-api-install-crds.md
+####################################################################################################
+
+bpsnip_gateway_api_install_crds_install_crds() {
+kubectl get crd gateways.gateway.networking.k8s.io || \
+  { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.6.0" | kubectl apply -f -; }
+}
--- a/content/en/boilerplates/snips/gateway-api-support.sh
+++ b/content/en/boilerplates/snips/gateway-api-support.sh
@ -19,8 +19,4 @@
 # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
 #          boilerplates/gateway-api-support.md
 ####################################################################################################
-
-bpsnip_gateway_api_support_install_crds() {
-kubectl get crd gateways.gateway.networking.k8s.io || \
-  { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.6.0" | kubectl apply -f -; }
-}
+source "content/en/boilerplates/snips/gateway-api-install-crds.sh"
--- a/content/en/docs/setup/additional-setup/getting-started/test.sh
+++ b/content/en/docs/setup/additional-setup/getting-started/test.sh
@ -15,13 +15,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+source "tests/util/gateway-api.sh"
+install_gateway_api_crds
+
 set -e
 set -u
 set -o pipefail

-source "tests/util/gateway-api.sh"
-install_gateway_api_crds
-
 # Download Istio
 # Skipping this as we use the istioctl built from istio/istio reference

--- a/content/en/docs/setup/install/external-controlplane/gtwapi_test.sh
+++ b/content/en/docs/setup/install/external-controlplane/gtwapi_test.sh
@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC1090,SC2154
+
+# Copyright Istio Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source "tests/util/gateway-api.sh"
+
+_set_kube_vars # helper function to initialize KUBECONFIG_FILES and KUBE_CONTEXTS
+export CTX_EXTERNAL_CLUSTER="${KUBE_CONTEXTS[0]}"
+export CTX_REMOTE_CLUSTER="${KUBE_CONTEXTS[2]}"
+export REMOTE_CLUSTER_NAME="${CTX_REMOTE_CLUSTER}"
+
+install_gateway_api_crds "${CTX_REMOTE_CLUSTER}"
+
+# @setup multicluster
+source "content/en/docs/setup/install/external-controlplane/test.sh"
+
+# @cleanup
+_set_kube_vars # helper function to initialize KUBECONFIG_FILES and KUBE_CONTEXTS
+export CTX_EXTERNAL_CLUSTER="${KUBE_CONTEXTS[0]}"
+export CTX_REMOTE_CLUSTER="${KUBE_CONTEXTS[2]}"
+export CTX_SECOND_CLUSTER="${KUBE_CONTEXTS[1]}"
+
+snip_cleanup_1
+snip_cleanup_2
+snip_cleanup_3
+
+remove_gateway_api_crds "${CTX_REMOTE_CLUSTER}"
--- a/content/en/docs/setup/install/external-controlplane/index.md
+++ b/content/en/docs/setup/install/external-controlplane/index.md
@ -521,6 +521,12 @@ See the [Istioctl-proxy Ecosystem project](https://github.com/istio-ecosystem/is

 #### Enable gateways

+{{< tip >}}
+{{< boilerplate gateway-api-future >}}
+If you use the Gateway API, you will not need to install any gateway components. You can
+skip the following instructions and proceed directly to [configure and test an ingress gateway](#configure-and-test-an-ingress-gateway).
+{{< /tip >}}
+
 Enable an ingress gateway on the remote cluster:

 {{< tabset category-name="ingress-gateway-install-type" >}}
@ -597,32 +603,86 @@ See [Installing Gateways](/docs/setup/additional-setup/gateway/) for in-depth do
 {{< /tab >}}
 {{< /tabset >}}

-#### Test the ingress gateway
+#### Configure and test an ingress gateway

-1. Confirm that the Istio ingress gateway is running:
+{{< tip >}}
+{{< boilerplate gateway-api-choose >}}
+{{< /tip >}}

-    {{< text bash >}}
-    $ kubectl get pod -l app=istio-ingressgateway -n external-istiod --context="${CTX_REMOTE_CLUSTER}"
-    NAME                                    READY   STATUS    RESTARTS   AGE
-    istio-ingressgateway-7bcd5c6bbd-kmtl4   1/1     Running   0          8m4s
-    {{< /text >}}
+1. Make sure that the cluster is ready to configure the gateway:

-1. Expose the `helloworld` application on the ingress gateway:
+{{< tabset category-name="config-api" >}}

-    {{< text bash >}}
-    $ kubectl apply -f @samples/helloworld/helloworld-gateway.yaml@ -n sample --context="${CTX_REMOTE_CLUSTER}"
-    {{< /text >}}
+{{< tab name="Istio classic" category-value="istio-classic" >}}

-1. Set the `GATEWAY_URL` environment variable
-    (see [determining the ingress IP and ports](/docs/tasks/traffic-management/ingress/ingress-control/#determining-the-ingress-ip-  and-ports) for details):
+Confirm that the Istio ingress gateway is running:

-    {{< text bash >}}
-    $ export INGRESS_HOST=$(kubectl -n external-istiod --context="${CTX_REMOTE_CLUSTER}" get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-    $ export INGRESS_PORT=$(kubectl -n external-istiod --context="${CTX_REMOTE_CLUSTER}" get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
-    $ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
-    {{< /text >}}
+{{< text bash >}}
+$ kubectl get pod -l app=istio-ingressgateway -n external-istiod --context="${CTX_REMOTE_CLUSTER}"
+NAME                                    READY   STATUS    RESTARTS   AGE
+istio-ingressgateway-7bcd5c6bbd-kmtl4   1/1     Running   0          8m4s
+{{< /text >}}

-1. Confirm you can access the `helloworld` application through the ingress gateway:
+{{< /tab >}}
+
+{{< tab name="Gateway API" category-value="gateway-api" >}}
+
+{{< boilerplate gateway-api-install-crds >}}
+
+{{< /tab >}}
+
+{{< /tabset >}}
+
+2) Expose the `helloworld` application on an ingress gateway:
+
+{{< tabset category-name="config-api" >}}
+
+{{< tab name="Istio classic" category-value="istio-classic" >}}
+
+{{< text bash >}}
+$ kubectl apply -f @samples/helloworld/helloworld-gateway.yaml@ -n sample --context="${CTX_REMOTE_CLUSTER}"
+{{< /text >}}
+
+{{< /tab >}}
+
+{{< tab name="Gateway API" category-value="gateway-api" >}}
+
+{{< text bash >}}
+$ kubectl apply -f @samples/helloworld/gateway-api/helloworld-gateway.yaml@ -n sample --context="${CTX_REMOTE_CLUSTER}"
+{{< /text >}}
+
+{{< /tab >}}
+
+{{< /tabset >}}
+
+3) Set the `GATEWAY_URL` environment variable
+    (see [determining the ingress IP and ports](/docs/tasks/traffic-management/ingress/ingress-control/#determining-the-ingress-ip-and-ports) for details):
+
+{{< tabset category-name="config-api" >}}
+
+{{< tab name="Istio classic" category-value="istio-classic" >}}
+
+{{< text bash >}}
+$ export INGRESS_HOST=$(kubectl -n external-istiod --context="${CTX_REMOTE_CLUSTER}" get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+$ export INGRESS_PORT=$(kubectl -n external-istiod --context="${CTX_REMOTE_CLUSTER}" get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
+$ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
+{{< /text >}}
+
+{{< /tab >}}
+
+{{< tab name="Gateway API" category-value="gateway-api" >}}
+
+{{< text bash >}}
+$ kubectl -n sample --context="${CTX_REMOTE_CLUSTER}" wait --for=condition=ready gtw helloworld-gateway
+$ export INGRESS_HOST=$(kubectl -n sample --context="${CTX_REMOTE_CLUSTER}" get gtw helloworld-gateway -o jsonpath='{.status.addresses[*].value}')
+$ export GATEWAY_URL=$INGRESS_HOST:80
+{{< /text >}}
+
+{{< /tab >}}
+
+{{< /tabset >}}
+
+4) Confirm you can access the `helloworld` application through the ingress gateway:

    {{< text bash >}}
    $ curl -s "http://${GATEWAY_URL}/hello"
--- a/content/en/docs/setup/install/external-controlplane/snips.sh
+++ b/content/en/docs/setup/install/external-controlplane/snips.sh
@ -19,6 +19,7 @@
 # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
 #          docs/setup/install/external-controlplane/index.md
 ####################################################################################################
+source "content/en/boilerplates/snips/gateway-api-install-crds.sh"

 snip_set_up_a_gateway_in_the_external_cluster_1() {
 cat <<EOF > controlplane-gateway.yaml
@ -397,30 +398,40 @@ snip_enable_gateways_4() {
 helm install istio-egressgateway istio/gateway -n external-istiod --kube-context="${CTX_REMOTE_CLUSTER}" --set service.type=ClusterIP
 }

-snip_test_the_ingress_gateway_1() {
+snip_configure_and_test_an_ingress_gateway_1() {
 kubectl get pod -l app=istio-ingressgateway -n external-istiod --context="${CTX_REMOTE_CLUSTER}"
 }

-! read -r -d '' snip_test_the_ingress_gateway_1_out <<\ENDSNIP
+! read -r -d '' snip_configure_and_test_an_ingress_gateway_1_out <<\ENDSNIP
 NAME                                    READY   STATUS    RESTARTS   AGE
 istio-ingressgateway-7bcd5c6bbd-kmtl4   1/1     Running   0          8m4s
 ENDSNIP

-snip_test_the_ingress_gateway_2() {
+snip_configure_and_test_an_ingress_gateway_2() {
 kubectl apply -f samples/helloworld/helloworld-gateway.yaml -n sample --context="${CTX_REMOTE_CLUSTER}"
 }

-snip_test_the_ingress_gateway_3() {
+snip_configure_and_test_an_ingress_gateway_3() {
+kubectl apply -f samples/helloworld/gateway-api/helloworld-gateway.yaml -n sample --context="${CTX_REMOTE_CLUSTER}"
+}
+
+snip_configure_and_test_an_ingress_gateway_4() {
 export INGRESS_HOST=$(kubectl -n external-istiod --context="${CTX_REMOTE_CLUSTER}" get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
 export INGRESS_PORT=$(kubectl -n external-istiod --context="${CTX_REMOTE_CLUSTER}" get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
 export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
 }

-snip_test_the_ingress_gateway_4() {
+snip_configure_and_test_an_ingress_gateway_5() {
+kubectl -n sample --context="${CTX_REMOTE_CLUSTER}" wait --for=condition=ready gtw helloworld-gateway
+export INGRESS_HOST=$(kubectl -n sample --context="${CTX_REMOTE_CLUSTER}" get gtw helloworld-gateway -o jsonpath='{.status.addresses[*].value}')
+export GATEWAY_URL=$INGRESS_HOST:80
+}
+
+snip_configure_and_test_an_ingress_gateway_6() {
 curl -s "http://${GATEWAY_URL}/hello"
 }

-! read -r -d '' snip_test_the_ingress_gateway_4_out <<\ENDSNIP
+! read -r -d '' snip_configure_and_test_an_ingress_gateway_6_out <<\ENDSNIP
 Hello version: v1, instance: helloworld-v1-776f57d5f6-s7zfc
 ENDSNIP

--- a/content/en/docs/setup/install/external-controlplane/test.sh
+++ b/content/en/docs/setup/install/external-controlplane/test.sh
@ -21,6 +21,8 @@ set -e
 set -u
 set -o pipefail

+GATEWAY_API="${GATEWAY_API:-false}"
+
 kubectl_get_egress_gateway_for_remote_cluster() {
  kubectl get pod -l app=istio-egressgateway -n external-istiod --context="${CTX_REMOTE_CLUSTER}" -o jsonpath="{.items[*].status.phase}"
 }
@ -31,10 +33,12 @@ kubectl_get_external_cluster_webhooks() {

 # Set the CTX_EXTERNAL_CLUSTER, CTX_REMOTE_CLUSTER, and REMOTE_CLUSTER_NAME env variables.

-_set_kube_vars # helper function to initialize KUBECONFIG_FILES and KUBE_CONTEXTS
-export CTX_EXTERNAL_CLUSTER="${KUBE_CONTEXTS[0]}"
-export CTX_REMOTE_CLUSTER="${KUBE_CONTEXTS[2]}"
-export REMOTE_CLUSTER_NAME="${CTX_REMOTE_CLUSTER}"
+if [ "$GATEWAY_API" != "true" ]; then
+  _set_kube_vars # helper function to initialize KUBECONFIG_FILES and KUBE_CONTEXTS
+  export CTX_EXTERNAL_CLUSTER="${KUBE_CONTEXTS[0]}"
+  export CTX_REMOTE_CLUSTER="${KUBE_CONTEXTS[2]}"
+  export REMOTE_CLUSTER_NAME="${CTX_REMOTE_CLUSTER}"
+fi

 # Set up the istiod gateway in the external cluster.

@ -94,16 +98,22 @@ _rewrite_helm_repo snip_enable_gateways_4

 _verify_same kubectl_get_egress_gateway_for_remote_cluster "Running" 

-_verify_like snip_test_the_ingress_gateway_1 "$snip_test_the_ingress_gateway_1_out"
+if [ "$GATEWAY_API" == "true" ]; then
+  snip_configure_and_test_an_ingress_gateway_3
+  snip_configure_and_test_an_ingress_gateway_5
+else
+  _verify_like snip_configure_and_test_an_ingress_gateway_1 "$snip_configure_and_test_an_ingress_gateway_1_out"

-snip_test_the_ingress_gateway_2
+  snip_configure_and_test_an_ingress_gateway_2

-export GATEWAY_URL=$(kubectl \
-    --context="${CTX_REMOTE_CLUSTER}" \
-    -n external-istiod get svc istio-ingressgateway \
-    -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  #snip_configure_and_test_an_ingress_gateway_4
+  export GATEWAY_URL=$(kubectl \
+      --context="${CTX_REMOTE_CLUSTER}" \
+      -n external-istiod get svc istio-ingressgateway \
+      -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+fi

-_verify_contains snip_test_the_ingress_gateway_4 "Hello version: v1"
+_verify_contains snip_configure_and_test_an_ingress_gateway_6 "Hello version: v1"

 # Adding clusters to the mesh.

@ -142,11 +152,13 @@ _verify_lines snip_validate_the_installation_5 "
 "

 # @cleanup
-_set_kube_vars # helper function to initialize KUBECONFIG_FILES and KUBE_CONTEXTS
-export CTX_EXTERNAL_CLUSTER="${KUBE_CONTEXTS[0]}"
-export CTX_REMOTE_CLUSTER="${KUBE_CONTEXTS[2]}"
-export CTX_SECOND_CLUSTER="${KUBE_CONTEXTS[1]}"
+if [ "$GATEWAY_API" != "true" ]; then
+  _set_kube_vars # helper function to initialize KUBECONFIG_FILES and KUBE_CONTEXTS
+  export CTX_EXTERNAL_CLUSTER="${KUBE_CONTEXTS[0]}"
+  export CTX_REMOTE_CLUSTER="${KUBE_CONTEXTS[2]}"
+  export CTX_SECOND_CLUSTER="${KUBE_CONTEXTS[1]}"

-snip_cleanup_1
-snip_cleanup_2
-snip_cleanup_3
+  snip_cleanup_1
+  snip_cleanup_2
+  snip_cleanup_3
+fi
--- a/content/en/docs/setup/install/multiple-controlplanes/single-cluster-multiple-istiods.svg
+++ b/content/en/docs/setup/install/multiple-controlplanes/single-cluster-multiple-istiods.svg
--- a/tests/util/gateway-api.sh
+++ b/tests/util/gateway-api.sh
@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# shellcheck disable=SC2034
+# shellcheck disable=SC2034,SC2120

 # Copyright Istio Authors
 #
@ -20,12 +20,12 @@ K8S_GATEWAY_API_CRDS="github.com/kubernetes-sigs/gateway-api/config/crd/experime
 GATEWAY_API="true"

 function install_gateway_api_crds() {
-    kubectl kustomize "${K8S_GATEWAY_API_CRDS}" | kubectl apply -f -
+    kubectl kustomize "${K8S_GATEWAY_API_CRDS}" | kubectl apply -f - --context="$1"
 }

 function remove_gateway_api_crds() {
-    kubectl kustomize "${K8S_GATEWAY_API_CRDS}" | kubectl delete -f -
+    kubectl kustomize "${K8S_GATEWAY_API_CRDS}" | kubectl delete -f - --context="$1"

-    kubectl get gateways.gateway.networking.k8s.io >/dev/null 2>&1 || true
+    kubectl get --context="$1" gateways.gateway.networking.k8s.io >/dev/null 2>&1 || true
    # TODO ^^^ remove this kludge which forces the name "gateway" to not stay bound to the deleted crd
 }