Updates Ambient Getting Started Guide (#15152)

- Adds a step to annotate the ingress gateway to use a ClusterIP service.
- Removes the reference to external tooling for managing a LoadBalancer service type.

Fixes #15119

Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>

content/en/docs/ambient/getting-started/index.md

@@ -112,11 +112,7 @@ Make sure the default namespace does not include the label `istio-injection=enab
 
     `sleep` and `notsleep` are two simple applications that can serve as curl clients.
 
-1. Deploy an ingress gateway so you can access the bookinfo app from outside the cluster:
-
-    {{< tip >}}
-    To get IP address assignment for `Loadbalancer` service types in `kind`, you may need to install a tool like [MetalLB](https://metallb.universe.tf/). Please consult [this guide](https://kind.sigs.k8s.io/docs/user/loadbalancer/) for more information.
-    {{</ tip >}}
+1. Deploy an ingress gateway:
 
     Create a [Kubernetes Gateway](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Gateway)
     and [HTTPRoute](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.HTTPRoute):
@@ -125,6 +121,12 @@ Make sure the default namespace does not include the label `istio-injection=enab
     $ kubectl apply -f @samples/bookinfo/gateway-api/bookinfo-gateway.yaml@
     {{< /text >}}
 
+    By default, Istio creates a `LoadBalancer` service for a gateway. Change the service type to `ClusterIP` by annotating the gateway.
+
+    {{< text bash >}}
+    $ kubectl annotate gateway bookinfo-gateway networking.istio.io/service-type=ClusterIP --namespace=default
+    {{< /text >}}
+
     Set the environment variables for the Kubernetes Gateway:
 
     {{< text bash >}}
@@ -133,7 +135,7 @@ Make sure the default namespace does not include the label `istio-injection=enab
     $ export GATEWAY_SERVICE_ACCOUNT=ns/default/sa/bookinfo-gateway-istio
     {{< /text >}}
 
-1. Test your bookinfo application. It should work with or without the gateway:
+1. Test your bookinfo application. It should work with and without the gateway:
 
     {{< text syntax=bash snip_id=verify_traffic_sleep_to_ingress >}}
     $ kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o "<title>.*</title>"
@@ -247,19 +249,12 @@ identities, but not at the Layer 7 level, such as HTTP methods like `GET` and `P
     namespace default labeled with "istio.io/use-waypoint: waypoint"
     {{< /text >}}
 
-1. View the waypoint proxy status; you should see the details of the gateway resource with `Programmed` status:
+1. View the waypoint proxy; you should see the details of the gateway resource with `Programmed=True` status:
 
     {{< text bash >}}
-    $ kubectl get gtw waypoint -o yaml
-    ...
-    status:
-      conditions:
-      - lastTransitionTime: "2024-04-18T14:25:56Z"
-        message: Resource programmed, assigned to service(s) waypoint.default.svc.cluster.local:15008
-        observedGeneration: 1
-        reason: Programmed
-        status: "True"
-        type: Programmed
+    $ kubectl get gtw waypoint
+    NAME       CLASS            ADDRESS       PROGRAMMED   AGE
+    waypoint   istio-waypoint   10.96.58.95   True         61s
     {{< /text >}}
 
 1. Update your `AuthorizationPolicy` to explicitly allow the `sleep` service to `GET` the `productpage` service, but perform no other operations:

content/en/docs/ambient/getting-started/snips.sh

@@ -59,6 +59,10 @@ kubectl apply -f samples/bookinfo/gateway-api/bookinfo-gateway.yaml
 }
 
 snip_deploy_the_sample_application_4() {
+kubectl annotate gateway bookinfo-gateway networking.istio.io/service-type=ClusterIP --namespace=default
+}
+
+snip_deploy_the_sample_application_5() {
 kubectl wait --for=condition=programmed gtw/bookinfo-gateway
 export GATEWAY_HOST=bookinfo-gateway-istio.default
 export GATEWAY_SERVICE_ACCOUNT=ns/default/sa/bookinfo-gateway-istio
@@ -178,19 +182,12 @@ namespace default labeled with "istio.io/use-waypoint: waypoint"
 ENDSNIP
 
 snip_layer_7_authorization_policy_2() {
-kubectl get gtw waypoint -o yaml
+kubectl get gtw waypoint
 }
 
 ! IFS=$'\n' read -r -d '' snip_layer_7_authorization_policy_2_out <<\ENDSNIP
-...
-status:
-  conditions:
-  - lastTransitionTime: "2024-04-18T14:25:56Z"
-    message: Resource programmed, assigned to service(s) waypoint.default.svc.cluster.local:15008
-    observedGeneration: 1
-    reason: Programmed
-    status: "True"
-    type: Programmed
+NAME       CLASS            ADDRESS       PROGRAMMED   AGE
+waypoint   istio-waypoint   10.96.58.95   True         61s
 ENDSNIP
 
 snip_layer_7_authorization_policy_3() {

content/en/docs/ambient/getting-started/test.sh

@@ -39,6 +39,7 @@ snip_deploy_the_sample_application_2
 
 snip_deploy_the_sample_application_3
 snip_deploy_the_sample_application_4
+snip_deploy_the_sample_application_5
 
 # test traffic before ambient mode is enabled
 _verify_contains snip_verify_traffic_sleep_to_ingress "$snip_verify_traffic_sleep_to_ingress_out"
@@ -58,7 +59,7 @@ _verify_contains snip_layer_4_authorization_policy_3 "$snip_layer_4_authorizatio
 _verify_failure snip_layer_4_authorization_policy_4
 
 _verify_contains snip_layer_7_authorization_policy_1 "$snip_layer_7_authorization_policy_1_out"
-_verify_contains snip_layer_7_authorization_policy_2 "Resource programmed, assigned to service"
+_verify_contains snip_layer_7_authorization_policy_2 "True"
 snip_layer_7_authorization_policy_3
 _verify_contains snip_layer_7_authorization_policy_4 "$snip_layer_7_authorization_policy_4_out"
 _verify_contains snip_layer_7_authorization_policy_5 "$snip_layer_7_authorization_policy_5_out"

content/en/docs/ambient/usage/extend-waypoint-wasm/test.sh

@@ -40,7 +40,7 @@ snip_deploy_the_sample_application_1
 snip_deploy_the_sample_application_2
 
 snip_deploy_the_sample_application_3
-snip_deploy_the_sample_application_4
+snip_deploy_the_sample_application_5
 
 # adding applications to ambient mesh
 _verify_same snip_adding_your_application_to_the_ambient_mesh_1 "$snip_adding_your_application_to_the_ambient_mesh_1_out"