Gh 361 single cluster walk through

[maleck13]

closes #361
depends on #323
related to Kuadrant/docs.kuadrant.io#44

Verification

Note it is expected that you will need to setup a managed zone and provider secret currently. The quickstart script will do this but to verify this, do that step yourself

We don't have the quick start script yet so to get an environment ready in the same way do the following:

cd ~/kuadrant-operator

make local-cluster-setup ISTIO_INSTALL_SAIL=true
make install-olm
make deploy-catalog CATALOG_IMG=quay.io/kuadrant/kuadrant-operator-catalog:main


kubectl apply -f - <<EOF 
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: glbc-ca
spec:
  selfSigned: {}
EOF

kubectl apply -f - <<EOF
apiVersion: operator.istio.io/v1alpha1
kind: Istio
metadata:
  name: istiocontrolplane
  namespace: istio-system
spec:
  version: v1.20.0
  rawValues:
    pilot:
      resources:
        requests:
          cpu: 100m
          memory: 1024Mi
EOF

setup managed zone (for now)

export AWS_ACCESS_KEY_ID=xxxxxx
export AWS_SECRET_ACCESS_KEY=yyyyy

kubectl create secret generic my-aws-credentials \
  --namespace=kuadrant-system \
  --type=kuadrant.io/aws \
  --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
  --from-literal=AWS_REGION=eu-west-1 \
  --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}


export KUADRANT_ZONE_ROOT_DOMAIN=something.I.own
export KUADRANT_ZONE_ROOT_DOMAIN_ID=someid

kubectl apply -f - <<EOF
apiVersion: kuadrant.io/v1alpha1
kind: ManagedZone
metadata:
  name: my-test-aws-zone
  namespace: kuadrant-system
spec:
  id: ${KUADRANT_ZONE_ROOT_DOMAIN_ID}
  domainName: ${KUADRANT_ZONE_ROOT_DOMAIN}
  description: "My Managed Zone"
  dnsProviderSecretRef:
    name: my-aws-credentials
EOF


## Initialise Kuadrant

kubectl -n kuadrant-system apply -f - <<EOF
apiVersion: kuadrant.io/v1beta1
kind: Kuadrant
metadata:
  name: kuadrant
spec: {}
EOF

[codecov]

Codecov Report

Merging #362 (685a5ef) into main (13c75de) will decrease coverage by 0.84%.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #362      +/-   ##
==========================================
- Coverage   66.14%   65.31%   -0.84%     
==========================================
  Files          35       35              
  Lines        3843     3843              
==========================================
- Hits         2542     2510      -32     
- Misses       1113     1136      +23     
- Partials      188      197       +9     

Flag	Coverage Δ
integration	70.48% <ø> (-1.58%)	⬇️
unit	59.54% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
api/v1beta1 (u)	∅ <ø> (∅)
pkg/common (u)	76.92% <ø> (ø)
pkg/istio (u)	37.11% <ø> (ø)
pkg/log (u)	31.81% <ø> (ø)
pkg/reconcilers (u)	33.21% <ø> (ø)
pkg/rlptools (u)	56.46% <ø> (ø)
controllers (i)	70.48% <ø> (-1.58%)	⬇️

see 5 files with indirect coverage changes

[david-martin]

@maleck13 The Istio CRD is missing. I get this error when applying the example resource in the PR instructions:

error: resource mapping not found for name: "istiocontrolplane" namespace: "istio-system" from "STDIN": no matches for kind "Istio" in version "operator.istio.io/v1alpha1"
ensure CRDs are installed first

Other istio CRDs are there

kubectl get crd|grep -i istio
authorizationpolicies.security.istio.io       2023-12-08T12:17:30Z
destinationrules.networking.istio.io          2023-12-08T12:17:30Z
envoyfilters.networking.istio.io              2023-12-08T12:17:30Z
gateways.networking.istio.io                  2023-12-08T12:17:30Z
istiooperators.install.istio.io               2023-12-08T12:17:06Z
peerauthentications.security.istio.io         2023-12-08T12:17:30Z
proxyconfigs.networking.istio.io              2023-12-08T12:17:30Z
requestauthentications.security.istio.io      2023-12-08T12:17:30Z
serviceentries.networking.istio.io            2023-12-08T12:17:30Z
sidecars.networking.istio.io                  2023-12-08T12:17:30Z
telemetries.telemetry.istio.io                2023-12-08T12:17:30Z
virtualservices.networking.istio.io           2023-12-08T12:17:30Z
wasmplugins.extensions.istio.io               2023-12-08T12:17:30Z
workloadentries.networking.istio.io           2023-12-08T12:17:30Z
workloadgroups.networking.istio.io            2023-12-08T12:17:30Z

[maleck13]

Yes sorry you need to check out this branch #323

[david-martin]

Yes sorry you need to check out this branch #323

I'll check out that branch, and follow steps from this PR branch.

[adam-cattermole]

@david-martin I've just merged the branch to main so you could try from main

[jasonmadigan]

curl -k --resolve "api.${KUADRANT_ZONE_ROOT_DOMAIN}:443:172.18.200.2" "https://api.${KUADRANT_ZONE_ROOT_DOMAIN}/cars" -vvv

200 OK

[david-martin]

Some issues with curl on macos, but a workaround with --resolve works well.

Output at end of walkthrough:

while :; do curl -k --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMALICE' "https://api.$KUADRANT_ZONE_ROOT_DOMAIN/cars" | grep -E --color "\b(429)\b|$"; sleep 1; done
200
429
429
200
429
429
200
429
429
200
^C

$ while :; do curl -k --write-out '%{http_code}\n' --silent --output /dev/null -H 'Authorization: APIKEY IAMBOB' "https://api.$KUADRANT_ZONE_ROOT_DOMAIN/cars" | grep -E --color "\b(429)\b|$"; sleep 1; done
200
429
429
200
429
429
200

[jasonmadigan]

got to the same stage as @david-martin, so I think this looks like it works all-in (probably want to update the cURL commands to use --resolve)

[maleck13]

@jasonmadigan @david-martin I have updated the curl commands now

[jasonmadigan]

@maleck13 couple of tweaks w/ suggestions

[maleck13]

thanks @jasonmadigan updated

[jasonmadigan]

lgtm 👍

[guicassolato]

Leaving a few comments despite already merged.

[maleck13]

@guicassolato #374 follow ups