-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Enhanced Dev Preview documentation #8
Conversation
e8a0b26
to
1edde27
Compare
``` | ||
|
||
Next, let’s modify our existing HTTPRoute to direct traffic based on path. We will add a `/foo` path match on the | ||
existing rule for the `foo-app` application as well as a new rule with a `/bar` path match and a backendRef pointing to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it would be better to spell out "backend reference":
existing rule for the `foo-app` application as well as a new rule with a `/bar` path match and a backendRef pointing to the | |
existing rule for the `foo-app` application as well as a new rule with a `/bar` path match and a backend reference pointing to the |
Alternatively, you could use `backendref`
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
advanced usages of Gateway API. | ||
|
||
## Route Matching | ||
Gateway API has a powerful API for directing traffic based on request characteristics such as path, headers, query |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gateway API has a powerful API for directing traffic based on request characteristics such as path, headers, query | |
Gateway API is a powerful API for directing traffic based on request characteristics such as path, headers, query |
or
Gateway API has a powerful API for directing traffic based on request characteristics such as path, headers, query | |
Gateway API provides a powerful API for directing traffic based on request characteristics such as path, headers, query |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gcs278 looks good - just a few suggestions.
@@ -0,0 +1,178 @@ | |||
# Getting Started | |||
|
|||
As a follow on to the Openshift 4.12 Developer Preview of Gateway API, OpenShift has released Enhanced Developer Preview for Gateway API support in OCP 4.13.z. With Enhanced Dev Preview, developers can now install and configure Gateway API with the Ingress Operator. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we start calling it OpenShift Istio Gateway API now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added.
As a follow on to the Openshift 4.12 Developer Preview of Gateway API, OpenShift has released Enhanced Developer Preview for Gateway API support in OCP 4.13.z. With Enhanced Dev Preview, developers can now install and configure Gateway API with the Ingress Operator. | ||
|
||
In Enhanced Dev Preview, the ingress operator will manage the following: | ||
* Installing Istio via v2.4 of the OpenShift Service Mesh (OSSM) operator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Installing Istio via v2.4 of the OpenShift Service Mesh (OSSM) operator | |
* Installing the OpenShift Service Mesh (OSSM) operator version 2.4.0 to access Istio |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
|
||
In Enhanced Dev Preview, the ingress operator will manage the following: | ||
* Installing Istio via v2.4 of the OpenShift Service Mesh (OSSM) operator | ||
* Installing Gateway API CRDs (v0.5.1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Installing Gateway API CRDs (v0.5.1) | |
* Installing version 0.5.1 Gateway API custom resource definitions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
* Installing Istio via v2.4 of the OpenShift Service Mesh (OSSM) operator | ||
* Installing Gateway API CRDs (v0.5.1) | ||
* Configuring a Service Mesh Control Plane (SMCP) | ||
* Automatic creation of DNS Records for Gateways (using Istio’s automated deployments only) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some mention of the load balancer would be good. Also, I'm not sure people will know what Istio's automated deployments only
will mean in this context (even I don't know). Do you mean that DNS records are only created if the automated deployment is enabled? But I think automated deployment is the default, and people cannot change that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Load Balancing was originally left out since the Ingress Operator doesn't actually do anything with Load Balancers, that's actually an Istio respondiblity. I'll add a bullet that reflects that the Ingress Operator is enabling Istio to make this to happen and hopefully that will make it clear.
My link got dropped for Automated Deployments. We don't support DNS with manual deployments (see bug https://issues.redhat.com/browse/OCPBUGS-8526).
Do you mean that DNS records are only created if the automated deployment is enabled? But I think automated deployment is the default, and people cannot change that.
No - DNS records will only be created if you use an automated deployment. Yes, we enable/allow automated deployments by default, but you can still chose to deploy a manual deployment style Gateway, which might leave the user confused as it doesn't create a DNS record.
I reworded to be focused on Gateway API object, regarding spec.addresses
, let me know if that makes it clearer.
|
||
## Prerequisites | ||
* A non-production OpenShift Cluster, version v4.13.z or greater, on a cloud platform that supports Kubernetes external load balancers | ||
* If OSSM is already installed, it must be OSSM 2.4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* If OSSM is already installed, it must be OSSM 2.4 | |
* If OSSM is already installed, it must be OSSM 2.4.0. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. Done.
$ oc rollout status deployment -w -n demo-app foo-app | ||
``` | ||
|
||
Create the HTTPRoute that will direct requests for http.example.com to our new backend server, foo-app. Note that the parentRefs points to the Gateway, rules specify a backendRefs to our service, and hostnames align with the Gateway’s Listeners hostnames: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Create the HTTPRoute that will direct requests for http.example.com to our new backend server, foo-app. Note that the parentRefs points to the Gateway, rules specify a backendRefs to our service, and hostnames align with the Gateway’s Listeners hostnames: | |
Create the HTTPRoute that will direct requests for "*.gwapi.${DOMAIN}" to our new backend server, foo-app. Note that the parentRefs points to the Gateway, rules specify a backendRefs to our service, and hostnames align with the Gateway’s Listeners hostnames: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah good catch
port: 8080 | ||
EOF | ||
``` | ||
Wait for the gateway deployment (Envoy) to be ready: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wouldn't even mention Envoy here. If you do, it should be introduced much earlier, and not with just one word :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
server: istio-envoy | ||
app: foo | ||
... | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something to lead to the next section maybe, like:
Thanks for trying OpenShift Istio Gateway API. If you'd like to learn more, go to section on Getting Creative
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, done.
@@ -0,0 +1,178 @@ | |||
# Getting Started | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you haven't read the original blog with an overview of the Gateway API components, please take a minute to review it at link to IntroGatewayAPI.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh my links got dropped when I copied/pasted - Added a sentence like this with a link to the original blog.
You’ve successfully configured Gateway API to match traffic based on path, query parameters, and headers. | ||
|
||
## TLS Termination with Gateway API | ||
In OpenShift, we have the concept of [termination types](https://docs.openshift.com/container-platform/4.11/networking/routes/secured-routes.html) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe update to a 4.13 version of the docs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea. Done.
1edde27
to
5e013e4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the review
advanced usages of Gateway API. | ||
|
||
## Route Matching | ||
Gateway API has a powerful API for directing traffic based on request characteristics such as path, headers, query |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
``` | ||
|
||
Next, let’s modify our existing HTTPRoute to direct traffic based on path. We will add a `/foo` path match on the | ||
existing rule for the `foo-app` application as well as a new rule with a `/bar` path match and a backendRef pointing to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
You’ve successfully configured Gateway API to match traffic based on path, query parameters, and headers. | ||
|
||
## TLS Termination with Gateway API | ||
In OpenShift, we have the concept of [termination types](https://docs.openshift.com/container-platform/4.11/networking/routes/secured-routes.html) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea. Done.
@@ -0,0 +1,178 @@ | |||
# Getting Started | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh my links got dropped when I copied/pasted - Added a sentence like this with a link to the original blog.
@@ -0,0 +1,178 @@ | |||
# Getting Started | |||
|
|||
As a follow on to the Openshift 4.12 Developer Preview of Gateway API, OpenShift has released Enhanced Developer Preview for Gateway API support in OCP 4.13.z. With Enhanced Dev Preview, developers can now install and configure Gateway API with the Ingress Operator. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added.
$ oc create namespace demo-app | ||
``` | ||
|
||
Create a demo application deployment and service using oc new-app, our cakephp-ingress-demo project, and the foo git branch. This will create a simple server, foo-app, that will allow us to test connectivity. Then use the oc rollout command to wait for it to be rolled out: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
$ oc rollout status deployment -w -n demo-app foo-app | ||
``` | ||
|
||
Create the HTTPRoute that will direct requests for http.example.com to our new backend server, foo-app. Note that the parentRefs points to the Gateway, rules specify a backendRefs to our service, and hostnames align with the Gateway’s Listeners hostnames: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah good catch
port: 8080 | ||
EOF | ||
``` | ||
Wait for the gateway deployment (Envoy) to be ready: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
server: istio-envoy | ||
app: foo | ||
... | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, done.
targetPort: 8080 | ||
``` | ||
|
||
First, create the Gateway with a Listener that will listen for requests on a URL under the cluster domain. The Gateway must be created in the openshift-ingress namespace and specify the GatewayClass created earlier. By default, Istio will automatically provision a gateway deployment and service with the same name upon creation of this Gateway object: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done and Done.
5179c05
to
2fd044d
Compare
referencegrants.gateway.networking.k8s.io 2023-04-04T18:02:56Z | ||
``` | ||
|
||
Confirm the Ingress Operator has created the SMCP and it is ready: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This took 40 seconds on OpenShift 4.14. May want to tell them to wait for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The first thing I see is a somewhat misleading message like below, so I would tell them to wait a minute or two and then check.
oc get smcp -n openshift-ingress
error: the server doesn't have a resource type "smcp"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yea I actually ran this myself recently, it takes a long time to show up, I'll be more specific.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
c347ec3
to
5bd05e7
Compare
Can you add an image at the top ? It's super helpful, even if it's just an image that says the name of the feature. |
5bd05e7
to
4a7d8a9
Compare
@candita Did you mean a picture in the blog post page? I have already added the Gateway Arch image to https://github.com/gcs278/network-edge-tools/blob/enhanced-dev-preview/docs/blogs/EnhancedDevPreviewGatewayAPI/IntroEnhancedDevPreview.md A bit of copy/paste, but is that what you are asking about? |
afe8ab3
to
60f3fb4
Compare
|
||
## New Features in Developer Preview | ||
|
||
With this Developer Preview update, developers can now install and configure OpenShift Istio Gateway API with the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Istio is an implementation detail. We're not hiding that we use Istio, but neither are we emphasizing it, and we definitely aren't calling the feature "OpenShift Istio Gateway API". Can we just say "install and configure Gateway API", or "install and configure the capability to use Gateway API"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i thought we were calling it that, that it was PM's request to incorporate Istio?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the last blog we called it "Gateway API with OpenShift Networking"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated to just Gateway API, but I will make sure I use Gateway API with OpenShift Networking
as the proper name.
their focus to exploring and leveraging the powerful API that Gateway API has to offers. | ||
|
||
The Ingress Operator now handles the management and configuration of the following: | ||
* Installing the OpenShift Service Mesh (OSSM) operator version 2.4.0 to access Istio |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, Istio and OSSM are implementation details. Can you reframe this to emphasize that the Ingress Operator provides the capability to use Gateway API, and de-emphasize (even if only slightly) that the implementation uses OSSM, Istio, and Envoy? Consider the difference between these two statements:
- The purpose of this feature is to install OSSM, so that you can use Gateway API.
- The purpose of this feature is to enable you to use Gateway API, which we accomplish through using OpenShift Service Mesh.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Attempted to de-empathize.
|
||
The Ingress Operator now handles the management and configuration of the following: | ||
* Installing the OpenShift Service Mesh (OSSM) operator version 2.4.0 to access Istio | ||
* Installing version 0.5.1 Gateway API custom resource definitions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Installing version 0.5.1 Gateway API custom resource definitions | |
* Installing version 0.5.1 Gateway API custom resource definitions (CRDs) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
The Ingress Operator now handles the management and configuration of the following: | ||
* Installing the OpenShift Service Mesh (OSSM) operator version 2.4.0 to access Istio | ||
* Installing version 0.5.1 Gateway API custom resource definitions | ||
* Configuring a Service Mesh Control Plane (SMCP) for creating the Istio control plane |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SMCP is an implementation detail of an implementation detail. Does it need to be mentioned this early in the blog post?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed
* Installing version 0.5.1 Gateway API custom resource definitions | ||
* Configuring a Service Mesh Control Plane (SMCP) for creating the Istio control plane | ||
* Enabling creation of Load Balancers via Istio’s [automated deployments](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) | ||
* Automatic creation of DNS Records for Gateways with empty [spec.addresses](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1beta1.GatewaySpec) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we anticipating that the reader will create gateways with nonempty spec.addresses
? It seems too early in the blog post to mention spec.addresses
, and when we do mention it, I think it should be to say that the reader shouldn't expect setting spec.addresses
to work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, we can mention it in the Getting Started section. Removed.
```shell | ||
$ oc create -n openshift-ingress secret tls edge-cert --key=certs/edge.key --cert=certs/edge.crt | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
```shell | |
$ oc create -n openshift-ingress secret tls edge-cert --key=certs/edge.key --cert=certs/edge.crt | |
``` | |
```console | |
$ oc create -n openshift-ingress secret tls edge-cert --key=certs/edge.key --cert=certs/edge.crt | |
route.route.openshift.io/edge-cert created | |
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
$ oc create -n openshift-ingress secret tls edge-cert --key=certs/edge.key --cert=certs/edge.crt | ||
``` | ||
Certificates are handled differently in Gateway API compared to OpenShift Route objects. Gateway API uses references to | ||
Kubernetes Secret objects whereas the OpenShift Route API embeds the certificate and key strings in the Route object. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please capitalize "secret" or "Secret" consistently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Certificates are handled differently in Gateway API compared to OpenShift Route objects. Gateway API uses references to | ||
Kubernetes Secret objects whereas the OpenShift Route API embeds the certificate and key strings in the Route object. | ||
|
||
Next, let’s configure our Gateway to terminate TLS. We will add an additional Listener with the same wildcard domain |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is "Listener" capitalized?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was trying to refer to a proper API field, a proper noun, but based on https://gateway-api.sigs.k8s.io/api-types/gateway/, they don't capitalize, so I won't.
|
||
Next, let’s configure our Gateway to terminate TLS. We will add an additional Listener with the same wildcard domain | ||
using port 443 to our existing Gateway from the example above: | ||
```yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
```yaml | |
```console |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
EOF | ||
``` | ||
Now test the route we just created over port 443: | ||
```shell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
```shell | |
```console |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
A new picture would be better. Even just a picture of the name of the feature. |
|
||
## Prerequisites | ||
|
||
* A non-production OpenShift Cluster, version v4.13.z or greater, on a cloud platform that supports Kubernetes external |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* A non-production OpenShift Cluster, version v4.13.z or greater, on a cloud platform that supports Kubernetes external | |
* A non-production OpenShift Cluster, version v4.13.z or greater, on a cloud platform that supports Kubernetes service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
60f3fb4
to
eb367e4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for a really detailed review. I added outputs for the majority of my commands for clarity.
|
||
## New Features in Developer Preview | ||
|
||
With this Developer Preview update, developers can now install and configure OpenShift Istio Gateway API with the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated to just Gateway API, but I will make sure I use Gateway API with OpenShift Networking
as the proper name.
The Ingress Operator now handles the management and configuration of the following: | ||
* Installing the OpenShift Service Mesh (OSSM) operator version 2.4.0 to access Istio | ||
* Installing version 0.5.1 Gateway API custom resource definitions | ||
* Configuring a Service Mesh Control Plane (SMCP) for creating the Istio control plane |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed
|
||
The Ingress Operator now handles the management and configuration of the following: | ||
* Installing the OpenShift Service Mesh (OSSM) operator version 2.4.0 to access Istio | ||
* Installing version 0.5.1 Gateway API custom resource definitions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
their focus to exploring and leveraging the powerful API that Gateway API has to offers. | ||
|
||
The Ingress Operator now handles the management and configuration of the following: | ||
* Installing the OpenShift Service Mesh (OSSM) operator version 2.4.0 to access Istio |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Attempted to de-empathize.
* Installing version 0.5.1 Gateway API custom resource definitions | ||
* Configuring a Service Mesh Control Plane (SMCP) for creating the Istio control plane | ||
* Enabling creation of Load Balancers via Istio’s [automated deployments](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) | ||
* Automatic creation of DNS Records for Gateways with empty [spec.addresses](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1beta1.GatewaySpec) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, we can mention it in the Getting Started section. Removed.
|
||
Next, let’s configure our Gateway to terminate TLS. We will add an additional Listener with the same wildcard domain | ||
using port 443 to our existing Gateway from the example above: | ||
```yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
EOF | ||
``` | ||
Now test the route we just created over port 443: | ||
```shell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Create a demo application deployment and service using `oc new-app`, our cakephp-ingress-demo project, and the foo git branch. This will create a simple server, foo-app, that will allow us to test connectivity. Then use the `oc rollout` command to wait for it to be rolled out: | ||
```shell | ||
$ oc new-app -n demo-app --name foo-app https://github.com/openshiftdemos/cakephp-ingress-demo#foo | ||
$ oc rollout status deployment -w -n demo-app foo-app | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done and added the expected output.
First, let’s create another demo application deployment and service using `oc new-app`, our `cakephp-ingress-demo` | ||
project, and the `bar` git branch. This will be used as an alternate server backend, `bar-app`, to direct traffic to: | ||
```shell | ||
$ oc new-app -n demo-app --name bar-app https://github.com/openshiftdemos/cakephp-ingress-demo#bar | ||
$ oc rollout status deployment -w -n demo-app bar-app | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added expected output (to both, just to be consistent).
```shell | ||
$ oc wait -n openshift-ingress --for=condition=ready gateways.gateway.networking.k8s.io demo-gateway |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the expected output
eb367e4
to
fbcf0f2
Compare
@candita I tried my hand at my graphic design...does the image https://github.com/gcs278/network-edge-tools/blob/enhanced-dev-preview/docs/blogs/EnhancedDevPreviewGatewayAPI/IntroEnhancedDevPreview.md look okay? |
fbcf0f2
to
11e81ab
Compare
It looks good. My only comment is that you could try centering it. |
opt in to use it. The feature gate is a part of the “customNoUpgrade” featureSet, which means the cluster will no longer | ||
be upgradable after enabling. | ||
|
||
Only enable this feature on a non-production cluster. Once this feature gate is enabled, it can never be disabled. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good place to mention that enabling the feature gate will restart all nodes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, I already mentioned in https://github.com/openshift/network-edge-tools/pull/8/files#diff-eb7ec84d04a7daa7ba6958f451020085d2ad3a2bde1a85f732982563b97986a2R35-R36, but I can also add a mention here.
Done.
11e81ab
to
57b9385
Compare
@candita thanks - markdown actually doesn't have syntax to center, but I enlarged the image so it is centered. When the blog team converted the last blog, they centered the image anyways, so I think we should be safe for the conversion. |
03e4ab7
to
1d29951
Compare
targetPort: 8080 | ||
``` | ||
|
||
First, create the Gateway with a Listener (`spec.listeners` instance) that will listen on a port for HTTP requests that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This still has Listener capitalized. Maybe change the listener/Listener references throughout to be listener
to signify the object reference?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, I forgot this one. Now that I look again, even Gateway API docs aren't consistent (some Listeners some listeners).
I'll update to lower case to be consistent.
When the Gateway from the previous step is created, the Ingress Operator will automatically create a DNSRecord CR with the hostname from the listener: | ||
```console | ||
$ oc get dnsrecord -n openshift-ingress -l istio.io/gateway-name=demo-gateway | ||
NAME AGE | ||
gateway-7b49f58c6-wildcard 6m11s | ||
``` | ||
|
||
The Ingress Operator will then create a DNS record using the cloud-specific API (for example, Route 53 on AWS) and update the status on the DNSRecord CR: | ||
```console | ||
$ oc get dnsrecord -n openshift-ingress -l istio.io/gateway-name=demo-gateway -o yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These two commands are the same. Can these two paragraphs be consolidated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, combined into one.
@gcs278 it looks really good. I have a couple of comments on the Getting Started section, which are nice-to-haves. |
1d29951
to
ffc9807
Compare
/lgtm |
Holding for @Miciah last review. |
|
||
The features mentioned in this Developer Preview update are accessible through [OpenShift's feature gate mechanism](https://docs.openshift.com/container-platform/4.13/nodes/clusters/nodes-cluster-enabling-features.html). | ||
By implementing Gateway API support under a feature gate, it is not activated by default, requiring users to explicitly | ||
opt in to use it. The feature gate is a part of the “customNoUpgrade” featureSet, which means the cluster will no longer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a minor detail, but the "CustomNoUpgrade" feature set itself is empty; enabling this feature set then allows the cluster-admin to specify individual features in the cluster config.
opt in to use it. The feature gate is a part of the “customNoUpgrade” featureSet, which means the cluster will no longer | |
opt in to use it. The feature gate can be enabled by configuring the “CustomNoUpgrade” feature set, which means the cluster will no longer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
|
||
![Gateway API Dev Preview Update](images/gateway-api-dev-preview-update.png) | ||
|
||
As a follow-on to the Openshift 4.12 Developer Preview of Gateway API, OpenShift has released an enhanced Developer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a suggestion—it feels more natural to me to say that Red Hat has done something involving OpenShift than to say that OpenShift has done something. (Sometimes we talk about "the OpenShift org", but that's more of an internal thing.)
As a follow-on to the Openshift 4.12 Developer Preview of Gateway API, OpenShift has released an enhanced Developer | |
As a follow-on to the Openshift 4.12 Developer Preview of Gateway API, Red Hat has released an enhanced Developer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
|
||
## New Features in Developer Preview | ||
|
||
With this Developer Preview update, developers can now install and configure the capability to use Gateway API with the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this Developer Preview update, developers can now install and configure the capability to use Gateway API with the | |
With this Developer Preview update, a cluster administrator can now install and configure the capability to use Gateway API with the |
or
With this Developer Preview update, developers can now install and configure the capability to use Gateway API with the | |
With this Developer Preview update, you can now install and configure the capability to use Gateway API with the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the you. Done.
With this Developer Preview update, developers can now install and configure the capability to use Gateway API with the | ||
Ingress Operator, seamlessly installing all the necessary Gateway API components without any external downloads. By | ||
delegating the responsibility of installation and configuration to the Ingress Operator, developers can now dedicate | ||
their focus to exploring and leveraging the powerful API that Gateway API has to offers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
their focus to exploring and leveraging the powerful API that Gateway API has to offers. | |
their focus to exploring and leveraging the powerful API that Gateway API has to offer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
darn, i missed this. Done.
* Enabling creation of Load Balancers via Istio’s [automated deployments](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) | ||
* Automatically creating DNS Records for Gateways | ||
|
||
These updates provide OpenShift developers with the opportunity to explore and utilize Gateway API using our existing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These updates provide OpenShift developers with the opportunity to explore and utilize Gateway API using our existing | |
These updates provide OpenShift developers with the opportunity to explore and utilize Gateway API using Red Hat's existing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
path: /foo | ||
``` | ||
In Gateway API, we can translate this concept to terminating the TLS encryption at the Gateway before forwarding traffic | ||
to the upstream server via the HTTPRoute configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better to avoid ambiguous words like "upstream", which different implementations use to mean opposite things.
to the upstream server via the HTTPRoute configuration. | |
to the destination pod via the HTTPRoute configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
|
||
## Prerequisites | ||
|
||
* A non-production OpenShift Cluster, version v4.13.5 or greater, on a cloud platform that supports Kubernetes service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* A non-production OpenShift Cluster, version v4.13.5 or greater, on a cloud platform that supports Kubernetes service | |
* A non-production OpenShift Cluster, version 4.13.5 or greater, on a cloud platform that supports Kubernetes service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
load balancers (e.g. GCP, AWS, and Azure) | ||
* If OSSM is already installed, it must be OSSM 2.4.0 | ||
* If OSSM is already installed, you must not have any existing ServiceMeshControlPlane CRs | ||
* The [OpenShift CLI](https://docs.openshift.com/container-platform/4.11/cli_reference/openshift_cli/getting-started-cli.html#cli-installing-cli_cli-developer-commands) binary (oc) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* The [OpenShift CLI](https://docs.openshift.com/container-platform/4.11/cli_reference/openshift_cli/getting-started-cli.html#cli-installing-cli_cli-developer-commands) binary (oc) | |
* The [OpenShift CLI](https://docs.openshift.com/container-platform/4.13/cli_reference/openshift_cli/getting-started-cli.html#cli-installing-cli_cli-developer-commands) binary (oc) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah good catch. Done.
Installing Gateway API with OSSM/Istio via the ingress operator - IntroEnhancedDevPreview page for intro (blog post) - GettingStarted page for installation - GettingCreative page for more advanced examples Both adapted from IntroGatewayAPI documentation
ffc9807
to
207e644
Compare
/lgtm |
/remove-hold |
Installing Gateway API with OSSM/Istio via the ingress operator
Both adapted from IntroGatewayAPI documentation