-
Notifications
You must be signed in to change notification settings - Fork 1.8k
OSSM-11147 Istio Ambient mode waypoint docs: Waypoint proxy #100097
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: service-mesh-docs-main
Are you sure you want to change the base?
OSSM-11147 Istio Ambient mode waypoint docs: Waypoint proxy #100097
Conversation
/label service-mesh |
/retest validate-asciidoc |
@briandooley: The
Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/test validate-asciidoc |
1 similar comment
/test validate-asciidoc |
🤖 Fri Oct 10 10:59:52 - Prow CI generated the docs preview: |
8a11114
to
af2fa9a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Verified the Yaml and commands, everything executed as expected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, commands passed fine on different clusters, waypoint pod is running
However, personally, as a newb in ambient, feel the lack of verification/validation steps of "Is the established waypoint works fine" 🤔
E.g. valdiated with (just tbd, not advise to add to docs):
cat <<'EOF' | oc --context rosa apply -f -
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
name: productpage-deny-default
namespace: bookinfo
spec:
targetRefs:
- group: ""
kind: Service
name: productpage
action: DENY
rules:
- when:
- key: request.headers[allow-me]
notValues: ["yes"] # deny if header missing or not "yes"
EOF
And running curl pod
oc --context rosa -n bookinfo exec -it curl-test -- \
curl -s -o /dev/null -w "%{http_code}\n" \
http://productpage.bookinfo.svc.cluster.local:9080/productpage
403
oc --context rosa -n bookinfo exec -it curl-test -- \
curl -H "allow-me: yes" -s -o /dev/null -w "%{http_code}\n" \
http://productpage.bookinfo.svc.cluster.local:9080/productpage
200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @shreyasiddhartha.
@shreyasiddhartha, as pointed out by @unsortedhashsets, even I felt that validation commands are missing from the document. |
@sridhargaddam @unsortedhashsets Here's the second PR covering the rest of the content: #100107. Let me know if this is what you were looking for. I plan to share Part 2 for review after merging Part 1 so that information is organised and presented in a linear manner. If you still feel something is missing, let me know here and I will add it to the docs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @shreyasiddhartha.
0521431
to
294f3fa
Compare
@shreyasiddhartha: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very cool, lgtm, confirm commands with all rosa/ipv6/dualstack and verification works both for waypoint and for waypoint-default and waypoint name is visible e.g.:
NAMESPACE SERVICE NAME SERVICE VIP WAYPOINT ENDPOINTS
bookinfo details fd00:172:16::36ce waypoint 1/1
bookinfo details-v1 fd00:172:16::c513 waypoint 1/1
bookinfo productpage fd00:172:16::27fb waypoint 1/1
bookinfo productpage-v1 fd00:172:16::55e7 waypoint 1/1
bookinfo ratings fd00:172:16::cfa waypoint 1/1
bookinfo ratings-v1 fd00:172:16::4f0e waypoint 1/1
bookinfo reviews fd00:172:16::8523 waypoint 3/3
bookinfo reviews-v1 fd00:172:16::e90d waypoint 1/1
bookinfo reviews-v2 fd00:172:16::1fcf waypoint 1/1
bookinfo reviews-v3 fd00:172:16::c660 waypoint 1/1
bookinfo waypoint fd00:172:16::9cb2 None 1/1
default curl fd00:172:16::e0ae None 1/1
default kubernetes fd00:172:16::1 None 3/3
default waypoint-default fd00:172:16::d0d5 None 1/1
istio-system istiod fd00:172:16::c2d0 None 1/1
NAMESPACE SERVICE NAME SERVICE VIP WAYPOINT ENDPOINTS
bookinfo details 172.30.115.61 waypoint-default 1/1
bookinfo details-v1 172.30.9.77 waypoint-default 1/1
bookinfo productpage 172.30.195.234 waypoint-default 1/1
bookinfo productpage-v1 172.30.92.156 waypoint-default 1/1
bookinfo ratings 172.30.212.58 waypoint-default 1/1
bookinfo ratings-v1 172.30.140.149 waypoint-default 1/1
bookinfo reviews 172.30.25.162 waypoint-default 3/3
bookinfo reviews-v1 172.30.183.95 waypoint-default 1/1
bookinfo reviews-v2 172.30.137.97 waypoint-default 1/1
bookinfo reviews-v3 172.30.12.167 waypoint-default 1/1
bookinfo waypoint 172.30.96.202,fd02::3c04 None 1/1
default curl 172.30.176.145 None 1/1
default kubernetes 172.30.0.1 None 3/3
default waypoint-default 172.30.206.209,fd02::5c78 None 1/1
istio-system istiod 172.30.19.142 None 1/1
Change type: Doc update; Istio Ambient mode waypoint docs: Waypoint proxy
Doc JIRA: https://issues.redhat.com/browse/OSSM-11147
Fix Version: service-mesh-docs-main and service-mesh-docs-3.2
Doc Preview: https://100097--ocpdocs-pr.netlify.app/openshift-service-mesh/latest/install/ossm-istio-ambient-mode.html#ossm-about-istio-ambient-waypoint_ossm-istio-ambient-mode
NOTE: This is Part 1 of waypoint docs. The Layer 7 features will be covered in a separate docs PR.
SME Review/QE Review: @sridhargaddam @pbajjuri20 @unsortedhashsets
Peer Review: