Skip to content

Conversation

shreyasiddhartha
Copy link
Contributor

@shreyasiddhartha shreyasiddhartha commented Oct 7, 2025

Change type: Doc update; Istio Ambient mode waypoint docs: Waypoint proxy

Doc JIRA: https://issues.redhat.com/browse/OSSM-11147

Fix Version: service-mesh-docs-main and service-mesh-docs-3.2

Doc Preview: https://100097--ocpdocs-pr.netlify.app/openshift-service-mesh/latest/install/ossm-istio-ambient-mode.html#ossm-about-istio-ambient-waypoint_ossm-istio-ambient-mode

NOTE: This is Part 1 of waypoint docs. The Layer 7 features will be covered in a separate docs PR.

SME Review/QE Review: @sridhargaddam @pbajjuri20 @unsortedhashsets
Peer Review:

@openshift-ci openshift-ci bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 7, 2025
@shreyasiddhartha
Copy link
Contributor Author

/label service-mesh

@openshift-ci openshift-ci bot added the service-mesh Label for all Service Mesh PRs label Oct 7, 2025
@briandooley
Copy link
Contributor

/retest validate-asciidoc

Copy link

openshift-ci bot commented Oct 7, 2025

@briandooley: The /retest command does not accept any targets.
The following commands are available to trigger required jobs:

/test validate-asciidoc
/test validate-portal

Use /test all to run all jobs.

In response to this:

/retest validate-asciidoc

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@briandooley
Copy link
Contributor

/test validate-asciidoc

1 similar comment
@shreyasiddhartha
Copy link
Contributor Author

/test validate-asciidoc

@ocpdocs-previewbot
Copy link

ocpdocs-previewbot commented Oct 8, 2025

🤖 Fri Oct 10 10:59:52 - Prow CI generated the docs preview:
https://100097--ocpdocs-pr.netlify.app
Complete list of updated preview URLs: artifacts/updated_preview_urls.txt

Copy link

@pbajjuri20 pbajjuri20 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified the Yaml and commands, everything executed as expected.

Copy link

@unsortedhashsets unsortedhashsets left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, commands passed fine on different clusters, waypoint pod is running

However, personally, as a newb in ambient, feel the lack of verification/validation steps of "Is the established waypoint works fine" 🤔

E.g. valdiated with (just tbd, not advise to add to docs):

cat <<'EOF' | oc --context rosa apply -f -
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
  name: productpage-deny-default
  namespace: bookinfo
spec:
  targetRefs:
  - group: ""
    kind: Service
    name: productpage
  action: DENY
  rules:
  - when:
    - key: request.headers[allow-me]
      notValues: ["yes"]    # deny if header missing or not "yes"
EOF

And running curl pod

oc --context rosa -n bookinfo exec -it curl-test -- \
  curl -s -o /dev/null -w "%{http_code}\n" \
  http://productpage.bookinfo.svc.cluster.local:9080/productpage
403

oc --context rosa -n bookinfo exec -it curl-test -- \
  curl -H "allow-me: yes" -s -o /dev/null -w "%{http_code}\n" \
  http://productpage.bookinfo.svc.cluster.local:9080/productpage
200

Copy link

@sridhargaddam sridhargaddam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sridhargaddam
Copy link

NOTE: This is Part 1 of waypoint docs. The Layer 7 features will be covered in a separate docs PR.

@shreyasiddhartha, as pointed out by @unsortedhashsets, even I felt that validation commands are missing from the document.
Is there a plan to cover it in Part 2?

@shreyasiddhartha
Copy link
Contributor Author

NOTE: This is Part 1 of waypoint docs. The Layer 7 features will be covered in a separate docs PR.

@shreyasiddhartha, as pointed out by @unsortedhashsets, even I felt that validation commands are missing from the document. Is there a plan to cover it in Part 2?

@sridhargaddam @unsortedhashsets Here's the second PR covering the rest of the content: #100107. Let me know if this is what you were looking for. I plan to share Part 2 for review after merging Part 1 so that information is organised and presented in a linear manner. If you still feel something is missing, let me know here and I will add it to the docs.

Copy link

@sridhargaddam sridhargaddam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @shreyasiddhartha.

Copy link

openshift-ci bot commented Oct 10, 2025

@shreyasiddhartha: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Copy link

@unsortedhashsets unsortedhashsets left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very cool, lgtm, confirm commands with all rosa/ipv6/dualstack and verification works both for waypoint and for waypoint-default and waypoint name is visible e.g.:

NAMESPACE    SERVICE NAME     SERVICE VIP       WAYPOINT ENDPOINTS
bookinfo     details          fd00:172:16::36ce waypoint 1/1
bookinfo     details-v1       fd00:172:16::c513 waypoint 1/1
bookinfo     productpage      fd00:172:16::27fb waypoint 1/1
bookinfo     productpage-v1   fd00:172:16::55e7 waypoint 1/1
bookinfo     ratings          fd00:172:16::cfa  waypoint 1/1
bookinfo     ratings-v1       fd00:172:16::4f0e waypoint 1/1
bookinfo     reviews          fd00:172:16::8523 waypoint 3/3
bookinfo     reviews-v1       fd00:172:16::e90d waypoint 1/1
bookinfo     reviews-v2       fd00:172:16::1fcf waypoint 1/1
bookinfo     reviews-v3       fd00:172:16::c660 waypoint 1/1
bookinfo     waypoint         fd00:172:16::9cb2 None     1/1
default      curl             fd00:172:16::e0ae None     1/1
default      kubernetes       fd00:172:16::1    None     3/3
default      waypoint-default fd00:172:16::d0d5 None     1/1
istio-system istiod           fd00:172:16::c2d0 None     1/1
NAMESPACE    SERVICE NAME     SERVICE VIP               WAYPOINT         ENDPOINTS
bookinfo     details          172.30.115.61             waypoint-default 1/1
bookinfo     details-v1       172.30.9.77               waypoint-default 1/1
bookinfo     productpage      172.30.195.234            waypoint-default 1/1
bookinfo     productpage-v1   172.30.92.156             waypoint-default 1/1
bookinfo     ratings          172.30.212.58             waypoint-default 1/1
bookinfo     ratings-v1       172.30.140.149            waypoint-default 1/1
bookinfo     reviews          172.30.25.162             waypoint-default 3/3
bookinfo     reviews-v1       172.30.183.95             waypoint-default 1/1
bookinfo     reviews-v2       172.30.137.97             waypoint-default 1/1
bookinfo     reviews-v3       172.30.12.167             waypoint-default 1/1
bookinfo     waypoint         172.30.96.202,fd02::3c04  None             1/1
default      curl             172.30.176.145            None             1/1
default      kubernetes       172.30.0.1                None             3/3
default      waypoint-default 172.30.206.209,fd02::5c78 None             1/1
istio-system istiod           172.30.19.142             None             1/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

service-mesh Label for all Service Mesh PRs size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants