diff --git a/hack/demo/curl.sh b/hack/demo/curl.sh new file mode 100755 index 00000000..5bb8eae3 --- /dev/null +++ b/hack/demo/curl.sh @@ -0,0 +1,23 @@ +#! /bin/bash + +ADDR=`kubectl -n foo-infra get gateway foo-gateway -o jsonpath='{.status.addresses[0].value}'` +IP=`dig "$ADDR" +short | head -n1` +DOMAIN=foo.kubecon23.tv2dev.dk + +echo "-------------------------------------------------------------------" +echo "Skipping DNS, using $DOMAIN = $IP" +echo "-------------------------------------------------------------------" +read -p "Press enter to run CURL commands" + +echo "-------------------------------------------------------------------" +echo "" +echo "1x curl --resolve $DOMAIN:443:$IP https://$DOMAIN/site" +curl --resolve $DOMAIN:443:$IP https://$DOMAIN/site + +echo "-------------------------------------------------------------------" +echo "" +echo "20x curl --resolve $DOMAIN:443:$IP https://$DOMAIN/store" +for i in {1..20} +do + curl --resolve $DOMAIN:443:$IP https://$DOMAIN/store +done diff --git a/hack/demo/delete-gw-cluster-resources.sh b/hack/demo/delete-gw-cluster-resources.sh new file mode 100755 index 00000000..363de935 --- /dev/null +++ b/hack/demo/delete-gw-cluster-resources.sh @@ -0,0 +1,16 @@ +#! /bin/bash + +NS=$1 +GWNAME=$2 + +NAME=gw-${NS}-${GWNAME} + +kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-upstream15021 +kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-upstream80 +kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-egress15021 +kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-egress80 +kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-ingress +kubectl delete lblistener.elbv2.aws.upbound.io/${NAME} +kubectl delete lbtargetgroup.elbv2.aws.upbound.io/${NAME} +kubectl delete lb.elbv2.aws.upbound.io/${NAME} +kubectl delete securitygroup.ec2.aws.upbound.io/${NAME} diff --git a/hack/demo/delete.sh b/hack/demo/delete.sh new file mode 100755 index 00000000..86cbeaee --- /dev/null +++ b/hack/demo/delete.sh @@ -0,0 +1,38 @@ +#! /bin/bash + +set -x + +SCOPE=${1:-""} + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "bifrost" ]; then + helm uninstall -n bifrost-gateway-controller-system bifrost-gateway-controller +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "app" ]; then + #kubectl delete -n foo-infra gateway foo-gateway + #kubectl delete -n foo-site httproute foo-site + #kubectl delete -n foo-store httproute foo-store + kubectl delete -f test-data/getting-started/foo-namespaces.yaml +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "tenantconfig" ]; then + kubectl delete -f hack/demo/namespace-gatewayclassconfig.yaml +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "acl" ]; then + kubectl delete -n foo-infra GatewayConfig foo-gateway-custom-acl +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "clusterresources" ]; then + hack/demo/delete-gw-cluster-resources.sh foo-infra foo-gateway +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "configs" ]; then + kubectl delete -f hack/demo/gatewayclassconfig-public.yaml + kubectl delete -f hack/demo/gatewayclassconfig-internal.yaml +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "blueprints" ]; then + kubectl delete -f blueprints/gatewayclassblueprint-aws-alb-crossplane.yaml + kubectl delete -f blueprints/gatewayclass-aws-alb-crossplane.yaml +fi diff --git a/hack/demo/foo-gateway.yaml b/hack/demo/foo-gateway.yaml new file mode 100644 index 00000000..ba8d5e23 --- /dev/null +++ b/hack/demo/foo-gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: Gateway +metadata: + name: foo-gateway + namespace: foo-infra +spec: + gatewayClassName: aws-alb-crossplane-public + listeners: + - name: web + port: 80 + protocol: HTTP + hostname: "foo.kubecon23.tv2dev.dk" + allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + allowGateway: foo diff --git a/hack/demo/foo-namespaces.yaml b/hack/demo/foo-namespaces.yaml new file mode 100644 index 00000000..c1e35061 --- /dev/null +++ b/hack/demo/foo-namespaces.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: foo-infra + labels: + istio.io/rev: 1-16-1 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: foo-site + labels: + allowGateway: foo +--- +apiVersion: v1 +kind: Namespace +metadata: + name: foo-store + labels: + allowGateway: foo diff --git a/hack/demo/gatewayclassconfig-internal.yaml b/hack/demo/gatewayclassconfig-internal.yaml new file mode 100644 index 00000000..6245332a --- /dev/null +++ b/hack/demo/gatewayclassconfig-internal.yaml @@ -0,0 +1,23 @@ +apiVersion: gateway.tv2.dk/v1alpha1 +kind: GatewayClassConfig +metadata: + name: aws-alb-crossplane-internal + namespace: bifrost-gateway-controller-system + annotations: + krm-apply-setters: "true" +spec: + override: + region: eu-central-1 + vpcId: "vpc-0f0a7248b68315eb0" # kpt-set: ${vpcId} + subnets: # kpt-set: ${privateSubnetIds} + - subnet-0908fcb4afac15c67 + - subnet-067f253633e60287f + - subnet-0f1a74a3ac6bba47e + upstreamSecurityGroup: "sg-0a4c4eb536ac8bb09" # kpt-set: ${clusterNodeSecurityGroupId} + internal: true + tags: + bifrost-gateway-controller/gatewayclass: aws-alb-crossplane-internal + targetRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: aws-alb-crossplane-internal diff --git a/hack/demo/gatewayclassconfig-public.yaml b/hack/demo/gatewayclassconfig-public.yaml new file mode 100644 index 00000000..919f84e9 --- /dev/null +++ b/hack/demo/gatewayclassconfig-public.yaml @@ -0,0 +1,23 @@ +apiVersion: gateway.tv2.dk/v1alpha1 +kind: GatewayClassConfig +metadata: + name: aws-alb-crossplane-public + namespace: bifrost-gateway-controller-system + annotations: + krm-apply-setters: "true" +spec: + override: + region: eu-central-1 + vpcId: "vpc-0f0a7248b68315eb0" # kpt-set: ${vpcId} + subnets: # kpt-set: ${publicSubnetIds} + - subnet-02d99e9a066281659 + - subnet-06f748b0455d254af + - subnet-0598d5f99b6958758 + upstreamSecurityGroup: "sg-0a4c4eb536ac8bb09" # kpt-set: ${clusterNodeSecurityGroupId} + internal: false + tags: + bifrost-gateway-controller/gatewayclass: aws-alb-crossplane-public + targetRef: + group: gateway.networking.k8s.io + kind: GatewayClass + name: aws-alb-crossplane-public diff --git a/hack/demo/namespace-gatewayclassconfig.yaml b/hack/demo/namespace-gatewayclassconfig.yaml new file mode 100644 index 00000000..0a961358 --- /dev/null +++ b/hack/demo/namespace-gatewayclassconfig.yaml @@ -0,0 +1,14 @@ +apiVersion: gateway.tv2.dk/v1alpha1 +kind: GatewayClassConfig +metadata: + name: foo-infra-tenant-defaults + namespace: foo-infra +spec: + override: + certificateArn: arn:aws:acm:eu-central-1:123456789012:certificate/33ce4a38-aff0-4ad7-bc7c-275fe99556e1 + tags: + tenant: foo-tenant + targetRef: + group: "" + kind: Namespace + name: foo-infra diff --git a/hack/demo/setup.sh b/hack/demo/setup.sh new file mode 100755 index 00000000..e4c307e3 --- /dev/null +++ b/hack/demo/setup.sh @@ -0,0 +1,60 @@ +#! /bin/bash + +SCOPE=${1:-""} + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "blueprints" ]; then + echo "" + echo "-------------------------------------------------------------------" + read -p "Press enter to deploy GatewayClassBlueprint + GatewayClass'es" + kubectl apply -f blueprints/gatewayclassblueprint-aws-alb-crossplane.yaml + kubectl apply -f blueprints/gatewayclass-aws-alb-crossplane.yaml +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "configs" ]; then + echo "" + echo "-------------------------------------------------------------------" + read -p "Press enter to deploy GatewayClassConfig's" + kubectl apply -f hack/demo/gatewayclassconfig-public.yaml + kubectl apply -f hack/demo/gatewayclassconfig-internal.yaml +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "tenantconfig" ]; then + echo "" + echo "-------------------------------------------------------------------" + read -p "Press enter to deploy namespace-default GatewayClassConfig's" + kubectl apply -f hack/demo/foo-namespaces.yaml + kubectl apply -f hack/demo/namespace-gatewayclassconfig.yaml +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "gateway" ]; then + echo "" + echo "-------------------------------------------------------------------" + read -p "Press enter to deploy getting-started usecase Gateway" + kubectl -n foo-infra apply -f hack/demo/foo-namespaces.yaml -f hack/demo/foo-gateway.yaml +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "acl" ]; then + echo "" + echo "-------------------------------------------------------------------" + read -p "Press enter to show user GatewayConfig with ACL CIDR" + hack/demo/test-add-user-acl.sh +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "app" ]; then + echo "" + echo "-------------------------------------------------------------------" + read -p "Press enter to deploy getting-started usecase application" + kubectl -n foo-site apply -f test-data/getting-started/app-foo-site.yaml + kubectl -n foo-site apply -f test-data/getting-started/foo-site-httproute.yaml + kubectl -n foo-store apply -f test-data/getting-started/app-foo-store-v1.yaml + kubectl -n foo-store apply -f test-data/getting-started/app-foo-store-v2.yaml + kubectl -n foo-store apply -f test-data/getting-started/foo-store-httproute.yaml +fi + +if [ -z "$SCOPE" ] || [ "$SCOPE" == "bifrost" ]; then + echo "" + echo "-------------------------------------------------------------------" + read -p "Press enter to deploy bifrost-gateway-controller" + helm repo add tv2-oss https://tv2-oss.github.io/bifrost-gateway-controller 2>/dev/null + helm upgrade -i bifrost-gateway-controller tv2-oss/bifrost-gateway-controller --version 0.1.4 --values charts/bifrost-gateway-controller/ci/gatewayclassblueprint-crossplane-aws-alb-values.yaml -n bifrost-gateway-controller-system 2>/dev/null +fi diff --git a/hack/demo/show-resources.sh b/hack/demo/show-resources.sh new file mode 100755 index 00000000..519c1d6d --- /dev/null +++ b/hack/demo/show-resources.sh @@ -0,0 +1,3 @@ +#! /bin/bash + +kubectl get gateway,lbs,lbtargetgroups -A | sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#' diff --git a/hack/demo/test-add-user-acl.sh b/hack/demo/test-add-user-acl.sh new file mode 100755 index 00000000..8550b102 --- /dev/null +++ b/hack/demo/test-add-user-acl.sh @@ -0,0 +1,15 @@ +#! /bin/bash + +MYIP=`curl -s ifconfig.me` + +echo "************************" +echo "Using local IP: $MYIP" +echo "************************" +echo "" + +cat hack/demo/user-gateway-acl.yaml | sed -e "s/1.2.3.4/$MYIP/" + +echo "" +read -p "Press enter to deploy GatewayConfig" + +cat hack/demo/user-gateway-acl.yaml | sed -e "s/1.2.3.4/$MYIP/" | kubectl apply -f - diff --git a/hack/demo/test-curl.sh b/hack/demo/test-curl.sh deleted file mode 100755 index c4b33e40..00000000 --- a/hack/demo/test-curl.sh +++ /dev/null @@ -1,13 +0,0 @@ -#! /bin/bash - -ADDR=`kubectl -n foo-infra get gateway foo-gateway -o jsonpath='{.status.addresses[0].value}'` -IP=`dig "$ADDR" +short | head -n1` - -echo "1x curl http://foo.example.com/site" -curl --resolve foo.example.com:80:$IP http://foo.example.com/site - -echo "20x curl http://foo.example.com/store" -for i in {1..20} -do - curl --resolve foo.example.com:80:$IP http://foo.example.com/store -done diff --git a/hack/demo/test-setup.sh b/hack/demo/test-setup.sh deleted file mode 100755 index e9500ae3..00000000 --- a/hack/demo/test-setup.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /bin/bash - -echo "" -echo "-------------------------------------------------------------------" -read -p "Press enter to deploy GatewayClassBlueprint + GatewayClass'es" -kubectl apply -f test-data/gatewayclassblueprint-aws-alb-crossplane.yaml -kubectl apply -f test-data/gatewayclass-aws-alb-crossplane.yaml - -echo "" -echo "-------------------------------------------------------------------" -read -p "Press enter to deploy GatewayClassConfig's" -kubectl apply -f test-data/gatewayclassconfig-aws-alb-crossplane-dev-env.yaml - -echo "" -echo "-------------------------------------------------------------------" -read -p "Press enter to deploy getting-started usecase" -make setup-getting-started-usecase diff --git a/hack/demo/user-gateway-acl.yaml b/hack/demo/user-gateway-acl.yaml new file mode 100644 index 00000000..dcd942d4 --- /dev/null +++ b/hack/demo/user-gateway-acl.yaml @@ -0,0 +1,17 @@ +apiVersion: gateway.tv2.dk/v1alpha1 +kind: GatewayConfig +metadata: + name: foo-gateway-custom-acl + namespace: foo-infra +spec: + override: + ingressAcls: + cidrs: + - 1.2.3.4/32 + tags: + foo: bar123 + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: foo-gateway + namespace: foo-infra