tv2 · Michael Vittrup Larsen (michaelvl) · Apr 17, 2023 · Apr 4, 2023
@@ -0,0 +1,23 @@
+#! /bin/bash
+
+ADDR=`kubectl -n foo-infra get gateway foo-gateway -o jsonpath='{.status.addresses[0].value}'`
+IP=`dig "$ADDR" +short | head -n1`
+DOMAIN=foo.kubecon23.tv2dev.dk
+
+echo "-------------------------------------------------------------------"
+echo "Skipping DNS, using $DOMAIN = $IP"
+echo "-------------------------------------------------------------------"
+read -p "Press enter to run CURL commands"
+
+echo "-------------------------------------------------------------------"
+echo ""
+echo "1x curl --resolve $DOMAIN:443:$IP https://$DOMAIN/site"
+curl --resolve $DOMAIN:443:$IP https://$DOMAIN/site
+
+echo "-------------------------------------------------------------------"
+echo ""
+echo "20x curl --resolve $DOMAIN:443:$IP https://$DOMAIN/store"
+for i in {1..20}
+do
+    curl --resolve $DOMAIN:443:$IP https://$DOMAIN/store
+done
@@ -0,0 +1,16 @@
+#! /bin/bash
+
+NS=$1
+GWNAME=$2
+
+NAME=gw-${NS}-${GWNAME}
+
+kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-upstream15021
+kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-upstream80
+kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-egress15021
+kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-egress80
+kubectl delete securitygrouprule.ec2.aws.upbound.io/${NAME}-ingress
+kubectl delete lblistener.elbv2.aws.upbound.io/${NAME}
+kubectl delete lbtargetgroup.elbv2.aws.upbound.io/${NAME}
+kubectl delete lb.elbv2.aws.upbound.io/${NAME}
+kubectl delete securitygroup.ec2.aws.upbound.io/${NAME}
@@ -0,0 +1,38 @@
+#! /bin/bash
+
+set -x
+
+SCOPE=${1:-""}
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "bifrost" ]; then
+    helm uninstall -n bifrost-gateway-controller-system bifrost-gateway-controller
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "app" ]; then
+    #kubectl delete -n foo-infra gateway foo-gateway
+    #kubectl delete -n foo-site httproute foo-site
+    #kubectl delete -n foo-store httproute foo-store
+    kubectl delete -f test-data/getting-started/foo-namespaces.yaml
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "tenantconfig" ]; then
+    kubectl delete -f hack/demo/namespace-gatewayclassconfig.yaml
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "acl" ]; then
+    kubectl delete -n foo-infra GatewayConfig foo-gateway-custom-acl
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "clusterresources" ]; then
+    hack/demo/delete-gw-cluster-resources.sh foo-infra foo-gateway
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "configs" ]; then
+    kubectl delete -f hack/demo/gatewayclassconfig-public.yaml
+    kubectl delete -f hack/demo/gatewayclassconfig-internal.yaml
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "blueprints" ]; then
+    kubectl delete -f blueprints/gatewayclassblueprint-aws-alb-crossplane.yaml
+    kubectl delete -f blueprints/gatewayclass-aws-alb-crossplane.yaml
+fi
@@ -0,0 +1,18 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: foo-gateway
+  namespace: foo-infra
+spec:
+  gatewayClassName: aws-alb-crossplane-public
+  listeners:
+  - name: web
+    port: 80
+    protocol: HTTP
+    hostname: "foo.kubecon23.tv2dev.dk"
+    allowedRoutes:
+      namespaces:
+        from: Selector
+        selector:
+          matchLabels:
+            allowGateway: foo
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo-infra
+  labels:
+    istio.io/rev: 1-16-1
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo-site
+  labels:
+    allowGateway: foo
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo-store
+  labels:
+    allowGateway: foo
@@ -0,0 +1,23 @@
+apiVersion: gateway.tv2.dk/v1alpha1
+kind: GatewayClassConfig
+metadata:
+  name: aws-alb-crossplane-internal
+  namespace: bifrost-gateway-controller-system
+  annotations:
+    krm-apply-setters: "true"
+spec:
+  override:
+    region: eu-central-1
+    vpcId: "vpc-0f0a7248b68315eb0" # kpt-set: ${vpcId}
+    subnets: # kpt-set: ${privateSubnetIds}
+      - subnet-0908fcb4afac15c67
+      - subnet-067f253633e60287f
+      - subnet-0f1a74a3ac6bba47e
+    upstreamSecurityGroup: "sg-0a4c4eb536ac8bb09" # kpt-set: ${clusterNodeSecurityGroupId}
+    internal: true
+    tags:
+      bifrost-gateway-controller/gatewayclass: aws-alb-crossplane-internal
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: GatewayClass
+    name: aws-alb-crossplane-internal
@@ -0,0 +1,23 @@
+apiVersion: gateway.tv2.dk/v1alpha1
+kind: GatewayClassConfig
+metadata:
+  name: aws-alb-crossplane-public
+  namespace: bifrost-gateway-controller-system
+  annotations:
+    krm-apply-setters: "true"
+spec:
+  override:
+    region: eu-central-1
+    vpcId: "vpc-0f0a7248b68315eb0" # kpt-set: ${vpcId}
+    subnets: # kpt-set: ${publicSubnetIds}
+      - subnet-02d99e9a066281659
+      - subnet-06f748b0455d254af
+      - subnet-0598d5f99b6958758
+    upstreamSecurityGroup: "sg-0a4c4eb536ac8bb09" # kpt-set: ${clusterNodeSecurityGroupId}
+    internal: false
+    tags:
+      bifrost-gateway-controller/gatewayclass: aws-alb-crossplane-public
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: GatewayClass
+    name: aws-alb-crossplane-public
@@ -0,0 +1,14 @@
+apiVersion: gateway.tv2.dk/v1alpha1
+kind: GatewayClassConfig
+metadata:
+  name: foo-infra-tenant-defaults
+  namespace: foo-infra
+spec:
+  override:
+    certificateArn: arn:aws:acm:eu-central-1:123456789012:certificate/33ce4a38-aff0-4ad7-bc7c-275fe99556e1
+    tags:
+      tenant: foo-tenant
+  targetRef:
+    group: ""
+    kind: Namespace
+    name: foo-infra
@@ -0,0 +1,60 @@
+#! /bin/bash
+
+SCOPE=${1:-""}
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "blueprints" ]; then
+    echo ""
+    echo "-------------------------------------------------------------------"
+    read -p "Press enter to deploy GatewayClassBlueprint + GatewayClass'es"
+    kubectl apply -f blueprints/gatewayclassblueprint-aws-alb-crossplane.yaml
+    kubectl apply -f blueprints/gatewayclass-aws-alb-crossplane.yaml
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "configs" ]; then
+    echo ""
+    echo "-------------------------------------------------------------------"
+    read -p "Press enter to deploy GatewayClassConfig's"
+    kubectl apply -f hack/demo/gatewayclassconfig-public.yaml
+    kubectl apply -f hack/demo/gatewayclassconfig-internal.yaml
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "tenantconfig" ]; then
+    echo ""
+    echo "-------------------------------------------------------------------"
+    read -p "Press enter to deploy namespace-default GatewayClassConfig's"
+    kubectl apply -f hack/demo/foo-namespaces.yaml
+    kubectl apply -f hack/demo/namespace-gatewayclassconfig.yaml
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "gateway" ]; then
+    echo ""
+    echo "-------------------------------------------------------------------"
+    read -p "Press enter to deploy getting-started usecase Gateway"
+    kubectl -n foo-infra apply -f hack/demo/foo-namespaces.yaml -f hack/demo/foo-gateway.yaml
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "acl" ]; then
+    echo ""
+    echo "-------------------------------------------------------------------"
+    read -p "Press enter to show user GatewayConfig with ACL CIDR"
+    hack/demo/test-add-user-acl.sh
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "app" ]; then
+    echo ""
+    echo "-------------------------------------------------------------------"
+    read -p "Press enter to deploy getting-started usecase application"
+    kubectl -n foo-site apply -f test-data/getting-started/app-foo-site.yaml
+    kubectl -n foo-site  apply -f test-data/getting-started/foo-site-httproute.yaml
+    kubectl -n foo-store apply -f test-data/getting-started/app-foo-store-v1.yaml
+    kubectl -n foo-store apply -f test-data/getting-started/app-foo-store-v2.yaml
+    kubectl -n foo-store apply -f test-data/getting-started/foo-store-httproute.yaml
+fi
+
+if [ -z "$SCOPE" ] || [ "$SCOPE" == "bifrost" ]; then
+    echo ""
+    echo "-------------------------------------------------------------------"
+    read -p "Press enter to deploy bifrost-gateway-controller"
+	helm repo add tv2-oss https://tv2-oss.github.io/bifrost-gateway-controller 2>/dev/null
+	helm upgrade -i bifrost-gateway-controller tv2-oss/bifrost-gateway-controller --version 0.1.4 --values charts/bifrost-gateway-controller/ci/gatewayclassblueprint-crossplane-aws-alb-values.yaml -n bifrost-gateway-controller-system 2>/dev/null
+fi
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+kubectl get gateway,lbs,lbtargetgroups -A | sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#'
@@ -0,0 +1,15 @@
+#! /bin/bash
+
+MYIP=`curl -s ifconfig.me`
+
+echo "************************"
+echo "Using local IP: $MYIP"
+echo "************************"
+echo ""
+
+cat hack/demo/user-gateway-acl.yaml | sed -e "s/1.2.3.4/$MYIP/"
+
+echo ""
+read -p "Press enter to deploy GatewayConfig"
+
+cat hack/demo/user-gateway-acl.yaml | sed -e "s/1.2.3.4/$MYIP/" | kubectl apply -f -
@@ -0,0 +1,17 @@
+apiVersion: gateway.tv2.dk/v1alpha1
+kind: GatewayConfig
+metadata:
+  name: foo-gateway-custom-acl
+  namespace: foo-infra
+spec:
+  override:
+    ingressAcls:
+      cidrs:
+      - 1.2.3.4/32
+    tags:
+      foo: bar123
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: foo-gateway
+    namespace: foo-infra
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#! /bin/bash

		kubectl get gateway,lbs,lbtargetgroups -A \| sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#'