Created
February 10, 2023 02:38
-
-
Save jm96441n/7e005c82fa918b7b73c11abb617b4998 to your computer and use it in GitHub Desktop.
Test cross namespace api-gateway bug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
data: | |
token: NjFmNjlhMjctMDI4ZC1hZDc2LWU0ZTUtYjUzODMzNGNhZjNl | |
kind: Secret | |
metadata: | |
labels: | |
managed-by: consul-k8s | |
name: nsbug-apigw-consul-bootstrap-acl-token | |
namespace: consul | |
type: Opaque | |
# the token: 61f69a27-028d-ad76-e4e5-b538334caf3e |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
helm uninstall consul -n consul | |
sleep 15 | |
kind delete cluster -n nsbug |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global: | |
datacenter: dc1 | |
name: consul | |
logLevel: debug | |
enabled: false | |
image: "hashicorp/consul-enterprise:1.13.2-ent" | |
enableConsulNamespaces: true | |
acls: | |
manageSystemACLs: true | |
bootstrapToken: | |
secretName: nsbug-apigw-consul-bootstrap-acl-token | |
secretKey: token | |
enterpriseLicense: | |
secretName: "license" | |
secretKey: "key" | |
apiGateway: | |
enabled: true | |
image: consul-api-gateway/dev:0.5.0 | |
logLevel: debug | |
managedGatewayClass: | |
enabled: true | |
serviceType: NodePort | |
useHostPorts: false | |
connectInject: | |
enabled: true | |
replicas: 1 | |
transparentProxy: | |
defaultEnabled: true | |
defaultOverwriteProbes: true | |
k8sAllowNamespaces: ["*"] | |
consulNamespaces: | |
mirroringK8S: true | |
controller: | |
enabled: true | |
replicas: 1 | |
consulSidecarContainer: | |
imageEnvoy: "envoyproxy/envoy:v1.23.1" | |
server: | |
enabled: true | |
replicas: 1 | |
client: | |
enabled: true | |
grpc: true | |
ui: | |
enabled: true | |
service: | |
enabled: true | |
type: NodePort | |
port: | |
http: 80 | |
nodePort: | |
http: 30000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
kind create cluster --config kind-cluster.yaml | |
# The following line assumes that you have compiled the image locally using `make docker/dev` from the api-gateway repo | |
kind load docker-image consul-api-gateway/dev:0.5.0 -n nsbug | |
kubectl apply --kustomize "github.com/hashicorp/consul-api-gateway/config/crd?ref=v0.4.0" | |
kubectl create namespace consul | |
kubectl create namespace green | |
kubectl create namespace monitoring | |
kubectl create secret generic license -n consul --from-literal="key=<YOUR ENTERPRISE KEY>" | |
kubectl apply -f bootstrap-token.yaml | |
echo "helm installing" | |
helm install consul hashicorp/consul --values consul_values.yaml -n consul --version=0.49.0 | |
echo "helm is done" | |
kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-controller -n consul | |
kubectl apply -f service-defaults.yaml -n monitoring | |
kubectl apply -f nginx-test-gateway-deployment.yaml | |
kubectl apply -f green-api-gateway.yaml | |
while ! kubectl get deployments green-apigw -n green; do sleep 1; done | |
kubectl wait --timeout=180s --for=condition=Available=True deployments/green-apigw -n green | |
kubectl apply -f nginx-test-gateway-httproute.yaml | |
kubectl get svc green-apigw -n green -o yaml | sed 's/nodePort: ...../nodePort: 30002/g' >api-gateway-svc.yaml | |
kubectl apply -f api-gateway-svc.yaml | |
kubectl get svc -n consul |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: gateway.networking.k8s.io/v1beta1 | |
kind: Gateway | |
metadata: | |
name: green-apigw | |
namespace: green | |
spec: | |
gatewayClassName: consul-api-gateway | |
listeners: | |
- name: http | |
protocol: HTTP | |
port: 30002 | |
hostname: '*.green.daskt.nsbug.it' | |
allowedRoutes: | |
namespaces: | |
from: All |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: Cluster | |
apiVersion: kind.x-k8s.io/v1alpha4 | |
name: nsbug | |
nodes: | |
- role: control-plane | |
image: kindest/node:v1.23.12 | |
extraPortMappings: | |
- containerPort: 30000 | |
hostPort: 30600 | |
- containerPort: 30001 | |
hostPort: 30601 | |
- containerPort: 30002 | |
hostPort: 30602 | |
- role: worker | |
image: kindest/node:v1.23.12 | |
- role: worker | |
image: kindest/node:v1.23.12 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: nginx-gateway-demo | |
namespace: monitoring | |
labels: | |
my-label: nginx-gateway-demo | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: nginx-gateway-demo | |
namespace: monitoring | |
labels: | |
my-label: nginx-gateway-demo | |
spec: | |
selector: | |
matchLabels: | |
app: nginx-gateway-demo | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: nginx-gateway-demo | |
annotations: | |
consul.hashicorp.com/connect-inject: "true" | |
consul.hashicorp.com/enable-metrics-merging: "false" | |
consul.hashicorp.com/envoy-extra-args: '--log-level debug' | |
consul.hashicorp.com/transparent-proxy: 'false' | |
spec: | |
serviceAccountName: nginx-gateway-demo | |
containers: | |
- name: nginx | |
image: nginxdemos/hello:0.3 | |
ports: | |
- containerPort: 80 | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: nginx-gateway-demo | |
namespace: monitoring | |
labels: | |
my-label: nginx-gateway-demo | |
spec: | |
type: ClusterIP | |
selector: | |
app: nginx-gateway-demo | |
ports: | |
- port: 80 | |
targetPort: 80 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: gateway.networking.k8s.io/v1beta1 | |
kind: HTTPRoute | |
metadata: | |
name: nginx-gateway-demo-http-route-1 | |
namespace: monitoring | |
spec: | |
hostnames: | |
- nginx.green.daskt.nsbug.it | |
parentRefs: | |
- group: gateway.networking.k8s.io | |
kind: Gateway | |
name: green-apigw | |
namespace: green | |
rules: | |
- backendRefs: | |
- kind: Service | |
name: nginx-gateway-demo | |
namespace: monitoring | |
port: 80 | |
weight: 1 | |
matches: | |
- path: | |
type: PathPrefix | |
value: / | |
--- | |
apiVersion: gateway.networking.k8s.io/v1alpha2 | |
kind: ReferenceGrant | |
metadata: | |
name: green-monitoring | |
namespace: monitoring | |
spec: | |
from: | |
- group: gateway.networking.k8s.io | |
kind: HTTPRoute | |
namespace: green | |
to: | |
- group: "" | |
kind: Service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
kind load docker-image consul-api-gateway/dev:0.5.0 -n nsbug | |
kubectl delete -f api-gateway-svc.yaml | |
kubectl delete -f green-api-gateway.yaml | |
kubectl delete -f nginx-test-gateway-httproute.yaml | |
kubectl delete namespace green | |
kubectl exec consul-server-0 -n consul -- /bin/sh -c "export CONSUL_HTTP_TOKEN=61f69a27-028d-ad76-e4e5-b538334caf3e && consul namespace delete \"green\"" | |
kubectl delete pod "$(kubectl get pods --no-headers -o custom-columns=":metadata.name" -n consul | grep gateway-controller)" -n consul | |
kubectl create namespace green | |
kubectl wait --timeout=180s --for=condition=Available=True deployments/consul-controller -n consul | |
kubectl apply -f green-api-gateway.yaml | |
while ! kubectl get deployments green-apigw -n green; do sleep 1; done | |
kubectl wait --timeout=120s --for=condition=Available=True deployments/green-apigw -n green | |
kubectl apply -f nginx-test-gateway-httproute.yaml | |
kubectl get svc green-apigw -o yaml -n green | sed 's/nodePort: ...../nodePort: 30002/g' >api-gateway-svc.yaml | |
kubectl apply -f api-gateway-svc.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: consul.hashicorp.com/v1alpha1 | |
kind: ServiceDefaults | |
metadata: | |
name: nginx-gateway-demo | |
spec: | |
protocol: http |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment