From 9f82ff979d20df6a8eeae89de29d516f7d5f6902 Mon Sep 17 00:00:00 2001 From: Jan Wozniak Date: Mon, 27 May 2024 23:23:35 +0200 Subject: [PATCH] document GatewayAPI example with xkcd application (#1040) Signed-off-by: Jan Wozniak Co-authored-by: Jorge Turrado Ferrero --- docs/walkthrough.md | 59 ++++++++++++++++++++++++++ examples/xkcd/templates/httproute.yaml | 39 +++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 examples/xkcd/templates/httproute.yaml diff --git a/docs/walkthrough.md b/docs/walkthrough.md index 7b4172fa..04159858 100644 --- a/docs/walkthrough.md +++ b/docs/walkthrough.md @@ -14,6 +14,13 @@ You'll need to install a `Deployment` and `Service` first. You'll tell the add-o helm install xkcd ./examples/xkcd -n ${NAMESPACE} ``` +#### xkcd exposed with GatewayAPI +Alternatively if you'd like to try the addon along with GatewayAPI, you can install first GatewayAPI CRDs and some GatewayAPI implementation, for example as described in a [section below](#installing-and-using-the-eg-gatewayapi) and install the application as with `httproute=true` which will deploy properly configured `HTTPRoute` too. + +```console +helm install xkcd ./examples/xkcd -n ${NAMESPACE} --set httproute=true +``` + You'll need to clone the repository to get access to this chart. If you have your own workload and `Service` installed, you can go right to creating an `HTTPScaledObject` in the next section. >If you are running KEDA and the HTTP Add-on in cluster-global mode, you can install the XKCD chart in any namespace you choose. If you do so, make sure you add `--set ingressNamespace=${NAMESPACE}` to the above installation command. @@ -70,6 +77,58 @@ When you're ready, please run `kubectl get svc -n ${NAMESPACE}`, find the `ingre >Note: you should go further and set your DNS records appropriately and set up a TLS certificate for this IP address. Instructions to do that are out of scope of this document, though. +#### Installing and Using the [eg](https://gateway.envoyproxy.io/v1.0.1/install/install-helm/) GatewayAPI + +Similarly to exposing your service with `Ingress`, you can expose your service with `HTTPRoute` as part of [GatewayAPI](https://github.com/kubernetes-sigs/gateway-api). Following steps describe how to install one of may GatewayAPI implementations - Envoy Gateway. +You should install the `xkcd` helm chart with `--set httproute=true` as [explained above](#xkcd-exposed-with-gatewayapi). + +The helm chart is publically available and hosted by DockerHub +```console +helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.0.1 -n envoy-gateway-system --create-namespace +``` +Before creating new `Gateway`, wait for Envoy Gateway to become available +```console +kubectl wait --timeout=5m -n envoy-gateway-system deployment/envoy-gateway --for=condition=Available +``` +Create `GatewayClass` and `Gateway` +```console +cat << 'EOF' | kubectl apply -f - +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: eg +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: eg + namespace: envoy-gateway-system +spec: + gatewayClassName: eg + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +EOF +``` +> 💡 Note the `ExternalName` type `Service` used to route traffic from `Ingress` defined in one namespace to the interceptor `Service` defined in another is not necessary with GatewayAPI. +> The GatewayAPI defines [`ReferenceGrant`](https://gateway-api.sigs.k8s.io/api-types/referencegrant/) to allow `HTTPRoutes` referencing `Services` and other types of backend from different `Namespaces`. + +You can see the IP address for following rest of the document with +```console +kubectl get gateway -n envoy-gateway-system +``` +For example (your IP will likely differ) +``` +NAME CLASS ADDRESS PROGRAMMED AGE +eg eg 172.24.255.201 True 16s +``` + ### Making an HTTP Request to your App Now that you have your application running and your ingress configured, you can issue an HTTP request. To do so, you'll need to know the IP address to request. If you're using an ingress controller, that is the IP of the ingress controller's `Service`. If you're using a "raw" `Service` with `type: LoadBalancer`, that is the IP address of the `Service` itself. diff --git a/examples/xkcd/templates/httproute.yaml b/examples/xkcd/templates/httproute.yaml new file mode 100644 index 00000000..04351ec6 --- /dev/null +++ b/examples/xkcd/templates/httproute.yaml @@ -0,0 +1,39 @@ +{{- if .Values.httproute }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "xkcd.fullname" . }} +spec: + parentRefs: + - name: eg + namespace: envoy-gateway-system + hostnames: + {{- range .Values.hosts }} + - {{ . | toString }} + {{- end }} + rules: + - backendRefs: + - kind: Service + name: keda-add-ons-http-interceptor-proxy + namespace: keda + port: 8080 + matches: + - path: + type: PathPrefix + value: / +--- +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: ReferenceGrant +metadata: + name: {{ include "xkcd.fullname" . }} + namespace: keda +spec: + from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: {{ .Release.Namespace }} + to: + - group: "" + kind: Service + name: keda-add-ons-http-interceptor-proxy +{{- end }}