From 78b3b9e01b23f733deb1c1eca07b164c17426bb9 Mon Sep 17 00:00:00 2001
From: Eguzki Astiz Lezaun <eastizle@redhat.com>
Date: Thu, 14 Dec 2023 11:44:00 +0100
Subject: [PATCH] fix istioctl deployment (#371)

Co-authored-by: Adam Cattermole <acatterm@redhat.com>
---
 Makefile                                      | 12 ++++++---
 config/dependencies/istio/istio-operator.yaml | 27 +------------------
 .../authenticated-rl-for-app-developers.md    |  7 +++--
 ...uthenticated-rl-with-jwt-and-k8s-authnz.md |  7 +++--
 .../simple-rl-for-app-developers.md           |  9 +++++--
 make/istio.mk                                 |  2 --
 6 files changed, 27 insertions(+), 37 deletions(-)

diff --git a/Makefile b/Makefile
index c97477d33..a22ac2555 100644
--- a/Makefile
+++ b/Makefile
@@ -285,9 +285,13 @@ local-deploy: ## Deploy Kuadrant Operator in the cluster pointed by KUBECONFIG
 	@echo
 	@echo "Now you can export the kuadrant gateway by doing:"
 	@echo "kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 &"
-	@echo "after that, you can curl -H \"Host: myhost.com\" localhost:9080"
-	@echo "-- Linux only -- Ingress gateway is exported using nodePort service in port 9080"
-	@echo "curl -H \"Host: myhost.com\" localhost:9080"
+	@echo "export GATEWAY_URL=localhost:9080"
+	@echo "after that, you can curl -H \"Host: myhost.com\" \$$GATEWAY_URL"
+	@echo "-- Linux only -- Ingress gateway is exported using loadbalancer service in port 80"
+	@echo "export INGRESS_HOST=\$$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.status.addresses[0].value}')"
+	@echo "export INGRESS_PORT=\$$(kubectl get gtw istio-ingressgateway -n istio-system -o jsonpath='{.spec.listeners[?(@.name==\"http\")].port}')"
+	@echo "export GATEWAY_URL=\$$INGRESS_HOST:\$$INGRESS_PORT"
+	@echo "curl -H \"Host: myhost.com\" \$$GATEWAY_URL"
 	@echo
 
 .PHONY: local-setup
@@ -305,6 +309,7 @@ local-cluster-setup: ## Sets up Kind cluster with GatewayAPI manifests and istio
 	$(MAKE) kind-create-cluster
 	$(MAKE) namespace
 	$(MAKE) gateway-api-install
+	$(MAKE) install-metallb
 	$(MAKE) istio-install
 	$(MAKE) install-cert-manager
 	$(MAKE) deploy-gateway
@@ -320,6 +325,7 @@ local-env-setup: ## Deploys all services and manifests required by kuadrant to r
 test-env-setup: ## Deploys all services and manifests required by kuadrant to run on CI.
 	$(MAKE) namespace
 	$(MAKE) gateway-api-install
+	$(MAKE) install-metallb
 	$(MAKE) istio-install
 	$(MAKE) install-cert-manager
 	$(MAKE) deploy-gateway
diff --git a/config/dependencies/istio/istio-operator.yaml b/config/dependencies/istio/istio-operator.yaml
index 0424558d5..f95685e03 100644
--- a/config/dependencies/istio/istio-operator.yaml
+++ b/config/dependencies/istio/istio-operator.yaml
@@ -16,29 +16,8 @@ spec:
       - enabled: false
         name: istio-egressgateway
     ingressGateways:
-      - enabled: true
+      - enabled: false
         name: istio-ingressgateway
-        k8s:
-          service:
-            type: NodePort
-            ports:
-              - name: status-port
-                port: 15021
-                protocol: TCP
-                targetPort: 15021
-              - name: http2
-                port: 80
-                protocol: TCP
-                targetPort: 8080
-                nodePort: 30950
-              - name: https
-                port: 443
-                protocol: TCP
-                targetPort: 8443
-                nodePort: 30951
-          resources:
-            requests:
-              cpu: "0"
     pilot:
       enabled: true
       k8s:
@@ -48,9 +27,5 @@ spec:
   values:
     pilot:
       autoscaleEnabled: false
-    gateways:
-      istio-ingressgateway:
-        type: ClusterIP
-        autoscaleEnabled: false
     global:
       istioNamespace: istio-system
diff --git a/doc/user-guides/authenticated-rl-for-app-developers.md b/doc/user-guides/authenticated-rl-for-app-developers.md
index 252b1e398..e1834d471 100644
--- a/doc/user-guides/authenticated-rl-for-app-developers.md
+++ b/doc/user-guides/authenticated-rl-for-app-developers.md
@@ -104,8 +104,11 @@ curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
 > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost:
 >
 > ```sh
-> kubectl port-forward -n istio-system service/istio-ingressgateway 9080:80 2>&1 >/dev/null &
-> curl -H 'Host: api.toystore.com' http://localhost:9080/toy -i
+> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 2>&1 >/dev/null &
+> export GATEWAY_URL=localhost:9080
+> ```
+> ```sh
+> curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
 > # HTTP/1.1 200 OK
 > ```
 
diff --git a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
index fe263c26d..5b97edd78 100644
--- a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
+++ b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
@@ -100,8 +100,11 @@ It should return `200 OK`.
 > **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost:
 >
 > ```sh
-> kubectl port-forward -n istio-system service/istio-ingressgateway 9080:80 2>&1 >/dev/null &
-> curl -H 'Host: api.toystore.com' http://localhost:9080/toy -i
+> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 2>&1 >/dev/null &
+> export GATEWAY_URL=localhost:9080
+> ```
+> ```sh
+> curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toy -i
 > # HTTP/1.1 200 OK
 > ```
 
diff --git a/doc/user-guides/simple-rl-for-app-developers.md b/doc/user-guides/simple-rl-for-app-developers.md
index c2bf7c59f..e05f57e06 100644
--- a/doc/user-guides/simple-rl-for-app-developers.md
+++ b/doc/user-guides/simple-rl-for-app-developers.md
@@ -102,10 +102,15 @@ curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toys -i
 # HTTP/1.1 200 OK
 ```
 
-> **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service:
+> **Note**: If the command above fails to hit the Toy Store API on your environment, try forwarding requests to the service and accessing over localhost:
 >
 > ```sh
-> kubectl port-forward -n istio-system service/istio-ingressgateway 9080:80 2>&1 >/dev/null &
+> kubectl port-forward -n istio-system service/istio-ingressgateway-istio 9080:80 2>&1 >/dev/null &
+> export GATEWAY_URL=localhost:9080
+> ```
+> ```sh
+> curl -H 'Host: api.toystore.com' http://$GATEWAY_URL/toys -i
+> # HTTP/1.1 200 OK
 > ```
 
 ### ③ Enforce rate limiting on requests to the Toy Store API
diff --git a/make/istio.mk b/make/istio.mk
index 183276260..42c239f9c 100644
--- a/make/istio.mk
+++ b/make/istio.mk
@@ -41,7 +41,6 @@ istioctl-verify-install: istioctl ## Verify istio installation.
 
 .PHONY: sail-install
 sail-install: kustomize
-	$(MAKE) install-metallb
 	$(KUSTOMIZE) build $(ISTIO_INSTALL_DIR)/sail | kubectl apply -f -
 	kubectl -n istio-system wait --for=condition=Available deployment istio-operator --timeout=300s
 	kubectl apply -f $(ISTIO_INSTALL_DIR)/sail/istio.yaml
@@ -50,7 +49,6 @@ sail-install: kustomize
 sail-uninstall: kustomize
 	kubectl delete -f $(ISTIO_INSTALL_DIR)/sail/istio.yaml
 	$(KUSTOMIZE) build $(ISTIO_INSTALL_DIR)/sail | kubectl delete -f -
-	$(MAKE) uninstall-metallb
 
 .PHONY: istio-install
 istio-install: