Skip to content

Commit

Permalink
Update 03.1-platform.adoc
Browse files Browse the repository at this point in the history
  • Loading branch information
@jayachristina
jayachristina authored Oct 17, 2024
1 parent 007800f commit a51d040
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions documentation/modules/ROOT/pages/03.1-platform.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
The ansible scripts we just run has setup the following as ArgoCD applicatiopns:

* Red Hat Connectivity Link/Kuadrant operator and a Kuadrant instance
* A TLS issuer for TLS certificates. [https://console-openshift-console.%SUBDOMAIN%/k8s/cluster/cert-manager.io\~v1~ClusterIssuer/prod-web-lets-encrypt-issuer/yaml[View CR^]]
* A TLS issuer for TLS certificates. [https://console-openshift-console.%OPENSHIFTSUBDOMAIN%/k8s/cluster/cert-manager.io\~v1~ClusterIssuer/prod-web-lets-encrypt-issuer/yaml[View CR^]]
+
.[underline]#Click to see an example and description#
[%collapsible]
Expand Down Expand Up @@ -48,7 +48,7 @@ spec:
******
====

* A Gateway (based on istio gateway) with a wildcard hostname based on the root domain. [https://console-openshift-console.%SUBDOMAIN%/k8s/ns/ingress-gateway/gateway.networking.k8s.io\~v1~Gateway/prod-web/yaml[View CR^]]
* A Gateway (based on istio gateway) with a wildcard hostname based on the root domain. [https://console-openshift-console.%OPENSHIFTSUBDOMAIN%/k8s/ns/ingress-gateway/gateway.networking.k8s.io\~v1~Gateway/prod-web/yaml[View CR^]]
+
.[underline]#Click to see an example and description#
[%collapsible]
Expand Down Expand Up @@ -88,7 +88,7 @@ spec:


* Various policies attached to the Gateway:
** A default `deny-all` Auth Policy to start with zero-trust [https://console-openshift-console.%SUBDOMAIN%/k8s/ns/ingress-gateway/kuadrant.io\~v1beta2~AuthPolicy/prod-web-deny-all/yaml[View CR^]]
** A default `deny-all` Auth Policy to start with zero-trust [https://console-openshift-console.%OPENSHIFTSUBDOMAIN%/k8s/ns/ingress-gateway/kuadrant.io\~v1beta2~AuthPolicy/prod-web-deny-all/yaml[View CR^]]
+
.[underline]#Click to see an example and description#
[%collapsible]
Expand Down Expand Up @@ -130,7 +130,7 @@ spec:
* You can define the response to be sent in the *response* section; in this case, a response has been defined for *unauthorized* requests
******
====
** TLS Policy [https://console-openshift-console.%SUBDOMAIN%/k8s/ns/ingress-gateway/kuadrant.io\~v1alpha1~TLSPolicy/prod-web-tls-policy/yaml[View CR^]]
** TLS Policy [https://console-openshift-console.%OPENSHIFTSUBDOMAIN%/k8s/ns/ingress-gateway/kuadrant.io\~v1alpha1~TLSPolicy/prod-web-tls-policy/yaml[View CR^]]
+
.[underline]#Click to see an example and description#
[%collapsible]
Expand Down Expand Up @@ -163,7 +163,7 @@ spec:
====

* A sample EchoAPI endpoint and it's HTTPRoute:
** This is service literally echoes the request and is just used here for testing purposes. [https://console-openshift-console.%SUBDOMAIN%/k8s/ns/echo-api/gateway.networking.k8s.io\~v1~HTTPRoute/echo-api/yaml[View HTTPRoute^]]
** This is service literally echoes the request and is just used here for testing purposes. [https://console-openshift-console.%OPENSHIFTSUBDOMAIN%/k8s/ns/echo-api/gateway.networking.k8s.io\~v1~HTTPRoute/echo-api/yaml[View HTTPRoute^]]
+
.[underline]#Click to see an example and description#
[%collapsible]
Expand Down Expand Up @@ -207,7 +207,7 @@ spec:

Now that we have setup a secure, protected application connectivity environment, we are now ready to expose this to the Internet. We will do so by creating a DNSPolicy +

* Copy the following into the *Import YAML* utility accessible by the (+) button on top of the https://console-openshift-console.%SUBDOMAIN%[OpenShift Console^]
* Copy the following into the *Import YAML* utility accessible by the (+) button on top of the https://console-openshift-console.%OPENSHIFTSUBDOMAIN%[OpenShift Console^]
+
[.console-input]
[source,shell script]
Expand All @@ -227,7 +227,7 @@ spec:

* The DNSPolicy acts against a target Gateway by processing its listeners for hostnames and then create dns records for those hostnames.
* Note that the *routingStrategy* is marked as *"simple"* because this is a single cluster deployment. But in case of multi-cluster deployments DNSPolicy allows for `routingStrategy: loadbalanced` and can optionally include loadbalancing specifications.
* The *targetRef* sections refers to the [https://console-openshift-console.%SUBDOMAIN%/k8s/ns/ingress-gateway/gateway.networking.k8s.io\~v1~Gateway/prod-web/yaml[Gateway^]] created when the Ansible script was executed.
* The *targetRef* sections refers to the [https://console-openshift-console.%OPENSHIFTSUBDOMAIN%/k8s/ns/ingress-gateway/gateway.networking.k8s.io\~v1~Gateway/prod-web/yaml[Gateway^]] created when the Ansible script was executed.
* A number of DNS records are created on AWS Route 53.
+
image::route53-dnsrecords.png[]
Expand Down

0 comments on commit a51d040

Please sign in to comment.