docs: updates task testing instructions to use tabs for with|without …

…external load balancer (envoyproxy#3284) docs: updates task testing instructions to use tabs for with|without external load balancer (fixes envoyproxy#3259) Signed-off-by: Eitan Suez <eitan@tetrate.io>
eitansuez · Apr 30, 2024 · e14b29d · e14b29d
1 parent 3418b69
commit e14b29d
Show file tree

Hide file tree

Showing 7 changed files with 144 additions and 108 deletions.
diff --git a/site/content/en/latest/tasks/quickstart.md b/site/content/en/latest/tasks/quickstart.md
@@ -48,44 +48,43 @@ consideration when debugging.
 ## Testing the Configuration
 
 {{< tabpane text=true >}}
-{{% tab header="Without LoadBalancer Support" %}}
+{{% tab header="With External LoadBalancer Support" %}}
 
-Get the name of the Envoy service created the by the example Gateway:
+You can also test the same functionality by sending traffic to the External IP. To get the external IP of the
+Envoy service, run:
 
 ```shell
-export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
+export GATEWAY_HOST=$(kubectl get svc/${ENVOY_SERVICE} -n envoy-gateway-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
 ```
 
-Port forward to the Envoy service:
-
-```shell
-kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 8888:80 &
-```
+In certain environments, the load balancer may be exposed using a hostname, instead of an IP address. If so, replace
+`ip` in the above command with `hostname`.
 
 Curl the example app through Envoy proxy:
 
 ```shell
-curl --verbose --header "Host: www.example.com" http://localhost:8888/get
+curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/get
 ```
 
 {{% /tab %}}
+{{% tab header="Without LoadBalancer Support" %}}
 
-{{% tab header="External LoadBalancer Support" %}}
-
-You can also test the same functionality by sending traffic to the External IP. To get the external IP of the
-Envoy service, run:
+Get the name of the Envoy service created the by the example Gateway:
 
 ```shell
-export GATEWAY_HOST=$(kubectl get svc/${ENVOY_SERVICE} -n envoy-gateway-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
 ```
 
-In certain environments, the load balancer may be exposed using a hostname, instead of an IP address. If so, replace
-`ip` in the above command with `hostname`.
+Port forward to the Envoy service:
+
+```shell
+kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 8888:80 &
+```
 
 Curl the example app through Envoy proxy:
 
 ```shell
-curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/get
+curl --verbose --header "Host: www.example.com" http://localhost:8888/get
 ```
 
 {{% /tab %}}

diff --git a/site/content/en/latest/tasks/security/backend-tls.md b/site/content/en/latest/tasks/security/backend-tls.md
@@ -208,24 +208,19 @@ kubectl get HTTPRoute backend -o yaml
 
 ## Testing
 
-### Clusters without External LoadBalancer Support
-
-Get the name of the Envoy service created the by the example Gateway:
-
-```shell
-export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
-```
+{{< tabpane text=true >}}
+{{% tab header="With External LoadBalancer Support" %}}
 
-Port forward to the Envoy service:
+Get the External IP of the Gateway:
 
 ```shell
-kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 80:80 &
+export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
 ```
 
-Query the TLS-enabled backend through Envoy proxy:
+Query the example app through the Gateway:
 
 ```shell
-curl -v -HHost:www.example.com --resolve "www.example.com:80:127.0.0.1" \
+curl -v -HHost:www.example.com --resolve "www.example.com:80:${GATEWAY_HOST}" \
 http://www.example.com:80/get
 ```
 
@@ -242,18 +237,25 @@ Inspect the output and see that the response contains the details of the TLS han
  }
 ```
 
-### Clusters with External LoadBalancer Support
+{{% /tab %}}
+{{% tab header="Without LoadBalancer Support" %}}
 
-Get the External IP of the Gateway:
+Get the name of the Envoy service created the by the example Gateway:
 
 ```shell
-export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
+export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
 ```
 
-Query the example app through the Gateway:
+Port forward to the Envoy service:
 
 ```shell
-curl -v -HHost:www.example.com --resolve "www.example.com:80:${GATEWAY_HOST}" \
+kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 80:80 &
+```
+
+Query the TLS-enabled backend through Envoy proxy:
+
+```shell
+curl -v -HHost:www.example.com --resolve "www.example.com:80:127.0.0.1" \
 http://www.example.com:80/get
 ```
 
@@ -270,4 +272,7 @@ Inspect the output and see that the response contains the details of the TLS han
  }
 ```
 
+{{% /tab %}}
+{{< /tabpane >}}
+
 [BackendTLSPolicy]: https://gateway-api.sigs.k8s.io/api-types/backendtlspolicy/
diff --git a/site/content/en/latest/tasks/security/mutual-tls.md b/site/content/en/latest/tasks/security/mutual-tls.md
@@ -133,49 +133,54 @@ spec:
 
 ## Testing
 
-### Clusters without External LoadBalancer Support
+{{< tabpane text=true >}}
+{{% tab header="With External LoadBalancer Support" %}}
 
-Get the name of the Envoy service created the by the example Gateway:
+Get the External IP of the Gateway:
 
 ```shell
-export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
+export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
 ```
 
-Port forward to the Envoy service:
+Query the example app through the Gateway:
 
 ```shell
-kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 8443:443 &
+curl -v -HHost:www.example.com --resolve "www.example.com:443:${GATEWAY_HOST}" \
+--cert client.example.com.crt --key client.example.com.key \
+--cacert example.com.crt https://www.example.com/get
 ```
 
-Query the example app through Envoy proxy:
+Don't specify the client key and certificate in the above command, and ensure that the connection fails:
 
 ```shell
-curl -v -HHost:www.example.com --resolve "www.example.com:8443:127.0.0.1" \
---cert client.example.com.crt --key client.example.com.key \
---cacert example.com.crt https://www.example.com:8443/get
+curl -v -HHost:www.example.com --resolve "www.example.com:443:${GATEWAY_HOST}" \
+--cacert example.com.crt https://www.example.com/get
 ```
 
-### Clusters with External LoadBalancer Support
+{{% /tab %}}
+{{% tab header="Without LoadBalancer Support" %}}
 
-Get the External IP of the Gateway:
+Get the name of the Envoy service created the by the example Gateway:
 
 ```shell
-export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
+export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
 ```
 
-Query the example app through the Gateway:
+Port forward to the Envoy service:
 
 ```shell
-curl -v -HHost:www.example.com --resolve "www.example.com:443:${GATEWAY_HOST}" \
---cert client.example.com.crt --key client.example.com.key \
---cacert example.com.crt https://www.example.com/get
+kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 8443:443 &
 ```
 
-Dont specify the client key and certificate in the above command, and ensure that the connection fails
+Query the example app through Envoy proxy:
 
 ```shell
-curl -v -HHost:www.example.com --resolve "www.example.com:443:${GATEWAY_HOST}" \
---cacert example.com.crt https://www.example.com/get
+curl -v -HHost:www.example.com --resolve "www.example.com:8443:127.0.0.1" \
+--cert client.example.com.crt --key client.example.com.key \
+--cacert example.com.crt https://www.example.com:8443/get
 ```
 
+{{% /tab %}}
+{{< /tabpane >}}
+
 [ClientTrafficPolicy]: ../../../api/extension_types#clienttrafficpolicy
diff --git a/site/content/en/latest/tasks/security/secure-gateways.md b/site/content/en/latest/tasks/security/secure-gateways.md
@@ -65,7 +65,24 @@ kubectl get gateway/eg -o yaml
 
 ## Testing
 
-### Clusters without External LoadBalancer Support
+{{< tabpane text=true >}}
+{{% tab header="With External LoadBalancer Support" %}}
+
+Get the External IP of the Gateway:
+
+```shell
+export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
+```
+
+Query the example app through the Gateway:
+
+```shell
+curl -v -HHost:www.example.com --resolve "www.example.com:443:${GATEWAY_HOST}" \
+--cacert example.com.crt https://www.example.com/get
+```
+
+{{% /tab %}}
+{{% tab header="Without LoadBalancer Support" %}}
 
 Get the name of the Envoy service created the by the example Gateway:
 
@@ -86,20 +103,9 @@ curl -v -HHost:www.example.com --resolve "www.example.com:8443:127.0.0.1" \
 --cacert example.com.crt https://www.example.com:8443/get
 ```
 
-### Clusters with External LoadBalancer Support
-
-Get the External IP of the Gateway:
-
-```shell
-export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
-```
-
-Query the example app through the Gateway:
+{{% /tab %}}
+{{< /tabpane >}}
 
-```shell
-curl -v -HHost:www.example.com --resolve "www.example.com:443:${GATEWAY_HOST}" \
---cacert example.com.crt https://www.example.com/get
-```
 
 ## Multiple HTTPS Listeners
 
@@ -467,7 +473,14 @@ kubectl patch httproute backend --type=json --patch '
 
 ## Testing
 
-### Clusters without External LoadBalancer Support
+{{< tabpane text=true >}}
+{{% tab header="With External LoadBalancer Support" %}}
+
+Refer to the steps mentioned earlier under [Testing in clusters with External LoadBalancer Support](#testing)
+
+
+{{% /tab %}}
+{{% tab header="Without LoadBalancer Support" %}}
 
 Get the name of the Envoy service created the by the example Gateway:
 
@@ -497,9 +510,8 @@ curl -v -HHost:www.sample.com --resolve "www.sample.com:8443:127.0.0.1" \
 
 Since the multiple certificates are configured on the same Gateway listener, Envoy was able to provide the client with appropriate certificate based on the SNI in the client request.
 
-### Clusters with External LoadBalancer Support
-
-Refer to the steps mentioned earlier under [Testing in clusters with External LoadBalancer Support](#clusters-with-external-loadbalancer-support)
+{{% /tab %}}
+{{< /tabpane >}}
 
 ## Next Steps
 

diff --git a/site/content/en/latest/tasks/security/tls-passthrough.md b/site/content/en/latest/tasks/security/tls-passthrough.md
@@ -68,42 +68,47 @@ kubectl patch gateway eg --type=json --patch '
 
 ## Testing
 
-### Clusters without External LoadBalancer Support
+{{< tabpane text=true >}}
+{{% tab header="With External LoadBalancer Support" %}}
 
-Get the name of the Envoy service created the by the example Gateway:
+You can also test the same functionality by sending traffic to the External IP of the Gateway:
 
 ```shell
-export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
+export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
 ```
 
-Port forward to the Envoy service:
+Curl the example app through the Gateway, e.g. Envoy proxy:
 
 ```shell
-kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 6043:6443 &
+curl -v -HHost:passthrough.example.com --resolve "passthrough.example.com:6443:${GATEWAY_HOST}" \
+--cacert example.com.crt https://passthrough.example.com:6443/get
 ```
 
-Curl the example app through Envoy proxy:
+{{% /tab %}}
+{{% tab header="Without LoadBalancer Support" %}}
+
+Get the name of the Envoy service created the by the example Gateway:
 
 ```shell
-curl -v --resolve "passthrough.example.com:6043:127.0.0.1" https://passthrough.example.com:6043 \
---cacert passthrough.example.com.crt
+export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
 ```
 
-### Clusters with External LoadBalancer Support
-
-You can also test the same functionality by sending traffic to the External IP of the Gateway:
+Port forward to the Envoy service:
 
 ```shell
-export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
+kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 6043:6443 &
 ```
 
-Curl the example app through the Gateway, e.g. Envoy proxy:
+Curl the example app through Envoy proxy:
 
 ```shell
-curl -v -HHost:passthrough.example.com --resolve "passthrough.example.com:6443:${GATEWAY_HOST}" \
---cacert example.com.crt https://passthrough.example.com:6443/get
+curl -v --resolve "passthrough.example.com:6043:127.0.0.1" https://passthrough.example.com:6043 \
+--cacert passthrough.example.com.crt
 ```
 
+{{% /tab %}}
+{{< /tabpane >}}
+
 ## Clean-Up
 
 Follow the steps from the [Quickstart](../../quickstart) to uninstall Envoy Gateway and the example manifest.