Skip to content

Commit 1ebd7af

Browse files
bmangoenbmangoen
committed
Fix all execution errors
* Remove unnecessary console characters / debug statements * Fix all execution errors in the migration.adoc file Signed-off-by: bmangoen <bmangoen@redhat.com>
1 parent 64f9015 commit 1ebd7af

1 file changed

Lines changed: 17 additions & 15 deletions

File tree

docs/migrate-from-sidecar-to-ambient/migration.adoc

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -284,7 +284,6 @@ endif::[]
284284
----
285285
# Check current gateway API being used
286286
kubectl get gateway -n bookinfo
287-
echo "Return code: $?"
288287
----
289288

290289
Output should be similar to:
@@ -353,13 +352,13 @@ Before starting migration, validate your cluster meets all requirements and chec
353352
[source,bash,subs="attributes+",name="istio-migrate-from-sidecar-to-ambient"]
354353
----
355354
# Check for Layer 7-only authorization policies that will require waypoints
356-
kubectl get authorizationpolicy -A -o yaml | grep -E "(methods|paths|headers)" | grep -v "name:"
355+
kubectl get authorizationpolicy -A -o yaml | grep -E "(methods|paths|headers)" | grep -v "name:" || echo "No authorization policies found"
357356
358357
# Identify VirtualServices with subset-based routing requiring service migration
359-
kubectl get virtualservice -A -o yaml | grep -B5 -A10 "subset:" | grep -E "(name:|subset:)"
358+
kubectl get virtualservice -A -o yaml | grep -B5 -A10 "subset:" | grep -E "(name:|subset:)" || echo "No virtualservices with subset-based routing found"
360359
361360
# Check for unsupported features that need manual conversion
362-
kubectl get virtualservice -A -o yaml | grep -E "(fault|delay|mirror)" | grep -v "name:"
361+
kubectl get virtualservice -A -o yaml | grep -E "(fault|delay|mirror)" | grep -v "name:" || echo "No unsupported features found"
363362
----
364363

365364
**Migration Readiness Assessment:**
@@ -370,10 +369,10 @@ echo "=== VirtualServices requiring HTTPRoute conversion ==="
370369
kubectl get virtualservice -A --no-headers | wc -l
371370
372371
echo "=== DestinationRules with subsets requiring service creation ==="
373-
kubectl get destinationrule -A -o yaml | grep -c "subset:"
372+
kubectl get destinationrule -A -o yaml | grep -c "subset:" || true
374373
375374
echo "=== Authorization policies requiring waypoint deployment ==="
376-
kubectl get authorizationpolicy -A -o yaml | grep -c -E "(methods|paths|headers)"
375+
kubectl get authorizationpolicy -A -o yaml | grep -c -E "(methods|paths|headers)" || true
377376
----
378377

379378
Note: In the step 5 of this guide you will need to migrate unsupported features. This includes:
@@ -472,7 +471,6 @@ metadata:
472471
name: default
473472
spec:
474473
namespace: ztunnel
475-
profile: ambient
476474
EOF
477475
478476
# Verify ZTunnel is ready
@@ -519,6 +517,10 @@ kubectl get pods -n bookinfo
519517
----
520518
Note: during the restart, sidecars will be updated to support HBONE while still functioning as traditional sidecars. Having HBONE support enabled is a prerequisite for ambient mode.
521519

520+
ifdef::istio-migrate-from-sidecar-to-ambient[]
521+
with_retries wait_pods_ready_by_ns "bookinfo"
522+
endif::[]
523+
522524
[[step-32-validate-hbone-capability]]
523525
==== Step 3.2 Validate HBONE Capability
524526

@@ -527,7 +529,7 @@ Check that sidecars now support HBONE protocol:
527529
[source,bash,subs="attributes+",name="istio-migrate-from-sidecar-to-ambient"]
528530
----
529531
# Check for HBONE is enabled in sidecar
530-
$ kubectl get pod $(kubectl get pods -n bookinfo -l app=ratings -o jsonpath='{.items[0].metadata.name}') -n bookinfo -o yaml | yq '.spec.containers[] | select(.name=="istio-proxy") | .env[] | select(.name=="PROXY_CONFIG")'
532+
kubectl get pod $(kubectl get pods -n bookinfo -l app=ratings -o jsonpath='{.items[0].metadata.name}') -n bookinfo -o yaml | yq '.spec.containers[] | select(.name=="istio-proxy") | .env[] | select(.name=="PROXY_CONFIG")'
531533
----
532534

533535
The output should be similar to:
@@ -546,7 +548,7 @@ Send requests to ensure connectivity remains intact:
546548
[source,bash,subs="attributes+",name="istio-migrate-from-sidecar-to-ambient"]
547549
----
548550
# Test service connectivity through sidecars
549-
$ kubectl exec $(kubectl get pods -n bookinfo -l app=ratings -o jsonpath='{.items[0].metadata.name}') -n bookinfo -- curl http://reviews.bookinfo:9080/reviews/1
551+
kubectl exec $(kubectl get pods -n bookinfo -l app=ratings -o jsonpath='{.items[0].metadata.name}') -n bookinfo -- curl http://reviews.bookinfo:9080/reviews/1
550552
----
551553

552554
The output result should be similar to:
@@ -577,7 +579,7 @@ Test connectivity from outside the mesh:
577579
[source,bash]
578580
----
579581
# Test ingress connectivity
580-
$ curl -s http://$GATEWAY_URL/productpage | grep title
582+
curl -s http://$GATEWAY_URL/productpage | grep title
581583
----
582584

583585
The output should be similar to:
@@ -602,7 +604,7 @@ Analyze your current configuration to identify services that need waypoint proxi
602604
----
603605
# Check for existing L7 policies that will need waypoints
604606
kubectl get virtualservice,httproute -A
605-
kubectl get authorizationpolicy -A -o yaml | grep -A 10 -B 5 "rules.*methods\|operation"
607+
kubectl get authorizationpolicy -A -o yaml | grep -A 10 -B 5 "rules.*methods\|operation" || true
606608
----
607609

608610
[[step-42-create-waypoint-configurations]]
@@ -968,7 +970,7 @@ kubectl get authorizationpolicy -n bookinfo
968970
----
969971

970972
The output should be similar to:
971-
[source,bash,subs="attributes+",name="istio-migrate-from-sidecar-to-ambient"]
973+
[source,bash]
972974
----
973975
NAME ACTION AGE
974976
productpage-waypoint ALLOW 18s
@@ -980,7 +982,7 @@ reviews-ztunnel-protection DENY 6s
980982
**Critical**: Keep existing sidecar policies active until Policy Simplification step.
981983

982984
Test that services are still accessible (policies not yet enforced):
983-
[source,bash]
985+
[source,bash,subs="attributes+",name="istio-migrate-from-sidecar-to-ambient"]
984986
----
985987
NAMESPACE="bookinfo" # Replace with your namespace
986988
TEST_POD=$(kubectl get pods -n $NAMESPACE -l app=reviews -o jsonpath='{.items[0].metadata.name}')
@@ -989,7 +991,7 @@ if [[ "$HTTP_STATUS" == "200" ]]; then
989991
echo "PASS: Service connectivity still working"
990992
else
991993
echo "FAIL: Service connectivity failed: HTTP $HTTP_STATUS"
992-
exit 1
994+
sleep 1
993995
fi
994996
----
995997

@@ -1381,7 +1383,7 @@ kubectl exec $TEST_POD -n <NAMESPACE> -- curl -v -H "authorization: invalid" htt
13811383
[source,console]
13821384
----
13831385
# Check waypoint proxy performance
1384-
$ istioctl proxy-config listeners $(kubectl get pod -n <NAMESPACE> -l gateway.networking.k8s.io/gateway-name=<WAYPOINT_NAME> -o jsonpath='{.items[0].metadata.name}') -n <NAMESPACE>
1386+
istioctl proxy-config listeners $(kubectl get pod -n <NAMESPACE> -l gateway.networking.k8s.io/gateway-name=<WAYPOINT_NAME> -o jsonpath='{.items[0].metadata.name}') -n <NAMESPACE>
13851387
ADDRESSES PORT MATCH DESTINATION
13861388
0 ALL Cluster: inbound-vip|9080|http|<SERVICE1>.<NAMESPACE>.svc.cluster.local
13871389
0 ALL Cluster: inbound-vip|9080|http|<SERVICE1>-v3.<NAMESPACE>.svc.cluster.local

0 commit comments

Comments
 (0)