Skip to content

Commit

Permalink
docs: add tls and dns policy docs
Browse files Browse the repository at this point in the history 
* Add dnspolicy overview and reference docs
* Add tlspolicy overview and reference docs
  • Loading branch information
@mikenairn
mikenairn committed Feb 9, 2024
1 parent 9b4301d commit 3d0c590
Show file tree
Hide file tree
Showing 8 changed files with 508 additions and 34 deletions.
27 changes: 16 additions & 11 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,23 +30,26 @@ to operate the cluster (Istio's) ingress gateway to provide API management with

### Kuadrant components

| CRD | Description |
|----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Control Plane | The control plane takes the customer desired configuration (declaratively as kubernetes custom resources) as input and ensures all components are configured to obey customer's desired behavior.<br> This repository contains the source code of the kuadrant control plane |
| [Kuadrant Operator](https://github.com/Kuadrant/kuadrant-operator) | A Kubernetes Operator to manage the lifecycle of the kuadrant deployment |
| [Authorino](https://github.com/Kuadrant/authorino) | The AuthN/AuthZ enforcer. As the [external istio authorizer](https://istio.io/latest/docs/tasks/security/authorization/authz-custom/) ([envoy external authorization](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter) serving gRPC service) |
| [Limitador](https://github.com/Kuadrant/limitador) | The external rate limiting service. It exposes a gRPC service implementing the [Envoy Rate Limit protocol (v3)](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/ratelimit/v3/rls.proto) |
| [Authorino Operator](https://github.com/Kuadrant/authorino-operator) | A Kubernetes Operator to manage Authorino instances |
| [Limitador Operator](https://github.com/Kuadrant/limitador-operator) | A Kubernetes Operator to manage Limitador instances |
| CRD | Description |
|--------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Control Plane | The control plane takes the customer desired configuration (declaratively as kubernetes custom resources) as input and ensures all components are configured to obey customer's desired behavior.<br> This repository contains the source code of the kuadrant control plane |
| [Kuadrant Operator](https://github.com/Kuadrant/kuadrant-operator) | A Kubernetes Operator to manage the lifecycle of the kuadrant deployment |
| [Authorino](https://github.com/Kuadrant/authorino) | The AuthN/AuthZ enforcer. As the [external istio authorizer](https://istio.io/latest/docs/tasks/security/authorization/authz-custom/) ([envoy external authorization](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter) serving gRPC service) |
| [Limitador](https://github.com/Kuadrant/limitador) | The external rate limiting service. It exposes a gRPC service implementing the [Envoy Rate Limit protocol (v3)](https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/ratelimit/v3/rls.proto) |
| [Authorino Operator](https://github.com/Kuadrant/authorino-operator) | A Kubernetes Operator to manage Authorino instances |
| [Limitador Operator](https://github.com/Kuadrant/limitador-operator) | A Kubernetes Operator to manage Limitador instances |
| [Kuadrant DNS Operator](https://github.com/Kuadrant/kuadrant-dns-operator) | A Kubernetes Operator to manage DNS records in external providers |

### Provided APIs

The kuadrant control plane owns the following [Custom Resource Definitions, CRDs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/):

| CRD | Description | Example |
|-----------------------------------------------------------------------------------------------------|----------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|
| AuthPolicy CRD [\[doc\]](doc/auth.md) [[reference]](doc/reference/authpolicy.md) | Enable AuthN and AuthZ based access control on workloads | [AuthPolicy CR](https://github.com/Kuadrant/kuadrant-operator/blob/main/examples/toystore/authpolicy.yaml) |
| CRD | Description | Example |
|-----------------------------------------------------------------------------------------------------|----------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|
| AuthPolicy CRD [\[doc\]](doc/auth.md) [[reference]](doc/reference/authpolicy.md) | Enable AuthN and AuthZ based access control on workloads | [AuthPolicy CR](https://github.com/Kuadrant/kuadrant-operator/blob/main/examples/toystore/authpolicy.yaml) |
| RateLimitPolicy CRD [\[doc\]](doc/rate-limiting.md) [[reference]](doc/reference/ratelimitpolicy.md) | Enable access control on workloads based on HTTP rate limiting | [RateLimitPolicy CR](https://raw.githubusercontent.com/Kuadrant/kuadrant-operator/main/examples/toystore/ratelimitpolicy_httproute.yaml) |
| DNSPolicy CRD [\[doc\]](doc/dns.md) [[reference]](doc/reference/dnspolicy.md) | Enable DNS management | [DNSPolicy CR](config/samples/kuadrant_v1alpha1_dnspolicy.yaml) |
| TLSPolicy CRD [\[doc\]](doc/tls.md) [[reference]](doc/reference/tlspolicy.md) | Enable TLS management | [TLSPolicy CR](config/samples/kuadrant_v1alpha1_tlspolicy.yaml) |

Additionally, Kuadrant provides the following CRDs

Expand All @@ -66,6 +69,8 @@ Additionally, Kuadrant provides the following CRDs
[Istio getting started guide](https://istio.io/latest/docs/setup/getting-started/).
* Kubernetes Gateway API is installed in the cluster. Otherwise,
[configure Istio to expose a service using the Kubernetes Gateway API](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/).
* cert-manager is installed in the cluster. Otherwise, refer to the
[cert-manager installation guide](https://cert-manager.io/docs/installation/).

### Installing Kuadrant

Expand Down
30 changes: 17 additions & 13 deletions doc/development.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,13 +87,14 @@ bundle and a custom catalog including the custom bundle.

The `make bundle` target accepts the following variables:

| **Makefile Variable** | **Description** | **Default value** | **Notes** |
|---------------------------------|-------------------------------|-----------------------------------------------------|----------------------------------------------------------------------------------------------------|
| `IMG` | Kuadrant operator image URL | `quay.io/kuadrant/kuadrant-operator:latest` | `TAG` var could be use to build this URL, defaults to _latest_ if not provided |
| `VERSION` | Bundle version | `0.0.0` | |
| `LIMITADOR_OPERATOR_BUNDLE_IMG` | Limitador operator bundle URL | `quay.io/kuadrant/limitador-operator-bundle:latest` | `LIMITADOR_OPERATOR_VERSION` var could be used to build this, defaults to _latest_ if not provided |
| `AUTHORINO_OPERATOR_BUNDLE_IMG` | Authorino operator bundle URL | `quay.io/kuadrant/authorino-operator-bundle:latest` | `AUTHORINO_OPERATOR_VERSION` var could be used to build this, defaults to _latest_ if not provided |
| `RELATED_IMAGE_WASMSHIM` | WASM shim image URL | `oci://quay.io/kuadrant/wasm-shim:latest` | `WASM_SHIM_VERSION` var could be used to build this, defaults to _latest_ if not provided |
| **Makefile Variable** | **Description** | **Default value** | **Notes** |
|------------------------------------|-----------------------------------|--------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
| `IMG` | Kuadrant operator image URL | `quay.io/kuadrant/kuadrant-operator:latest` | `TAG` var could be use to build this URL, defaults to _latest_ if not provided |
| `VERSION` | Bundle version | `0.0.0` | |
| `LIMITADOR_OPERATOR_BUNDLE_IMG` | Limitador operator bundle URL | `quay.io/kuadrant/limitador-operator-bundle:latest` | `LIMITADOR_OPERATOR_VERSION` var could be used to build this, defaults to _latest_ if not provided |
| `AUTHORINO_OPERATOR_BUNDLE_IMG` | Authorino operator bundle URL | `quay.io/kuadrant/authorino-operator-bundle:latest` | `AUTHORINO_OPERATOR_VERSION` var could be used to build this, defaults to _latest_ if not provided |
| `KUADRANT_DNS_OPERATOR_BUNDLE_IMG` | Kuadrant DNS operator bundle URL | `quay.io/kuadrant/kuadrant-dns-operator-bundle:latest` | `KUADRANT_DNS_OPERATOR_BUNDLE_IMG` var could be used to build this, defaults to _latest_ if not provided |
| `RELATED_IMAGE_WASMSHIM` | WASM shim image URL | `oci://quay.io/kuadrant/wasm-shim:latest` | `WASM_SHIM_VERSION` var could be used to build this, defaults to _latest_ if not provided |

* Build the bundle manifests

Expand All @@ -103,6 +104,7 @@ make bundle [IMG=quay.io/kuadrant/kuadrant-operator:latest] \
[VERSION=0.0.0] \
[LIMITADOR_OPERATOR_BUNDLE_IMG=quay.io/kuadrant/limitador-operator-bundle:latest] \
[AUTHORINO_OPERATOR_BUNDLE_IMG=quay.io/kuadrant/authorino-operator-bundle:latest] \
[KUADRANT_DNS_OPERATOR_BUNDLE_IMG=quay.io/kuadrant/kuadrant-dns-operator-bundle:latest] \
[RELATED_IMAGE_WASMSHIM=oci://quay.io/kuadrant/wasm-shim:latest]
```

Expand Down Expand Up @@ -153,16 +155,18 @@ Make sure all the required bundles are pushed to the registry. It is required by

The `make catalog` target accepts the following variables:

| **Makefile Variable** | **Description** | **Default value** |
|---------------------------------|------------------------------------|-----------------------------------------------------|
| `BUNDLE_IMG` | Kuadrant operator bundle image URL | `quay.io/kuadrant/kuadrant-operator-bundle:latest` |
| `LIMITADOR_OPERATOR_BUNDLE_IMG` | Limitador operator bundle URL | `quay.io/kuadrant/limitador-operator-bundle:latest` |
| `AUTHORINO_OPERATOR_BUNDLE_IMG` | Authorino operator bundle URL | `quay.io/kuadrant/authorino-operator-bundle:latest` |
| **Makefile Variable** | **Description** | **Default value** |
|------------------------------------|-------------------------------------|--------------------------------------------------------|
| `BUNDLE_IMG` | Kuadrant operator bundle image URL | `quay.io/kuadrant/kuadrant-operator-bundle:latest` |
| `LIMITADOR_OPERATOR_BUNDLE_IMG` | Limitador operator bundle URL | `quay.io/kuadrant/limitador-operator-bundle:latest` |
| `AUTHORINO_OPERATOR_BUNDLE_IMG` | Authorino operator bundle URL | `quay.io/kuadrant/authorino-operator-bundle:latest` |
| `KUADRANT_DNS_OPERATOR_BUNDLE_IMG` | Kuadrant DNS operator bundle URL | `quay.io/kuadrant/kuadrant-dns-operator-bundle:latest` |

```sh
make catalog [BUNDLE_IMG=quay.io/kuadrant/kuadrant-operator-bundle:latest] \
[LIMITADOR_OPERATOR_BUNDLE_IMG=quay.io/kuadrant/limitador-operator-bundle:latest] \
[AUTHORINO_OPERATOR_BUNDLE_IMG=quay.io/kuadrant/authorino-operator-bundle:latest]
[AUTHORINO_OPERATOR_BUNDLE_IMG=quay.io/kuadrant/authorino-operator-bundle:latest] \
[KUADRANT_DNS_OPERATOR_BUNDLE_IMG=quay.io/kuadrant/kuadrant-dns-operator-bundle:latest]
```

* Build the catalog image from the manifests
Expand Down
Loading

0 comments on commit 3d0c590

Please sign in to comment.