Updates port forwarding for hashed naming

Signed-off-by: danehans <daneyonhansen@gmail.com>
envoyproxy · Oct 18, 2022 · 19336da · 19336da
1 parent 3d66507
commit 19336da
Showing 1 changed file with 37 additions and 7 deletions.
diff --git a/docs/user/secure-gateways.md b/docs/user/secure-gateways.md
@@ -45,14 +45,47 @@ Store the cert/key in a Secret:
 kubectl create secret tls example-cert --key=www.example.com.key --cert=www.example.com.crt
 ```
 
+Update the Gateway from the Quickstart guide to include an HTTPS listener that listens on port `8443` and references the
+`example-cert` Secret:
+
+```shell
+cat <<EOF | kubectl apply -f -
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: eg
+spec:
+  gatewayClassName: eg
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 8080
+    - name: https
+      protocol: HTTPS
+      port: 8443
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - kind: Secret
+            group: ""
+            name: example-cert
+EOF
+```
+
 ## Testing
 
 ### Clusters without External Loadbalancer Support
 
+Get the name of the Envoy service created the by the example Gateway:
+
+```shell
+export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}')
+```
+
 Port forward to the Envoy service:
 
 ```shell
-kubectl -n envoy-gateway-system port-forward service/envoy-default-eg 8043:8443 &
+kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 8043:8443 &
 ```
 
 Curl the example app through Envoy proxy:
@@ -62,11 +95,10 @@ curl -v -HHost:www.example.com --resolve "www.example.com:8043:127.0.0.1" \
 --cacert example.com.crt https://www.example.com:8043/get
 ```
 
-You can replace `get` with any of the supported [httpbin methods][httpbin_methods].
-
 ### Clusters with External Loadbalancer Support
 
 Get the External IP of the Gateway:
+
 ```shell
 export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}')
 ```
@@ -78,8 +110,6 @@ curl -v -HHost:www.example.com --resolve "www.example.com:8443:${GATEWAY_HOST}"
 --cacert example.com.crt https://www.example.com:8443/get
 ```
 
-You can replace `get` with any of the supported [httpbin methods][httpbin_methods].
-
 ## Multiple HTTPS Listeners
 
 Due to [Issue 520][], multiple HTTP listeners must use different port numbers. For example:
@@ -117,7 +147,7 @@ spec:
  EOF
 ```
 
-Store the previously created cert/key in Secret "example-cert-2":
+Store the previously created cert/key in Secret `example-cert-2`:
 
 ```shell
 kubectl create secret tls example-cert-2 --key=www.example.com.key --cert=www.example.com.crt
@@ -158,7 +188,7 @@ Delete the previously created Secret:
 kubectl delete secret/example-cert
 ```
 
-Recreate the example Secret in the "envoy-gateway-system" namespace:
+Recreate the example Secret in the `envoy-gateway-system` namespace:
 
 ```shell
 kubectl create secret tls example-cert -n envoy-gateway-system --key=www.example.com.key --cert=www.example.com.crt