Some fixes/improvements for KIND

Signed-off-by: Alvaro Saurin <[email protected]>

Author: inercia

deploy/third-party/kind/README.md

@@ -5,3 +5,100 @@ Integration with KIND is achieved by
 - not using any specific version of Ambassador (so it will always install the latest one).
 - not specifying an update window.
 - installing the OSS version of Ambassador.
+
+## Testing
+
+First install the CRDs with
+
+```commandline
+kubectl apply -f https://github.com/datawire/ambassador-operator/releases/latest/download/ambassador-operator-crds.yaml
+```
+
+Now install the kind-specific manifest for installing Ambassador OSS with the
+operator in the `ambassador` namespace:
+
+```commandline
+kubectl apply -n ambassador -f https://github.com/datawire/ambassador-operator/releases/latest/download/ambassador-operator-kind.yaml
+```
+
+You can load the following example application and `Ingress`:
+
+```commandline
+$ cat <<EOF | kubectl apply -f -
+kind: Pod
+apiVersion: v1
+metadata:
+  name: foo-app
+  labels:
+    app: foo
+spec:
+  containers:
+  - name: foo-app
+    image: hashicorp/http-echo
+    args:
+    - "-text=foo"
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: foo-service
+spec:
+  selector:
+    app: foo
+  ports:
+  # Default port used by the image
+  - port: 5678
+---
+kind: Pod
+apiVersion: v1
+metadata:
+  name: bar-app
+  labels:
+    app: bar
+spec:
+  containers:
+  - name: bar-app
+    image: hashicorp/http-echo
+    args:
+    - "-text=bar"
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: bar-service
+spec:
+  selector:
+    app: bar
+  ports:
+  # Default port used by the image
+  - port: 5678
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: example-ingress
+  annotations:
+    kubernetes.io/ingress.class: ambassador
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /foo
+        backend:
+          serviceName: foo-service
+          servicePort: 5678
+      - path: /bar
+        backend:
+          serviceName: bar-service
+          servicePort: 5678
+```
+
+Now verify that the ingress works
+
+```commandline
+$ curl localhost/bar
+bar
+$ curl localhost/foo
+foo
+```
+

deploy/third-party/kind/ambassadorinstallation.yaml

@@ -8,12 +8,121 @@ spec:
   helmValues:
     deploymentTool: amb-oper-kind
     replicaCount: 1
+    nodeSelector:
+      ingress-ready: "true"
     service:
       type: NodePort
       ports:
-      - name: http
-        port: 80
-        targetPort: 8080
-      - name: https
-        port: 443
-        targetPort: 8443
+        - name: http
+          port: 80
+          targetPort: 8080
+          protocol: TCP
+        - name: https
+          port: 443
+          targetPort: 8443
+          protocol: TCP
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: klipper-lb
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: klipper-permissions
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "watch", "list", "write", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: klipper-permissions-binding
+subjects:
+  - kind: ServiceAccount
+    name: klipper-lb
+    namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: klipper-permissions
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: svclb-klipper
+spec:
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: svclb-klipper
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: svclb-klipper
+    spec:
+      serviceAccountName: klipper-lb
+      containers:
+        - env:
+            - name: SRC_PORT
+              value: "80"
+            - name: DEST_PROTO
+              value: TCP
+            - name: DEST_PORT
+              value: "80"
+            - name: DEST_ADDR
+              value: "ambassador.ambassador"
+          image: inercia/klipper-lb:latest
+          imagePullPolicy: Always
+          name: lb-port-80
+          ports:
+            - containerPort: 80
+              hostPort: 80
+              name: lb-port-80
+              protocol: TCP
+          resources: {}
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+        - env:
+            - name: SRC_PORT
+              value: "443"
+            - name: DEST_PROTO
+              value: TCP
+            - name: DEST_PORT
+              value: "443"
+            - name: DEST_ADDR
+              value: "ambassador.ambassador"
+          image: inercia/klipper-lb:latest
+          imagePullPolicy: Always
+          name: lb-port-443
+          ports:
+            - containerPort: 443
+              hostPort: 443
+              name: lb-port-443
+              protocol: TCP
+          resources: {}
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate