00-Troubleshooting/README.md

@@ -52,16 +52,14 @@ Warning [IST0104] (Gateway default/helloworld-gateway) The gateway refers to a p
 
 Target a pod and start a packet capture on the istio-proxy container.
 
-This step requires Istio to be installed with the flag `values.global.proxy.privileged=true`
+This step requires istio to be installed with the flag `values.global.proxy.privileged=true`
 
 This is very useful to confirm if the service is receiving any traffic, or which is the traffic received.
 
 If mTLS is  enabled and configured, the traffic received should be encrypted.
 
 ```shell
-kubectl exec -n default  "$(kubectl get pod -n default -l app=helloworld -o jsonpath={.items..metadata.name})" -c istio-proxy -- sudo tcpdump dst port 80  -A
-```
-```text
+$ kubectl exec -n default  "$(kubectl get pod -n default -l app=helloworld -o jsonpath={.items..metadata.name})" -c istio-proxy -- sudo tcpdump dst port 80  -A
 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
 listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
 ...

01-Simple/01-hello_world_1_service_1_deployment/README.md

@@ -0,0 +1,120 @@
+##### https://github.com/istio/istio/tree/master/samples/helloworld
+
+### Base simple template
+
+# Simple Hello World
+
+- 1 Service
+- 1 Deployment
+
+I think that by default uses `RANDOM`.
+
+https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy
+
+https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings
+
+> Contains service account configurations, yet they are commented as not "necessary".
+
+
+## Files
+
+- deployment.yaml
+- gateway.yaml
+
+## deployment.yaml
+
+### Creates
+
+#### Service
+
+- helloworld
+
+#### Deployments
+
+- helloworld-nginx  (Nginx container)
+
+## gateway.yaml
+
+### Creates
+
+#### Gateway
+
+##### helloworld-gateway
+
+###### Configuration
+
+```yml
+port: 80
+istio-ingress: ingressgateway
+hosts: "*"
+```
+
+#### VirtualService
+
+##### helloworld-vs
+
+###### Configuration
+
+
+
+```yaml
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"
+```
+- Allows the traffic that have as a destination any domain.
+
+- Only allows traffic that has as a destination the directory/path `/helloworld`.
+
+- `rewrite.uri` allows to redirect the traffic towards the root directory of the service, as the service(s) used don't have any directory named `helloworld` but are configured to work at the root base level.
+
+- Traffic request is sent to the service named `helloworld`, to the service port 80.
+
+# Run example
+
+## Deploy resources
+
+```shell
+$ kubectl apply -f ./ 
+service/helloworld created
+deployment.apps/helloworld-nginx created
+gateway.networking.istio.io/helloworld-gateway created
+virtualservice.networking.istio.io/helloworld-vs created
+```
+
+## Wait for the deployment to be ready
+
+```shell
+$ kubectl get deployment helloworld-nginx -w 
+NAME               READY   UP-TO-DATE   AVAILABLE   AGE
+helloworld-nginx   1/1     1            1           44s
+```
+
+## Test the service
+
+### Get LB IP
+
+```shell
+$ kubectl get svc -l istio=ingressgateway -A
+NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
+istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
+```
+
+### Curl
+
+```shell
+$ curl 192.168.1.50/helloworld -s | grep "<title>.*</title>"                                                                                                                                                                   ✔ 
+<title>Welcome to nginx!</title>
+```

01-Simple/01-hello_world_1_service_1_deployment/gateway.yaml

@@ -1,4 +1,19 @@
 apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: helloworld-vs

01-Simple/02-hello_world_1_service_2_deployments_unmanaged/README.md

@@ -0,0 +1,142 @@
+##### https://github.com/istio/istio/tree/master/samples/helloworld
+
+# Simple Hello World
+
+- 1 Service
+- 2 Versions
+
+Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
+
+By default uses `Round Robin`
+
+https://istio.io/latest/docs/concepts/traffic-management/#load-balancing-options
+
+> Contains service account configurations, yet they are commented as not "necessary".
+
+
+# Changes
+
+## File
+
+- deployment.yaml
+- gateway.yaml
+
+> Files used maintains from the last version
+
+## deployment.yaml
+
+### Creates
+
+#### Service
+
+- helloworld
+
+> Service used maintains from the last version
+
+#### Deployments
+
+- helloworld-v1 (Nginx)
+- helloworld-v2 (Apache)
+
+> Renamed the old deployment from `helloworld-nginx` to `helloworld-v1`.\
+> Created a secondary deployment using apache named `helloworld-v2`.
+
+## gateway.yaml
+
+### Creates
+
+#### Gateway
+
+##### helloworld-gateway
+
+###### Configuration
+
+```yml
+port: 80
+istio-ingress: ingressgateway
+hosts: "*"
+```
+
+#### VirtualService
+
+##### helloworld-vs
+
+###### Configuration
+
+```yaml
+hosts: "*"
+uri: "/helloworld"
+```
+
+
+
+
+
+
+# Run example
+
+## Deploy resources
+
+```shell
+$ kubectl apply -f ./ 
+service/helloworld created
+deployment.apps/helloworld-v1 created
+deployment.apps/helloworld-v2 created
+deployment.apps/helloworld-v2 unchanged
+gateway.networking.istio.io/helloworld-gateway created
+virtualservice.networking.istio.io/helloworld-vs created
+```
+
+## Wait for the pods to be ready
+
+(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
+
+```shell
+$ kubectl get deployment helloworld-v{1..2} -w 
+NAME            READY   UP-TO-DATE   AVAILABLE   AGE
+helloworld-v1   1/1     1            1           4m1s
+helloworld-v2   1/1     1            1           4m1s
+```
+
+## Test the service
+
+### Get LB IP
+
+```shell
+$ kubectl get svc istio-ingressgateway -n istio-system 
+NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
+istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
+```
+
+### Curl
+
+Iterates randomly between Nginx and Apache
+
+```shell
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<h1>Welcome to nginx!</h1>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<h1>Welcome to nginx!</h1>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<h1>Welcome to nginx!</h1>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<h1>Welcome to nginx!</h1>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<h1>Welcome to nginx!</h1>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
+<html><body><h1>It works!</h1></body></html>
+```

01-Simple/02-hello_world_1_service_2_deployments_unmanaged/deployment.yaml

@@ -1,3 +1,25 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld
+---
+#apiVersion: v1
+#kind: ServiceAccount
+#metadata:
+#  name: istio-helloworld
+#  labels:
+#    account:
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -14,6 +36,7 @@ spec:
       labels:
         app: helloworld
     spec:
+#      serviceAccountName: istio-helloworld
       containers:
         - name: helloworld
           image: nginx
@@ -40,6 +63,7 @@ spec:
       labels:
         app: helloworld
     spec:
+#      serviceAccountName: istio-helloworld
       containers:
         - name: helloworld
           image: httpd

01-Simple/03-hello_world_1_service_2_deployments_managed_version/README.md

@@ -0,0 +1,261 @@
+##### https://github.com/istio/istio/tree/master/samples/helloworld
+
+https://istio.io/latest/blog/2017/0.1-canary/
+
+
+# Continues from
+
+- 01-hello_world_1_service_1_deployment
+
+# Simple Hello World
+
+- 1 Service
+- 2 Versions
+
+Iterates between the versions without any specific policy. (actually doesn't use the version for anything)
+
+
+> Contains service account configurations, yet they are commented as not "necessary".
+
+## Quick note
+
+On this version I have "started" to use the full service name instead of the shorten version, aka:
+
+```yaml
+      route:
+        - destination:
+            host: helloworld
+```
+
+Will be:
+
+```yaml
+      route:
+        - destination:
+            host: helloworld.default.svc.cluster.local
+```
+
+It's overall a good practice to have, so not much of a reason to not do it.
+
+https://istio.io/latest/docs/reference/config/networking/destination-rule/#DestinationRule
+ 
+
+# Changes
+
+## File
+
+- deployment.yaml
+- gateway.yaml
+
+> Files used maintains from the last version
+
+## deployment.yaml
+
+### Creates
+
+#### Service
+
+- helloworld
+
+> Service used maintains from the last version
+
+#### Deployments
+
+- helloworld-v1 (Nginx)
+- helloworld-v2 (Apache)
+
+> Renamed the old deployment from `helloworld-nginx` to `helloworld-v1`.\
+> Created a secondary deployment using apache named `helloworld-v2`.
+
+## gateway.yaml
+
+#### VirtualService
+
+##### helloworld-vs
+
+###### Configuration
+
+
+
+```yaml
+...
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld.default.svc.cluster.local
+            port:
+              number: 80
+            subset: v1
+          weight: 20
+        - destination:
+            host: helloworld.default.svc.cluster.local
+            port:
+              number: 80
+            subset: v2
+          weight: 80
+...
+```
+
+> Distributed the traffic between 2 versions (`subsets`), setting a `25%` to the subset `v1` and a `75%` to the subset `v2`.
+
+> As previously mentioned, the section `http.route.host` points to `helloworld.default.svc.cluster.local`, which is the service we created, on the `default` namespace.
+
+
+
+
+#### Destination Rule
+
+###### Declaration configuration
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: helloworld.default.svc.cluster.local # Destination that will "interject"
+```
+
+> Here we need to put the `path/destination/service` that we want this rule to interject and manage.
+
+###### Traffic Configuration
+
+```yaml
+  host: helloworld.default.svc.cluster.local
+  subsets:
+    - name: v1
+      labels:
+        version: v1
+    - name: v2
+      labels:
+        version: v2
+```
+
+> On the `Destination Rule` declared the subsets. Each subset has different labels. This will be used to select the deployments within the destination service.
+
+# Run example
+
+## Deploy resources
+
+```shell
+$ kubectl apply -f ./ 
+service/helloworld created
+deployment.apps/helloworld-v1 created
+deployment.apps/helloworld-v2 created
+gateway.networking.istio.io/helloworld-gateway created
+virtualservice.networking.istio.io/helloworld-vs created
+destinationrule.networking.istio.io/helloworld-destinationrule created
+```
+
+## Wait for the pods to be ready
+
+(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
+
+```shell
+$ kubectl get deployment helloworld-v{1..2} -w 
+NAME            READY   UP-TO-DATE   AVAILABLE   AGE
+helloworld-v1   1/1     1            1           4m1s
+helloworld-v2   1/1     1            1           4m1s
+```
+
+## Test the service
+
+### Get LB IP
+
+```shell
+$ kubectl get svc istio-ingressgateway -n istio-system 
+NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
+istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
+```
+
+### Curl
+
+Iterates between Nginx and Apache. Somwhat close to the ratio configured.
+
+> Nginx instances (v1): 2 \
+> Apache instances (v2): 9
+
+```shell
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<h1>Welcome to nginx!</h1>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>" 
+<html><body><h1>It works!</h1></body></html>
+
+$ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
+<h1>Welcome to nginx!</h1>
+```
+
+## Check istio configs
+
+```sh
+$ istioctl x describe pod `kubectl get pod -l app=helloworld,version=v1 -o jsonpath='{.items[0].metadata.name}'`
+Pod: helloworld-v1-7454b56b86-4cksf
+   Pod Revision: default
+   Pod Ports: 80 (helloworld), 15090 (istio-proxy)
+--------------------
+Service: helloworld
+   Port: http 80/HTTP targets pod port 80
+DestinationRule: helloworld for "helloworld.default.svc.cluster.local"
+   Matching subsets: v1
+      (Non-matching subsets v2)
+   No Traffic Policy
+--------------------
+Effective PeerAuthentication:
+   Workload mTLS mode: PERMISSIVE
+
+
+Exposed on Ingress Gateway http://192.168.1.50
+VirtualService: helloworld-vs
+   Weight 20%
+   /helloworld
+```
+
+
+```shell
+$ istioctl x describe pod `kubectl get pod -l app=helloworld,version=v2 -o jsonpath='{.items[0].metadata.name 
+Pod: helloworld-v2-64b5656d99-5bwgr
+   Pod Revision: default
+   Pod Ports: 80 (helloworld), 15090 (istio-proxy)
+--------------------
+Service: helloworld
+   Port: http 80/HTTP targets pod port 80
+DestinationRule: helloworld for "helloworld.default.svc.cluster.local"
+   Matching subsets: v2
+      (Non-matching subsets v1)
+   No Traffic Policy
+--------------------
+Effective PeerAuthentication:
+   Workload mTLS mode: PERMISSIVE
+
+
+Exposed on Ingress Gateway http://192.168.1.50
+VirtualService: helloworld-vs
+   Weight 80%
+   /helloworld
+```

01-Simple/03-hello_world_1_service_2_deployments_managed_version/deployment.yaml

@@ -1,3 +1,25 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld
+---
+#apiVersion: v1
+#kind: ServiceAccount
+#metadata:
+#  name: istio-helloworld
+#  labels:
+#    account:
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -5,7 +27,6 @@ metadata:
   labels:
     app: helloworld
     version: v1
-  namespace: default
 spec:
   replicas: 1
   selector:
@@ -18,6 +39,7 @@ spec:
         app: helloworld
         version: v1
     spec:
+#      serviceAccountName: istio-helloworld
       containers:
         - name: helloworld
           image: nginx
@@ -35,7 +57,6 @@ metadata:
   labels:
     app: helloworld
     version: v2
-  namespace: default
 spec:
   replicas: 1
   selector:
@@ -48,6 +69,7 @@ spec:
         app: helloworld
         version: v2
     spec:
+#      serviceAccountName: istio-helloworld
       containers:
         - name: helloworld
           image: httpd
@@ -56,4 +78,5 @@ spec:
               cpu: "100m"
           imagePullPolicy: IfNotPresent
           ports:
-            - containerPort: 80
+            - containerPort: 80
+---

01-Simple/03-hello_world_1_service_2_deployments_managed_version/gateway.yaml

@@ -0,0 +1,62 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld.default.svc.cluster.local
+#            host: helloworld
+            port:
+              number: 80
+            subset: v1
+          weight: 20
+        - destination:
+#            host: helloworld
+            host: helloworld.default.svc.cluster.local
+            port:
+              number: 80
+            subset: v2
+          weight: 80
+      rewrite:
+        uri: "/"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  # name: helloworld
+  name: helloworld.default.svc.cluster.local # Destination that will "interject"
+spec:
+#  host: helloworld # destination service
+  host: helloworld.default.svc.cluster.local # Full destination service, lil better for consistency
+  subsets:
+    - name: v1
+      labels:
+        version: v1
+    - name: v2
+      labels:
+        version: v2

01-Simple/04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace/gateway.yaml

@@ -3,7 +3,7 @@ apiVersion: networking.istio.io/v1alpha3
 kind: Gateway
 metadata:
   name: helloworld-gateway
-  namespace: default
+  namespace: defaultnt
 spec:
   selector:
     istio: istio-ingress # use istio default controller
@@ -19,7 +19,7 @@ apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: helloworld-vs
-  namespace: default
+  namespace: defaultnt
 spec:
   hosts:
     - "*"

01-Simple/06-hello_world_1_HTTPS-Service_Entry/README.md

@@ -108,7 +108,7 @@ spec:
 
 ## DestinationRule
 
-As seen in the example [02-Traffic_management/09-HTTPS-backend](../09-HTTPS-backend), where we configure Istio to use an `HTTPS` backend, the same configuration is applied on this case (yes, I am aware that a `ServiceEntry` is also a backend).
+As seen in the example [02-Traffic_management/09-HTTPS-backend](../../02-Traffic_management/09-HTTPS-backend), where we configure Istio to use an `HTTPS` backend, the same configuration is applied on this case (yes, I am aware that a `ServiceEntry` is also a backend).
 
 For such, we deploy a `DestinationRule` setting to expect to terminate the TLS traffic, for the traffic with resource destination `github.com`, and port `8443`, which matches the settings set in our [ServiceEntry](#serviceentry) deployed.
 

01-Simple/README.md

@@ -0,0 +1,38 @@
+# Simple examples
+
+
+# Traffic path
+
+## Istio Ingress Controller ---> Gateway -> Virtual Service (-> Destination Route) -> Ingress -> Deployment
+
+
+# Examples
+
+ALL NEEDS DOCUMENTATION
+
+- 01-hello_world_1_service_1_deployment
+
+- 02-hello_world_1_service_2_deployments_unmanaged
+
+- 03-hello_world_1_service_2_deployments_managed_version
+
+- 04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace
+
+- 05-hello_world_1_Service_Entry
+
+
+
+
+
+
+
+
+# TODO
+
+do HTTPS ingress
+
+tcp ingress to minecraft/factorio/zomboid
+
+Service Entry with outbound policy set to `REGISTRY_ONLY`
+istioctl install --set profile=default -y --set meshConfig.accessLogFile=/dev/stdout  --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
+(no funca)

02-Traffic_management/06-mTLS/README.md

@@ -5,7 +5,7 @@ include_toc: true
 
 # Based on
 
-- [01-hello_world_1_service_1_deployment](../../01-Getting%20Started/01-hello_world_1_service_1_deployment)
+- [01-hello_world_1_service_1_deployment](../../01-Simple/01-hello_world_1_service_1_deployment)
 
 ## Description
 

02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/README.md

@@ -5,7 +5,7 @@ include_toc: true
 
 # Based on
 
-- [01-hello_world_1_service_1_deployment](../../01-Getting%20Started/01-hello_world_1_service_1_deployment)
+- [01-hello_world_1_service_1_deployment](../../01-Simple/01-hello_world_1_service_1_deployment)
 
 # Description
 

04-Envoy/01-envoy_add_headers/deployment.yaml

@@ -1,3 +1,4 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
 apiVersion: v1
 kind: Service
 metadata:

04-Envoy/01-envoy_add_headers/gateway.yaml

@@ -0,0 +1,36 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"