add tabs to show verification steps with kn cli

ReToCode · ReToCode · commit 4501ea901261 · 2023-09-12T15:04:39.000+02:00
diff --git a/modules/serverless/pages/service-mesh/common-service-mesh-network-isolation.adoc b/modules/serverless/pages/service-mesh/common-service-mesh-network-isolation.adoc
@@ -285,12 +285,32 @@ The helm chart has several options that can be passed to configure the generated
 This verification is assuming that we have two tenants with one namespace each, all part of the `ServiceMeshMemberRoll`, configured with resources listed above.
 We can then use curl to verify the connectivity:
 
-. Deploy Knative Services in both tenants namespaces and a `curl` pod to run test commands:
+. Deploy Knative Services in both tenants namespaces:
++
+[tabs]
+====
+Using the Knative CLI::
 +
 [source,terminal]
 ----
 # Team Alpha
-cat <<EOF | oc apply -f -
+kn service create test-webapp -n team-alpha-1 \
+    --annotation-service serving.knative.openshift.io/enablePassthrough=true \
+    --annotation-revision sidecar.istio.io/inject=true \
+    --env RESPONSE="Hello Serverless" \
+    --image docker.io/openshift/hello-openshift
+
+# Team Bravo
+kn service create test-webapp -n team-bravo-1 \
+    --annotation-service serving.knative.openshift.io/enablePassthrough=true \
+    --annotation-revision sidecar.istio.io/inject=true \
+    --env RESPONSE="Hello Serverless" \
+    --image docker.io/openshift/hello-openshift
+----
+Using YAML::
++
+[source,yaml]
+----
 apiVersion: serving.knative.dev/v1
 kind: Service
 metadata:
@@ -309,8 +329,32 @@ spec:
           env:
             - name: RESPONSE
               value: "Hello Serverless!"
-EOF
+---
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: test-webapp
+  namespace: team-bravo-1
+  annotations:
+    serving.knative.openshift.io/enablePassthrough: "true"
+spec:
+  template:
+    metadata:
+      annotations:
+        sidecar.istio.io/inject: 'true'
+    spec:
+      containers:
+        - image: docker.io/openshift/hello-openshift
+          env:
+            - name: RESPONSE
+              value: "Hello Serverless!"
+----
+====
 
+. Deploy a `curl` pod to test the connections:
++
+[source,terminal]
+----
 cat <<EOF | oc apply -f -
 apiVersion: apps/v1
 kind: Deployment
@@ -338,32 +382,78 @@ spec:
         - sleep
         - "3600"
 EOF
-
-# Team Bravo
-cat <<EOF | oc apply -f -
-apiVersion: serving.knative.dev/v1
-kind: Service
-metadata:
-  name: test-webapp
-  namespace: team-bravo-1
-  annotations:
-    serving.knative.openshift.io/enablePassthrough: "true"
-spec:
-  template:
-    metadata:
-      annotations:
-        sidecar.istio.io/inject: 'true'
-    spec:
-      containers:
-        - image: docker.io/openshift/hello-openshift
-          env:
-            - name: RESPONSE
-              value: "Hello Serverless!"
-EOF
 ----
 
 . Verification
 +
+[tabs]
+====
+Using the Knative CLI::
++
+[source,terminal]
+----
+# Test team-alpha-1 -> team-alpha-1 via cluster local domain (allowed)
+oc exec deployment/curl -n team-alpha-1 -it -- curl -v http://test-webapp.team-alpha-1:80
+
+HTTP/1.1 200 OK
+content-length: 18
+content-type: text/plain; charset=utf-8
+date: Wed, 26 Jul 2023 12:49:59 GMT
+server: envoy
+x-envoy-upstream-service-time: 9
+
+Hello Serverless!
+
+
+# Test team-alpha-1 -> team-alpha-1 via external domain (allowed)
+oc exec deployment/curl -n team-alpha-1 -it -- curl -ik $(kn service describe test-webapp -o url -n team-alpha-1)
+
+HTTP/2 200
+content-length: 18
+content-type: text/plain; charset=utf-8
+date: Wed, 26 Jul 2023 12:55:30 GMT
+server: istio-envoy
+x-envoy-upstream-service-time: 3629
+
+Hello Serverless!
+
+
+# Test team-alpha-1 -> team-bravo-1 via cluster local domain (not allowed)
+oc exec deployment/curl -n team-alpha-1 -it -- curl -v http://test-webapp.team-bravo-1:80
+
+* processing: http://test-webapp.team-bravo-1:80
+*   Trying 172.30.73.216:80...
+* Connected to test-webapp.team-bravo-1 (172.30.73.216) port 80
+> GET / HTTP/1.1
+> Host: test-webapp.team-bravo-1
+> User-Agent: curl/8.2.0
+> Accept: */*
+>
+< HTTP/1.1 403 Forbidden
+< content-length: 19
+< content-type: text/plain
+< date: Wed, 26 Jul 2023 12:55:49 GMT
+< server: envoy
+< x-envoy-upstream-service-time: 6
+<
+* Connection #0 to host test-webapp.team-bravo-1 left intact
+RBAC: access denied
+
+
+# Test team-alpha-1 -> team-bravo-1 via external domain (allowed)
+oc exec deployment/curl -n team-alpha-1 -it -- curl -ik $(kn service describe test-webapp -o url -n team-bravo-1)
+
+HTTP/2 200
+content-length: 18
+content-type: text/plain; charset=utf-8
+date: Wed, 26 Jul 2023 12:56:22 GMT
+server: istio-envoy
+x-envoy-upstream-service-time: 2856
+
+Hello Serverless!
+----
+Using OC client::
++
 [source,terminal]
 ----
 # Test team-alpha-1 -> team-alpha-1 via cluster local domain (allowed)
@@ -428,6 +518,7 @@ x-envoy-upstream-service-time: 2856
 
 Hello Serverless!
 ----
+====
 
 . Cleanup
 +
@@ -439,5 +530,3 @@ oc delete deployment/curl -n team-alpha-1
 oc delete ksvc/test-webapp -n team-alpha-1
 oc delete ksvc/test-webapp -n team-bravo-1
 ----
-
-
