Skip to content

Fix getting-started guide: Use full paths for YAML files and correct kubeconfig references #1451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
anniegracehu wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix getting-started guide: Use full paths for YAML files and correct kubeconfig references #1451

anniegracehu wants to merge 3 commits into from

Conversation

@anniegracehu
Copy link
Collaborator

@anniegracehu anniegracehu commented Jan 26, 2026
edited
Loading

Summary

This PR fixes the Network Isolation Testing section in examples/getting-started.md and the kubectl-allow-network-traffic / kubectl-deny-network-traffic plugin wrappers so that:

  1. Commands work correctly when run from the repository root (no directory changes needed)
  2. The documented -k flag works as advertised
  3. CRD registration timing issues are prevented

Changes

Getting Started Guide (examples/getting-started.md)

YAML file paths: Changed from relative filenames (requiring cd into subdirectories) to full relative paths from repository root:

  • examples/multitenancy/hello-world/hello-world-service-composition.yaml
  • examples/multitenancy/hello-world/hs1.yaml
  • examples/multitenancy/hello-world/hs2.yaml
  • examples/multitenancy/hello-world/hs1-no-replicas.yaml
  • examples/multitenancy/hello-world/hs2-no-replicas.yaml

Kubeconfig filename: Changed from provider.conf to kubeplus-saas-provider.json (the actual file created by provider-kubeconfig.py in the root directory).

CRD wait step: Added a wait loop between ResourceComposition creation and instance creation to ensure the HelloWorldService CRD is registered, preventing "resource mapping not found" errors.

Network traffic commands: Updated to include -k kubeplus-saas-provider.json flag (now works correctly with the wrapper fix below).

Plugin Wrappers (plugins/kubectl-allow-network-traffic, plugins/kubectl-deny-network-traffic)

Fixed -k flag parsing: The wrappers now reorder arguments so that -k (when present) comes before the subcommand, matching what argparse expects.

Current behavior (on master): kubectl allow-network-traffic hs1 hs2 -k file → wrapper passes allow hs1 hs2 -k file → argparse fails

Fixed behavior (this PR): kubectl allow-network-traffic hs1 hs2 -k file → wrapper reorders to -k file allow hs1 hs2 → argparse parses correctly

This makes the documented CLI shape (kubectl allow network traffic <ns1> <ns2> [-k <kubeconfig>]) work as intended.

Testing

Verified end-to-end on Minikube with Cilium CNI:

  1. ✅ Fresh Minikube cluster (minikube start --cni=cilium)
  2. ✅ KubePlus installation and provider kubeconfig generation
  3. ✅ HelloWorldService ResourceComposition creation and CRD registration wait
  4. ✅ HelloWorldService instance creation (hs1, hs2)
  5. ✅ Network traffic allow: kubectl allow-network-traffic hs1 hs2 -k kubeplus-saas-provider.json
  6. ✅ Network traffic deny: kubectl deny-network-traffic hs1 hs2 -k kubeplus-saas-provider.json

All commands work correctly from the repository root without requiring directory changes.

@anniegracehu
Update getting-started.md to use full paths for YAML files and correc…
536e9d3 
…t kubeconfig

Update all YAML file references to use full relative paths from repository root:
- examples/multitenancy/hello-world/hello-world-service-composition.yaml
- examples/multitenancy/hello-world/hs1.yaml
- examples/multitenancy/hello-world/hs2.yaml
- examples/multitenancy/hello-world/hs1-no-replicas.yaml
- examples/multitenancy/hello-world/hs2-no-replicas.yaml

Update all kubeconfig references to use kubeplus-saas-provider.json (the
actual file created by provider-kubeconfig.py in the root directory) instead
of provider.conf.

This allows users to run commands from the repository root without
needing to change directories or create additional config files.
@anniegracehu
Remove k flag from allow/deny network traffic
51ab076
@anniegracehu
Fix getting-started guide and network traffic plugin wrappers
44b8797 
- Update getting-started.md to use full paths for YAML files from repo root
- Fix kubeconfig references to use kubeplus-saas-provider.json (actual file created)
- Add CRD wait step before creating HelloWorldService instances
- Fix kubectl-allow-network-traffic and kubectl-deny-network-traffic wrappers
  to properly handle -k flag by reordering arguments for argparse compatibility
- Add -k flag back to allow/deny commands in getting-started guide

This allows users to run all commands from the repository root without
needing to change directories, and ensures the -k flag works correctly
as documented in kubectl-kubeplus-commands help text.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anniegracehu