Fix getting-started guide: Use full paths for YAML files and correct kubeconfig references (#1451)

anniegracehu · web-flow · commit 78f205d314f2 · 2026-02-09T09:56:30.000-06:00
* Update getting-started.md to use full paths for YAML files and correct kubeconfig

Update all YAML file references to use full relative paths from repository root:
- examples/multitenancy/hello-world/hello-world-service-composition.yaml
- examples/multitenancy/hello-world/hs1.yaml
- examples/multitenancy/hello-world/hs2.yaml
- examples/multitenancy/hello-world/hs1-no-replicas.yaml
- examples/multitenancy/hello-world/hs2-no-replicas.yaml

Update all kubeconfig references to use kubeplus-saas-provider.json (the
actual file created by provider-kubeconfig.py in the root directory) instead
of provider.conf.

This allows users to run commands from the repository root without
needing to change directories or create additional config files.

* Remove k flag from allow/deny network traffic

* Fix getting-started guide and network traffic plugin wrappers

- Update getting-started.md to use full paths for YAML files from repo root
- Fix kubeconfig references to use kubeplus-saas-provider.json (actual file created)
- Add CRD wait step before creating HelloWorldService instances
- Fix kubectl-allow-network-traffic and kubectl-deny-network-traffic wrappers
  to properly handle -k flag by reordering arguments for argparse compatibility
- Add -k flag back to allow/deny commands in getting-started guide

This allows users to run all commands from the repository root without
needing to change directories, and ensures the -k flag works correctly
as documented in kubectl-kubeplus-commands help text.
diff --git a/examples/getting-started.md b/examples/getting-started.md
@@ -131,9 +131,20 @@ eval $(minikube docker-env)
 #### Create HelloWorldService Instances
 
 ```sh
-kubectl create -f hello-world-service-composition.yaml --kubeconfig=provider.conf
-kubectl create -f hs1.yaml --kubeconfig=provider.conf
-kubectl create -f hs2.yaml --kubeconfig=provider.conf
+kubectl create -f examples/multitenancy/hello-world/hello-world-service-composition.yaml --kubeconfig=kubeplus-saas-provider.json
+```
+
+Wait for the HelloWorldService CRD to be registered:
+
+```sh
+until kubectl get crds --kubeconfig=kubeplus-saas-provider.json | grep helloworldservices.platformapi.kubeplus ; do echo "Waiting for HelloWorldService CRD to be registered.."; sleep 1; done
+```
+
+Then create the HelloWorldService instances:
+
+```sh
+kubectl create -f examples/multitenancy/hello-world/hs1.yaml --kubeconfig=kubeplus-saas-provider.json
+kubectl create -f examples/multitenancy/hello-world/hs2.yaml --kubeconfig=kubeplus-saas-provider.json
 ```
 
 #### Test Network Isolation
@@ -142,17 +153,17 @@ kubectl create -f hs2.yaml --kubeconfig=provider.conf
 
   ```sh
   # Get the Pod name for hs1
-  HELLOWORLD_POD_HS1=$(kubectl get pods -n hs1 --kubeconfig=provider.conf -o jsonpath='{.items[0].metadata.name}')
+  HELLOWORLD_POD_HS1=$(kubectl get pods -n hs1 --kubeconfig=kubeplus-saas-provider.json -o jsonpath='{.items[0].metadata.name}')
   
   # Get the Pod IP for hs2
-  HS2_POD_IP=$(kubectl get pods -n hs2 --kubeconfig=provider.conf -o jsonpath='{.items[0].status.podIP}')
+  HS2_POD_IP=$(kubectl get pods -n hs2 --kubeconfig=kubeplus-saas-provider.json -o jsonpath='{.items[0].status.podIP}')
   
   # Update and install curl on hs1 pod
-  kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=provider.conf -- apt update
-  kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=provider.conf -- apt install curl -y
+  kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=kubeplus-saas-provider.json -- apt update
+  kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=kubeplus-saas-provider.json -- apt install curl -y
   
   # Test connectivity from hs1 to hs2 using the IP
-  kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=provider.conf -- curl $HS2_POD_IP:5000
+  kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=kubeplus-saas-provider.json -- curl $HS2_POD_IP:5000
   ```
 
   The connection should be denied.
@@ -161,17 +172,17 @@ kubectl create -f hs2.yaml --kubeconfig=provider.conf
 
   ```sh
   # Get the Pod name for hs2
-  HELLOWORLD_POD_HS2=$(kubectl get pods -n hs2 --kubeconfig=provider.conf -o jsonpath='{.items[0].metadata.name}')
+  HELLOWORLD_POD_HS2=$(kubectl get pods -n hs2 --kubeconfig=kubeplus-saas-provider.json -o jsonpath='{.items[0].metadata.name}')
   
   # Get the Pod IP for hs1
-  HS1_POD_IP=$(kubectl get pods -n hs1 --kubeconfig=provider.conf -o jsonpath='{.items[0].status.podIP}')
+  HS1_POD_IP=$(kubectl get pods -n hs1 --kubeconfig=kubeplus-saas-provider.json -o jsonpath='{.items[0].status.podIP}')
   
   # Update and install curl on hs2 pod
-  kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=provider.conf -- apt update
-  kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=provider.conf -- apt install curl -y
+  kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=kubeplus-saas-provider.json -- apt update
+  kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=kubeplus-saas-provider.json -- apt install curl -y
   
   # Test connectivity from hs2 to hs1 using the IP
-  kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=provider.conf -- curl $HS1_POD_IP:5000
+  kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=kubeplus-saas-provider.json -- curl $HS1_POD_IP:5000
   ```
 
   The connection should be denied.
@@ -181,15 +192,15 @@ kubectl create -f hs2.yaml --kubeconfig=provider.conf
 In some scenarios, you might want to enable controlled communication between instances running in different namespaces. KubePlus provides a custom kubectl plugin for this purpose. To allow bi-directional traffic between the two HelloWorldService instances (deployed in namespaces `hs1` and `hs2`), run:
 
 ```sh
-kubectl allow network traffic hs1 hs2 -k provider.conf
+kubectl allow network traffic hs1 hs2 -k kubeplus-saas-provider.json
 ```
 
 ```sh 
 # Test connectivity from hs1 to hs2 using the IP
-kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=provider.conf -- curl $HS2_POD_IP:5000
+kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=kubeplus-saas-provider.json -- curl $HS2_POD_IP:5000
 
 # Test connectivity from hs2 to hs1 using the IP 
-kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=provider.conf -- curl $HS1_POD_IP:5000
+kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=kubeplus-saas-provider.json -- curl $HS1_POD_IP:5000
 
 kubectl get networkpolicy -o yaml restrict-cross-ns-traffic -n hs1 
 kubectl get networkpolicy -o yaml restrict-cross-ns-traffic -n hs2
@@ -205,25 +216,25 @@ The connection should be allowed
 To deny the traffic between namespace 
 
 ```sh
-kubectl deny network traffic hs1 hs2 -k provider.conf
+kubectl deny network traffic hs1 hs2 -k kubeplus-saas-provider.json
 ```
 
 ```sh 
 # Test connectivity from hs1 to hs2 using the IP
-kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=provider.conf -- curl $HS2_POD_IP:5000
+kubectl exec -it $HELLOWORLD_POD_HS1 -n hs1 --kubeconfig=kubeplus-saas-provider.json -- curl $HS2_POD_IP:5000
 
 # Test connectivity from hs2 to hs1 using the IP 
-kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=provider.conf -- curl $HS1_POD_IP:5000
+kubectl exec -it $HELLOWORLD_POD_HS2 -n hs2 --kubeconfig=kubeplus-saas-provider.json -- curl $HS1_POD_IP:5000
 ```
 
 
 
 ## Clean Up
 
 ```sh
-kubectl delete -f hs1-no-replicas.yaml --kubeconfig=provider.conf
-kubectl delete -f hs2-no-replicas.yaml --kubeconfig=provider.conf
-kubectl delete -f hello-world-service-composition.yaml --kubeconfig=provider.conf
+kubectl delete -f examples/multitenancy/hello-world/hs1-no-replicas.yaml --kubeconfig=kubeplus-saas-provider.json
+kubectl delete -f examples/multitenancy/hello-world/hs2-no-replicas.yaml --kubeconfig=kubeplus-saas-provider.json
+kubectl delete -f examples/multitenancy/hello-world/hello-world-service-composition.yaml --kubeconfig=kubeplus-saas-provider.json
 ```
 
 Ensure the `helloworldservices.platformapi.kubeplus` CRD is removed.
diff --git a/plugins/kubectl-allow-network-traffic b/plugins/kubectl-allow-network-traffic
@@ -2,5 +2,20 @@
 
 source utils.sh  # if you have common utility functions; else remove this line
 
-# This wrapper passes all arguments to our Python script.
-python3 "$KUBEPLUS_HOME/plugins/network_traffic.py" allow "$@"
+# Usage (as advertised in kubectl-kubeplus-commands):
+#   kubectl allow network traffic <ns1> <ns2> [-k <kubeconfig>]
+#
+# kubectl will translate that to the plugin name:
+#   kubectl-allow-network-traffic <ns1> <ns2> [-k <kubeconfig>]
+#
+# Here we:
+#   - Take the first two positional args as namespaces
+#   - Pass any remaining args (e.g. -k <kubeconfig>) as global options
+#   - Reorder so global options come before the subcommand for argparse
+
+ns1="$1"
+ns2="$2"
+shift 2
+
+# "$@" now contains any remaining flags (e.g. -k kubeplus-saas-provider.json)
+python3 "$KUBEPLUS_HOME/plugins/network_traffic.py" "$@" allow "$ns1" "$ns2"
diff --git a/plugins/kubectl-deny-network-traffic b/plugins/kubectl-deny-network-traffic
@@ -2,5 +2,20 @@
 
 source utils.sh  # if you have common utility functions; else remove this line
 
-# This wrapper passes all arguments to our Python script.
-python3 "$KUBEPLUS_HOME/plugins/network_traffic.py" deny "$@"
+# Usage (as advertised in kubectl-kubeplus-commands):
+#   kubectl deny network traffic <ns1> <ns2> [-k <kubeconfig>]
+#
+# kubectl will translate that to the plugin name:
+#   kubectl-deny-network-traffic <ns1> <ns2> [-k <kubeconfig>]
+#
+# Here we:
+#   - Take the first two positional args as namespaces
+#   - Pass any remaining args (e.g. -k <kubeconfig>) as global options
+#   - Reorder so global options come before the subcommand for argparse
+
+ns1="$1"
+ns2="$2"
+shift 2
+
+# "$@" now contains any remaining flags (e.g. -k kubeplus-saas-provider.json)
+python3 "$KUBEPLUS_HOME/plugins/network_traffic.py" "$@" deny "$ns1" "$ns2"
