Improve Migrate to new Policies

[schogges]

What happened?

• Revisit Prerequisites and try to reuse resources from previous guides
• TrafficPermission to MeshTrafficPermission
  • check for data-plane name (currently hard-coded)
  • policies: Should we show the policy name or policy type?

./kumactl inspect dataplane redis-6c8c86769-2q5t4.kuma-demo --type=config --shadow --include=diff | jq '.diff' | jd -t patch2jd
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","inbound:10.244.0.7:6379","filterChains","0","filters","0","typedConfig","rules","policies","app-to-redis"]
- {"permissions":[{"any":true}],"principals":[{"authenticated":{"principalName":{"exact":"spiffe://default/demo-app_kuma-demo_svc_5000"}}}]}
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","inbound:10.244.0.7:6379","filterChains","0","filters","0","typedConfig","rules","policies","MeshTrafficPermission"]
+ {"permissions":[{"any":true}],"principals":[{"authenticated":{"principalName":{"exact":"spiffe://default/demo-app_kuma-demo_svc_5000"}}}]}

• policies: Update name: "allow-all-default" is not correct, at least "app-to-redis" was the result
• Missing Command to remove the policy
• Timeout to MeshTimeout:
  • filterChains Different output update in 2.9

@ ["type.googleapis.com/envoy.config.cluster.v3.Cluster","demo-app_kuma-demo_svc_5000","typedExtensionProtocolOptions","envoy.extensions.upstreams.http.v3.HttpProtocolOptions","commonHttpProtocolOptions","maxConnectionDuration"]
+ "0s"
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","outbound:10.96.125.82:5000","filterChains","0","filters","0","typedConfig","commonHttpProtocolOptions","idleTimeout"]
- "22s"
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","outbound:10.96.125.82:5000","filterChains","0","filters","0","typedConfig","commonHttpProtocolOptions","idleTimeout"]
+ "0s"
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","outbound:10.96.125.82:5000","filterChains","0","filters","0","typedConfig","routeConfig","virtualHosts","0","routes","0","route","idleTimeout"]
+ "25s"
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","outbound:10.96.125.82:5000","filterChains","0","filters","0","typedConfig","requestHeadersTimeout"]
+ "0s"
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","outbound:240.0.0.1:80","filterChains","0","filters","0","typedConfig","commonHttpProtocolOptions","idleTimeout"]
- "22s"
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","outbound:240.0.0.1:80","filterChains","0","filters","0","typedConfig","commonHttpProtocolOptions","idleTimeout"]
+ "0s"
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","outbound:240.0.0.1:80","filterChains","0","filters","0","typedConfig","routeConfig","virtualHosts","0","routes","0","route","idleTimeout"]
+ "25s"
@ ["type.googleapis.com/envoy.config.listener.v3.Listener","outbound:240.0.0.1:80","filterChains","0","filters","0","typedConfig","requestHeadersTimeout"]
+ "0s"

• Diff has changed because we removed additional addresses in the envoy config
• Add example to remove the shadow label
• Missing command to remove the policy
• CircuitBreaker to MeshCircuitBreaker
  • Generic data-plane name not matching with current, put some placeholder instead
  • Missing example to remove shadow label
  • Missing command to remove the policy
• TrafficRoute to MeshTCPRoute
  • Missing command to remove policy
• MeshGatewayRoute
  • Not fully prepared because missing the route (no gateway deployed)
  • Add command to install the gateway or remove the section
  • Example Migration of the gateway might make sense
• Should we have separate timeout policy for the gateway while migrating?
• Missing MeshRetry migration