docs: improve demo readme

Signed-off-by: Charles-Edouard Brétéché <[email protected]>

demo/istio/README.md

@@ -1,27 +1,84 @@
 # Istio Demo 
 
-This Istio Demo is prototype of the kyverno envoy plugin .
+This Istio Demo is prototype of the kyverno envoy plugin.
 
 ## Overview 
 
 The goal of the demo to show user how kyverno-envoy-plugin will work with istio and how it can be used to enforce policies to the traffic between services. The Kyverno-envoy-plugin allows configuring these Envoy proxies to query Kyverno-json for policy decisions on incoming requests.
 
-## Contains
-
-- A manifests folder with everything we need to run the demo . 
-- bootstrap.sh creates the cluster and installs istio . 
+## Demo instructions
+
+### Required tools
+
+1. [`kind`](https://kind.sigs.k8s.io/)
+1. [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+1. [`helm`](https://helm.sh/docs/intro/install/)
+
+### Create a local cluster and install Istio
+
+The [bootstrap.sh](bootstrap.sh) script contains everything needed to create a local cluster and install Istio.
+
+```console
+# create a local cluster and install istio
+./bootstrap.sh
+```
+
+### Sample application
+
+Manifests for the sample application are available in [sample-application.yaml](manifests/sample-application.yaml).
+
+```console
+# deploy sample application
+kubectl apply -f ./manifests.yaml
+```
+
+## Calling the sample application
+
+Before calling the sample application you need a way to access it in the cluster. Run the following command:
+
+```console
+kubectl port-forward -n demo svc/echo 8080:8080 &
+```
+
+Once the port forwarding proxy is running you can `curl` into the sample application:
+
+```console
+curl localhost:8080/demo
+
+{
+  "path": "/demo",
+  "headers": {
+    "host": "localhost:8080",
+    "user-agent": "curl/7.86.0",
+    "accept": "*/*"
+  },
+  "method": "GET",
+  "body": "",
+  "fresh": false,
+  "hostname": "localhost",
+  "ip": "::ffff:127.0.0.1",
+  "ips": [],
+  "protocol": "http",
+  "query": {},
+  "subdomains": [],
+  "xhr": false,
+  "os": {
+    "hostname": "echo-6847f9f85-4nd6s"
+  },
+  "connection": {}
+}
+```
 
 ## Architecture
+
 The below architecture illustrates a scenario where no service mesh or Envoy-like components have been pre-installed or already installed.
 
 ![Architecture](architecture1.png)
 
-
 The below architecture illustrates a scenario where a service mesh or Envoy-like components have been pre-installed or already installed.
 ![Architecture](architecture2.png)
 
 ## Requirements
 
 - Istio Authorizationpolicy manifest  to add "extension provider " concept in MeshConfig to specify Where/how to talk to envoy ext-authz service 
 -
--

demo/istio/bootstrap.sh

@@ -3,7 +3,6 @@
 KIND_IMAGE=kindest/node:v1.29.2
 ISTIO_REPO=https://istio-release.storage.googleapis.com/charts
 ISTIO_NS=istio-system
-ISTIO_INGRESS_NS=istio-ingress
 
 # Create Kind cluster
 kind create cluster --image $KIND_IMAGE --wait 1m --config - <<EOF
@@ -30,4 +29,3 @@ EOF
 # Install Istio components
 helm upgrade --install istio-base       --namespace $ISTIO_NS           --create-namespace --wait --repo $ISTIO_REPO base
 helm upgrade --install istiod           --namespace $ISTIO_NS           --create-namespace --wait --repo $ISTIO_REPO istiod
-helm upgrade --install istio-ingress    --namespace $ISTIO_INGRESS_NS   --create-namespace --wait --repo $ISTIO_REPO gateway