diff --git a/Istio/02-Traffic_management/06-mTLS/README.md b/Istio/02-Traffic_management/06-mTLS/README.md index 99fd3c3..d6a79dc 100755 --- a/Istio/02-Traffic_management/06-mTLS/README.md +++ b/Istio/02-Traffic_management/06-mTLS/README.md @@ -9,7 +9,9 @@ include_toc: true ## Description -Nowadays, by default, Istio will have mTLS automatically enabled, allowing the Istio Sidecars to **automatically** negotiate the TLS traffic between them.encrypted +Nowadays, by default, Istio will have mTLS automatically enabled, allowing the Istio Sidecars to **automatically** negotiate the TLS traffic between them.encrypted. + +More information about that topic in the [following documentation](https://istio.io/latest/docs/tasks/security/authentication/authn-policy/#auto-mutual-tls). To avoid this behavior, the pod requires to not have an Istio Sidecar set to that pod, for that reason on this example we set up 2 deployments, 1 with a sidecar, and a second without a sidecar. diff --git a/Istio/02-Traffic_management/README.md b/Istio/02-Traffic_management/README.md index f0f780b..964367b 100644 --- a/Istio/02-Traffic_management/README.md +++ b/Istio/02-Traffic_management/README.md @@ -15,8 +15,15 @@ ALL NEEDS DOCUMENTATION +minimum TLS version: +https://istio.io/latest/docs/tasks/security/tls-configuration/workload-min-tls-version/ Should try to do a double Virtual Service chain -https://academy.tetrate.io/courses/take/istio-fundamentals/lessons/19068816-lab-2-observing-failure-injection \ No newline at end of file +https://academy.tetrate.io/courses/take/istio-fundamentals/lessons/19068816-lab-2-observing-failure-injection + + +Circuit breaking + +https://istio.io/latest/docs/tasks/traffic-management/circuit-breaking/ \ No newline at end of file diff --git a/Istio/06-Authentication/01-namespaces/01-namespace.yaml b/Istio/06-Internal-Authentication/01-namespaces/01-namespace.yaml similarity index 100% rename from Istio/06-Authentication/01-namespaces/01-namespace.yaml rename to Istio/06-Internal-Authentication/01-namespaces/01-namespace.yaml diff --git a/Istio/06-Authentication/01-namespaces/README.md b/Istio/06-Internal-Authentication/01-namespaces/README.md similarity index 100% rename from Istio/06-Authentication/01-namespaces/README.md rename to Istio/06-Internal-Authentication/01-namespaces/README.md diff --git a/Istio/06-Authentication/01-namespaces/authentication.yaml b/Istio/06-Internal-Authentication/01-namespaces/authentication.yaml similarity index 100% rename from Istio/06-Authentication/01-namespaces/authentication.yaml rename to Istio/06-Internal-Authentication/01-namespaces/authentication.yaml diff --git a/Istio/06-Authentication/01-namespaces/deployment.yaml b/Istio/06-Internal-Authentication/01-namespaces/deployment.yaml similarity index 100% rename from Istio/06-Authentication/01-namespaces/deployment.yaml rename to Istio/06-Internal-Authentication/01-namespaces/deployment.yaml diff --git a/Istio/06-Authentication/01-namespaces/deployment_2.yaml b/Istio/06-Internal-Authentication/01-namespaces/deployment_2.yaml similarity index 100% rename from Istio/06-Authentication/01-namespaces/deployment_2.yaml rename to Istio/06-Internal-Authentication/01-namespaces/deployment_2.yaml diff --git a/Istio/06-Authentication/01-namespaces/gateway.yaml b/Istio/06-Internal-Authentication/01-namespaces/gateway.yaml similarity index 100% rename from Istio/06-Authentication/01-namespaces/gateway.yaml rename to Istio/06-Internal-Authentication/01-namespaces/gateway.yaml diff --git a/Istio/06-Authentication/02-target-service-accounts/01-namespace.yaml b/Istio/06-Internal-Authentication/02-target-service-accounts/01-namespace.yaml similarity index 100% rename from Istio/06-Authentication/02-target-service-accounts/01-namespace.yaml rename to Istio/06-Internal-Authentication/02-target-service-accounts/01-namespace.yaml diff --git a/Istio/06-Authentication/02-target-service-accounts/01-service-accounts.yaml b/Istio/06-Internal-Authentication/02-target-service-accounts/01-service-accounts.yaml similarity index 100% rename from Istio/06-Authentication/02-target-service-accounts/01-service-accounts.yaml rename to Istio/06-Internal-Authentication/02-target-service-accounts/01-service-accounts.yaml diff --git a/Istio/06-Authentication/02-target-service-accounts/README.md b/Istio/06-Internal-Authentication/02-target-service-accounts/README.md similarity index 100% rename from Istio/06-Authentication/02-target-service-accounts/README.md rename to Istio/06-Internal-Authentication/02-target-service-accounts/README.md diff --git a/Istio/06-Authentication/02-target-service-accounts/authentication.yaml b/Istio/06-Internal-Authentication/02-target-service-accounts/authentication.yaml similarity index 100% rename from Istio/06-Authentication/02-target-service-accounts/authentication.yaml rename to Istio/06-Internal-Authentication/02-target-service-accounts/authentication.yaml diff --git a/Istio/06-Authentication/02-target-service-accounts/deployment.yaml b/Istio/06-Internal-Authentication/02-target-service-accounts/deployment.yaml similarity index 100% rename from Istio/06-Authentication/02-target-service-accounts/deployment.yaml rename to Istio/06-Internal-Authentication/02-target-service-accounts/deployment.yaml diff --git a/Istio/06-Authentication/02-target-service-accounts/deployment_2.yaml b/Istio/06-Internal-Authentication/02-target-service-accounts/deployment_2.yaml similarity index 100% rename from Istio/06-Authentication/02-target-service-accounts/deployment_2.yaml rename to Istio/06-Internal-Authentication/02-target-service-accounts/deployment_2.yaml diff --git a/Istio/06-Authentication/02-target-service-accounts/gateway.yaml b/Istio/06-Internal-Authentication/02-target-service-accounts/gateway.yaml similarity index 100% rename from Istio/06-Authentication/02-target-service-accounts/gateway.yaml rename to Istio/06-Internal-Authentication/02-target-service-accounts/gateway.yaml diff --git a/Istio/06-Authentication/README.md b/Istio/06-Internal-Authentication/README.md similarity index 70% rename from Istio/06-Authentication/README.md rename to Istio/06-Internal-Authentication/README.md index 5dc5a91..dc7c773 100644 --- a/Istio/06-Authentication/README.md +++ b/Istio/06-Internal-Authentication/README.md @@ -11,4 +11,6 @@ - Audit / logs (should be the 3th) -JWT seems important, refer to source.requestPrincipals \ No newline at end of file +JWT seems important, refer to source.requestPrincipals + +https://istio.io/latest/docs/tasks/security/authentication/ \ No newline at end of file diff --git a/Istio/07-External-Authentication/README.md b/Istio/07-External-Authentication/README.md new file mode 100644 index 0000000..e22d142 --- /dev/null +++ b/Istio/07-External-Authentication/README.md @@ -0,0 +1,6 @@ +https://istio.io/latest/docs/tasks/security/authentication/ + + +External authorization system sounds cool + +https://istio.io/latest/docs/tasks/security/authorization/authz-custom/ \ No newline at end of file diff --git a/Istio/monitoring/tmp.yaml b/Istio/08-monitoring/tmp.yaml similarity index 100% rename from Istio/monitoring/tmp.yaml rename to Istio/08-monitoring/tmp.yaml diff --git a/Istio/NetworkPolicies/README.md b/Istio/__-NetworkPolicies/README.md similarity index 100% rename from Istio/NetworkPolicies/README.md rename to Istio/__-NetworkPolicies/README.md diff --git a/Istio/__-cert-management/README.md b/Istio/__-cert-management/README.md new file mode 100755 index 0000000..293cbab --- /dev/null +++ b/Istio/__-cert-management/README.md @@ -0,0 +1,9 @@ +https://istio.io/latest/docs/tasks/security/cert-management/ + +https://istio.io/latest/docs/ops/integrations/certmanager/ + +https://medium.com/@rd.petrusek/kubernetes-istio-cert-manager-and-lets-encrypt-c3e0822a3aaf + +https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/ (it's performed during the installation of Istio) + +https://istio.io/latest/docs/tasks/security/cert-management/custom-ca-k8s/ (developement) diff --git a/Istio/__Ingress/01-namespace.yaml b/Istio/__Ingress/01-namespace.yaml new file mode 100644 index 0000000..b9d9719 --- /dev/null +++ b/Istio/__Ingress/01-namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-ingress + labels: + istio-injection: "enabled" +--- \ No newline at end of file diff --git a/Istio/__Ingress/README.md b/Istio/__Ingress/README.md new file mode 100644 index 0000000..295b571 --- /dev/null +++ b/Istio/__Ingress/README.md @@ -0,0 +1,23 @@ +https://istio.io/latest/docs/tasks/traffic-management/ingress/ + + +TLS +https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ + + + + +https://istio.io/latest/docs/setup/additional-setup/gateway/#deploying-a-gateway + + +kubectl apply -f 01-namespace.yaml + +istioctl install -f ingress.yaml + + +kubectl get all -A | grep myistio +istio-ingress pod/myistio-ingressgateway-5cdcd89cfb-s4fsz 1/1 Running 0 43s +istio-ingress service/myistio-ingressgateway LoadBalancer 10.102.38.206 192.168.1.51 15021:30287/TCP,80:30979/TCP,443:31405/TCP 43s +istio-ingress deployment.apps/myistio-ingressgateway 1/1 1 1 44s +istio-ingress replicaset.apps/myistio-ingressgateway-5cdcd89cfb 1 1 1 44s +istio-ingress horizontalpodautoscaler.autoscaling/myistio-ingressgateway Deployment/myistio-ingressgateway /80% 1 5 1 44s diff --git a/Istio/cert-manager/README.md b/Istio/cert-manager/README.md deleted file mode 100755 index 17ace85..0000000 --- a/Istio/cert-manager/README.md +++ /dev/null @@ -1,5 +0,0 @@ -https://istio.io/latest/docs/tasks/security/cert-management/ - -https://istio.io/latest/docs/ops/integrations/certmanager/ - -https://medium.com/@rd.petrusek/kubernetes-istio-cert-manager-and-lets-encrypt-c3e0822a3aaf \ No newline at end of file diff --git a/Istio/tmp/README.md b/Istio/tmp/README.md new file mode 100644 index 0000000..0bcf9ac --- /dev/null +++ b/Istio/tmp/README.md @@ -0,0 +1 @@ +https://istio.io/latest/docs/tasks/traffic-management/locality-load-balancing/ \ No newline at end of file