ofilter/Istio_Examples
1
0
Fork 0
Code Issues 26 Pull Requests Packages Projects 1 Releases Wiki Activity

sidk still going and trying things

Browse Source
This commit is contained in:
Oriol
2023-04-14 15:58:30 +01:00
parent 4ef69ba81e
commit 325a316ae2
22 changed files with 799 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Istio/istio-classic/README.md
View File

@ -8,4 +8,9 @@ https://youtu.be/QIkryA8HnQ0
https://github.com/redkubes/otomi-core/blob/main/charts/team-ns/templates/istio-gateway.yaml
https://istio.io/latest/docs/ops/diagnostic-tools/proxy-cmd/
https://istio.io/latest/docs/ops/diagnostic-tools/proxy-cmd/

118
Istio/istio-classic/ingress.yaml
View File

@ -1,34 +1,34 @@
apiVersion: v1
kind: Service
metadata:
name: istio-lb
namespace: istio-system
labels:
istio: istio-ingress
spec:
type: LoadBalancer
ports:
- port: 80
name: http
- port: 443
name: https
selector:
istio: istio-ingress
---
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: my-istio-operator
spec:
# profile: default
profile: empty
components:
ingressGateways:
- name: istio-ingress
enabled: true
label:
istio: my-istio-ingress
#apiVersion: v1
#kind: Service
#metadata:
# name: istio-lb
# namespace: istio-system
# labels:
# istio: istio-ingress
#spec:
# type: LoadBalancer
# ports:
# - port: 80
# name: http
# - port: 443
# name: https
# selector:
# istio: istio-ingress
#---
#apiVersion: install.istio.io/v1alpha1
#kind: IstioOperator
#metadata:
# namespace: istio-system
# name: my-istio-operator
#spec:
## profile: default
# profile: empty
# components:
# ingressGateways:
# - name: istio-ingress
# enabled: true
# label:
# istio: my-istio-ingress
---
#apiVersion: install.istio.io/v1alpha1
#kind: IstioOperator
@ -62,4 +62,58 @@ spec:
# gateways:
# istio-ingressgateway:
# sds:
# enabled: true
# enabled: true
---
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
app: istio-ingressgateway
# install.operator.istio.io/owning-resource: unknown
# install.operator.istio.io/owning-resource-namespace: istio-system
istio: my-ingress-gateway
# istio.io/rev: default
operator.istio.io/component: IngressGateways
# operator.istio.io/managed: Reconcile
# operator.istio.io/version: 1.16.1
# release: istio
name: my-ingress-gateway
namespace: istio-system
resourceVersion: "880342"
uid: 289a34e8-fe45-43ad-8dad-bc3dc9534f5c
spec:
# allocateLoadBalancerNodePorts: true
# clusterIP: 10.110.130.2
# clusterIPs:
# - 10.110.130.2
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: status-port
nodePort: 30276
port: 15021
protocol: TCP
targetPort: 15021
- name: http2
nodePort: 32188
port: 80
protocol: TCP
targetPort: 8080
- name: https
# nodePort: 32437
port: 443
protocol: TCP
# targetPort: 8443
selector:
app: istio-ingressgateway
istio: ingressgateway
# sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 192.168.1.50

8
Istio/istio-classic/simple/README.md
View File

@ -16,4 +16,10 @@
## 03-hello_world_1_service_2_deployments_managed_version
## 04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace
## 04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace
## 05-hello_world_1_Service_Entry
do HTTPS ingress
tcp ingress to minecraft/factorio/zomboid

9
Istio/istio-classic/traffic_management/06-mTLS/README.md Normal file
View File

@ -0,0 +1,9 @@
https://istio.io/latest/docs/concepts/security/#authentication-policies
https://istio.io/latest/docs/tasks/security/authentication/mtls-migration/
# Continues from
- 01-hello_world_1_service_1_deployment

48
Istio/istio-classic/traffic_management/06-mTLS/deployment.yaml Normal file
View File

@ -0,0 +1,48 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
service: helloworld
spec:
ports:
- port: 80
name: http
selector:
app: helloworld
---
#apiVersion: v1
#kind: ServiceAccount
#metadata:
# name: istio-helloworld
# labels:
# account:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-nginx
labels:
app: helloworld
spec:
replicas: 1
selector:
matchLabels:
app: helloworld
template:
metadata:
labels:
app: helloworld
spec:
# serviceAccountName: istio-helloworld
containers:
- name: helloworld
image: nginx
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 80

36
Istio/istio-classic/traffic_management/06-mTLS/gateway.yaml Normal file
View File

@ -0,0 +1,36 @@
# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- helloworld-gateway
http:
- match:
- uri:
exact: /helloworld
route:
- destination:
host: helloworld
port:
number: 80
rewrite:
uri: "/"

17
Istio/istio-classic/traffic_management/README.md Normal file
View File

@ -0,0 +1,17 @@
Should try to do a double Virtual Service chain
https://academy.tetrate.io/courses/take/istio-fundamentals/lessons/19068816-lab-2-observing-failure-injection
Internal TLS between gateway and services
mtls
https://istio.io/latest/docs/tasks/security/authentication/mtls-migration/
automatic mtls (old)
https://istio.io/v1.4/docs/tasks/security/authentication/auto-mtls/