Sidecar 01 works.

Slightliy documented.

Proceeding with sidecar egress.

.gitignore

@@ -0,0 +1 @@
+/.idea/

Istio/istio-classic/README.md

@@ -1,4 +1,23 @@
 
+# Examples
+
+ALL NEEDS DOCUMENTATION
+
+- 01-2_deployments_method
+- 02-DirectResponse-HTTP-Body
+- 03-HTTPRewrite
+- 04-HTTPRedirect
+- 05a-FaultInjection-delay
+- 05b-FaultInjection-abort
+
+
+# TODO
+06-mTLS (pending)
+
+
+
+
+
 Multiple Ingress
 
 https://youtu.be/QIkryA8HnQ0

Istio/istio-classic/simple/01-hello_world_1_service_1_deployment/README.md

@@ -58,17 +58,30 @@ hosts: "*"
 
 
 ```yaml
-hosts: "*"
-uri: "/helloworld"
-rewrite:
-  uri: "/"
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"
 ```
-- Allows the traffic from that have any domain.
+- Allows the traffic that have as a destination any domain.
 
 - Only allows traffic that has as a destination the directory/path `/helloworld`.
 
 - `rewrite.uri` allows to redirect the traffic towards the root directory of the service, as the service(s) used don't have any directory named `helloworld` but are configured to work at the root base level.
 
+- Traffic request is sent to the service named `helloworld`, to the service port 80.
+
 # Run example
 
 ## Deploy resources

Istio/istio-classic/simple/README.md

@@ -8,17 +8,20 @@
 
 # Examples
 
+ALL NEEDS DOCUMENTATION
+
+- 01-hello_world_1_service_1_deployment
+
+- 02-hello_world_1_service_2_deployments_unmanaged
+
+- 03-hello_world_1_service_2_deployments_managed_version
+
+- 04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace
+
+- 05-hello_world_1_Service_Entry
 
 
-## 01-hello_world_1_service_1_deployment
-
-## 02-hello_world_1_service_2_deployments_unmanaged
-
-## 03-hello_world_1_service_2_deployments_managed_version
-
-## 04-hello_world_1_service_2_deployments_managed_version_defaultnt_namespace
-
-## 05-hello_world_1_Service_Entry
+# TODO
 
 do HTTPS ingress
 

Istio/istio-classic/traffic_management/README.md

@@ -1,3 +1,8 @@
+
+
+
+
+
 Should try to do a double Virtual Service chain
 
 https://academy.tetrate.io/courses/take/istio-fundamentals/lessons/19068816-lab-2-observing-failure-injection

Istio/sidecar/01-ingress-proxy-forwarding/README.md

@@ -1,16 +1,12 @@
-
-
-
-
 # Continues from
 
 - 01-hello_world_1_service_1_deployment
 
+# TO TRAFFIC PATH DIAGRAM    etc -> "POD" -> sidecar -> service container
 
+# Description
 
-
-
----
+This example configures the sidecar proxy on the pods created, to forward the traffic incoming from the port `8080` to the port `80`
 
 ## Files
 
@@ -43,9 +39,17 @@
 ###### Configuration
 
 ```yml
-port: 80
-istio-ingress: ingressgateway
-hosts: "*"
+...
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
 ```
 
 #### VirtualService
@@ -54,19 +58,63 @@ hosts: "*"
 
 ###### Configuration
 
+```yaml
+...
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld.default.svc.cluster.local
+            port:
+              number: 8080
+      rewrite:
+        uri: "/"
+```
 
+- On this example, we are using the port `8080` as a destination.
+
+## sidecar.yaml
+
+### creates
+
+#### sidecar
+
+##### helloworld-sidecar
+
+###### Configuration
 
 ```yaml
-hosts: "*"
-uri: "/helloworld"
-rewrite:
-  uri: "/"
-```
-- Allows the traffic from that have any domain.
+...
+spec:
+  workloadSelector:
+    labels:
+      app: helloworld
+  ingress:
+    - port:
+        number: 8080
+        protocol: HTTP
+        name: ingressport
+      defaultEndpoint: 127.0.0.1:80
+````
 
-- Only allows traffic that has as a destination the directory/path `/helloworld`.
+workloadSelector:
 
-- `rewrite.uri` allows to redirect the traffic towards the root directory of the service, as the service(s) used don't have any directory named `helloworld` but are configured to work at the root base level.
+> `workloadSelector` is used to target the `PODS`, on which apply this sidecar configuration. \
+> Bear in mind that this configuration doesn't target kinds `Service`, nor `Deployment`, it's applied to a kind `Pod` or `ServiceEntry` \
+> If there is no `workloadSelector` specified, it will be used as default configuration for the namespace on which was created. \
+> More info in the [Istio documentation for workloadSelector](https://istio.io/latest/docs/reference/config/networking/sidecar/#WorkloadSelector)
+
+ingress:
+
+> Configure the behavior of the ingress traffic.\
+> On this "grabs"/targets the ingress traffic with port 8080, and forwards it to the port IP `127.0.0.1` (loopback) respective to the destination pod, with the destination port set to 80, which is the port that the service is currently listening to.
 
 # Run example
 
@@ -78,16 +126,15 @@ service/helloworld created
 deployment.apps/helloworld-nginx created
 gateway.networking.istio.io/helloworld-gateway created
 virtualservice.networking.istio.io/helloworld-vs created
+sidecar.networking.istio.io/helloworld-sidecar created
 ```
 
 ## Wait for the pods to be ready
 
-(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
-
 ```shell
 $ kubectl get deployment helloworld-nginx -w
 NAME               READY   UP-TO-DATE   AVAILABLE   AGE
-helloworld-nginx   1/1     1            1           44s
+helloworld-nginx   1/1     1            1           39s
 ```
 
 ## Test the service
@@ -103,6 +150,21 @@ istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/
 ### Curl
 
 ```shell
-$ curl 192.168.1.50/helloworld -s | grep "<title>.*</title>"                                                                                                                                                                   ✔
+$ curl 192.168.1.50/helloworld -s | grep "<title>.*</title>"
 <title>Welcome to nginx!</title>
-```
+```
+
+### Delete the sidecar configuration to force failure.
+
+
+```shell
+$ kubectl delete sidecars.networking.istio.io helloworld-sidecar
+sidecar.networking.istio.io "helloworld-sidecar" deleted
+```
+### Curl again
+
+```shell
+$ curl 192.168.1.50/helloworld -s
+upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: delayed connect error: 111
+```
+

Istio/sidecar/01-ingress-proxy-forwarding/deployment.yaml

@@ -2,11 +2,9 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: helloworld-service
+  name: helloworld
   labels:
-    app: helloworld
-    service: helloworld
-#  namespace: visiblent
+    app-name: helloworld
 spec:
   ports:
     - port: 8080
@@ -20,7 +18,6 @@ metadata:
   name: helloworld-nginx
   labels:
     app: helloworld
-#  namespace: visiblent
 spec:
   replicas: 1
   selector:
@@ -30,9 +27,7 @@ spec:
     metadata:
       labels:
         app: helloworld
-#      namespace: visiblent
     spec:
-#      serviceAccountName: istio-helloworld
       containers:
         - name: helloworld
           image: nginx

Istio/sidecar/01-ingress-proxy-forwarding/gateway.yaml

@@ -1,4 +1,3 @@
-# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
 apiVersion: networking.istio.io/v1alpha3
 kind: Gateway
 metadata:
@@ -29,36 +28,8 @@ spec:
             exact: /helloworld
       route:
         - destination:
-            host: helliworld
-#            host: helloworlddo
-#            host: helloworld-nginx-56c5c77cd7-9mxmf.visiblent
+            host: helloworld.default.svc.cluster.local
             port:
               number: 8080
       rewrite:
-        uri: "/"
----
-#apiVersion: networking.istio.io/v1alpha3
-#kind: VirtualService
-#metadata:
-#  name: helloworld-vs
-#spec:
-#  hosts:
-#    - "*"
-#  gateways:
-#    - helloworld-gateway
-#  http:
-#    - timeout: 3s
-#      match:
-#        - uri:
-#            - exact: "/external"
-#      route:
-#        - destination:
-#            host: help.websiteos.com
-#            port:
-#              number: 80
-#      rewrite:
-#        uri: "/websiteos/example_of_a_simple_html_page.htm"
-#      headers:
-#        request:
-#          set:
-#            HOST: "help.websiteos.com"
+        uri: "/"

Istio/sidecar/01-ingress-proxy-forwarding/sidecar.yaml

@@ -1,48 +1,14 @@
-## First we overide the default configuration.
-# This configures the egress, to only allow egress within the same namespace, and to `istio-system`
-#apiVersion: networking.istio.io/v1beta1
-#kind: Sidecar
-#metadata:
-#  name: default
-#  namespace: istio-config
-#spec:
-#  egress:
-#    - hosts:
-#        - "./*"
-#        - "istio-system/*"
----
 apiVersion: networking.istio.io/v1alpha3
 kind: Sidecar
 metadata:
-  name: helloworlddo
-#  name: helloworld-sidecar
-#  namespace: visiblent
+  name: helloworld-sidecar
 spec:
   workloadSelector:
     labels:
       app: helloworld
   ingress:
-#    - bind: 192.168.1.50
-#    - bind: 172.17.121.220
     - port:
         number: 8080
         protocol: HTTP
         name: ingressport
       defaultEndpoint: 127.0.0.1:80
-#      defaultEndpoint: unix:///var/run/someuds.sock
-#      captureMode: DEFAULT
-#  egress:
-#    - port:
-#        number: 80
-#        protocol: HTTP
-#        name: egressport
-#      hosts:
-#        - "prod-us1/*"
-#    - hosts:
-#        - "istio-system/*"
-#  egress:
-#      hosts:
-#        - "./*"
-#        - "istio-system/*"
-#      captureMode: DEFAULT
-

Istio/sidecar/02-egress-proxy-forwarding/01-namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo
+  labels:
+    istio-injection: "enabled"
+---

Istio/sidecar/02-egress-proxy-forwarding/02-deployment.yaml

@@ -0,0 +1,42 @@
+## https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app-name: helloworld
+  namespace: not-default
+spec:
+  ports:
+    - port: 8080
+      name: http
+  selector:
+    app: helloworld
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+    namespace: not-default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+#      namespace: not-default
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80

Istio/sidecar/02-egress-proxy-forwarding/README.md

@@ -0,0 +1,12 @@
+# Continues from
+
+- 01-hello_world_1_service_1_deployment
+
+# Description
+
+
+This example configures the sidecar proxy on the pods created, to forward the traffic ongoing (egress)
+
+- Configure egress to a different namespace?
+
+

Istio/sidecar/02-egress-proxy-forwarding/deployment.yaml

@@ -0,0 +1,39 @@
+## https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app-name: helloworld
+spec:
+  ports:
+    - port: 8080
+      name: http
+  selector:
+    app: helloworld
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80

Istio/sidecar/02-egress-proxy-forwarding/sidecar.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Sidecar
+metadata:
+  name: helloworld-sidecar
+spec:
+  workloadSelector:
+    labels:
+      app: helloworld
+  ingress:
+    - port:
+        number: 8080
+        protocol: HTTP
+        name: ingressport
+      defaultEndpoint: 127.0.0.1:80

Istio/sidecar/README.md

@@ -1,3 +1,26 @@
+
+## Examples
+
+- 01-ingress-proxy-forwarding
+
+-
+
+
+
+
+
+
+
+egress from (pod to pod)
+
+mtls
+
+
+
+
+
+---
+
 https://istio.io/latest/docs/reference/config/networking/sidecar/