Merge remote-tracking branch 'origin/dev' into dev

.placeholder/text.md

@@ -0,0 +1,54 @@
+
+https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPRedirect
+
+## The idea is that this rewrite is handled "externally" by the client, not by Istio.
+
+
+
+## Practical examples
+
+
+### HTTP to HTTPS redirect.
+
+The following Virtual Service configuration will redirect all the incoming traffic from the gateway `my-gateway` that uses the http protocol, to the https protocol.
+
+In this example, it would forward all the `http` traffic without taking into account which port is used. 
+
+```
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: to-https-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - my-gateway
+  http:
+  - match:
+    - name: to_https
+      match:
+        scheme: http
+      redirect:
+        scheme: https
+```
+
+### Migrated from a domain
+
+The following will update the requests coming "to" the domain `old.domain.com` and rewrite the URL to use the "new" `new.domain.com`
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: update-domain-vs
+spec:
+  hosts:
+    - "old.domain.com"
+  gateways:
+    - helloworld-gateway
+  http:
+    - name: forward-to-new-domain
+      redirect:
+        authority: "new.domain.com"
+```

02-Traffic_management/03-HTTPRewrite/README.md

@@ -221,7 +221,7 @@ curl 192.168.1.50/helloworld -s | grep "<h1>.*</h1>"
 <center><h1>404 Not Found</h1></center>
 ```
 
-## Cleanup
+## Cleanup`
 
 Finally, a cleanup from the resources deployed.
 

02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/gateway.yaml

@@ -1,55 +0,0 @@
-apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
-  name: helloworld-gateway
-spec:
-  selector:
-    istio: ingressgateway # use istio default controller
-  servers:
-    - port:
-        number: 80
-        name: http
-        protocol: HTTP
-      hosts:
-        - "*"
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: helloworld-vs
-spec:
-  hosts:
-    - "*"
-  gateways:
-    - helloworld-gateway
-  http:
-    - name: https-external-service
-      timeout: 3s
-      match:
-        - uri:
-            exact: "/external"
-      route:
-        - destination:
-            host: "github.com"
-            port:
-              number: 8443
-      rewrite:
-        uri: "/OriolFilter/"
-      headers:
-        request:
-          set:
-            HOST: "github.com"
----
-apiVersion: networking.istio.io/v1alpha3
-kind: DestinationRule
-metadata:
-  name: github.com
-  namespace: default
-spec:
-  host: github.com
-  trafficPolicy:
-    portLevelSettings:
-      - port:
-          number: 8443
-        tls:
-          mode: SIMPLE

02-Traffic_management/README.md

@@ -1,23 +1 @@
-# Examples
-
-(almost) ALL NEEDS DOCUMENTATION / REVIEW
-
-- 01-2_deployments_method
-- 02-DirectResponse-HTTP-Body
-- 03-HTTPRewrite
-- 04-HTTPRedirect
-- 05a-FaultInjection-delay
-- 05b-FaultInjection-abort
-- 06-mTLS  (would need some documentation review, mainly go over the differences respective to the template/prior configuration used)
-- 07-HTTPS-Gateway-Simple-TLS   <- Doesn't respect the changelog format.
-- 08a-HTTPS-min-TLS-version
-- 08b-HTTPS-max-TLS-version
-- 09-HTTPS-backend
-- 10-TCP-FORWARDING
-- 11-TLS-PASSTHROUGH
-- 12-HTTP-to-HTTPS-traffic-redirect    -> Documented.  
-
-
-
-This will need some reorganization.
-
+This gloves the resources `Virtual Service` and `Destination Rule`

03-Gateway_Ingress/01-Host_Based_Routing/Deployment.yaml

@@ -1,17 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: helloworld
-  labels:
-    app: helloworld
-    service: helloworld
-spec:
-  ports:
-    - port: 80
-      name: http
-  selector:
-    app: helloworld
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:

03-Gateway_Ingress/01-Host_Based_Routing/Gateway.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "my.domain"

03-Gateway_Ingress/01-Host_Based_Routing/README.md

@@ -0,0 +1,238 @@
+---
+gitea: none
+include_toc: true
+---
+
+# Description
+
+This example deploys the same infrastructure as the [previous example](../../01-Getting_Started/01-hello_world_1_service_1_deployment), and restricts the access to the gateway based on the domain host from the destination URL.
+
+The domain host targeted will be `my.domain`.
+
+This example configures:
+
+    Generic Kubernetes resources:
+    - 1 Service
+    - 1 Deployment
+    
+    Istio resources:
+    - 1 Gateway
+    - 1 Virtual Service
+
+> **Note:**\
+> I don't intend to explain thing related to Kubernetes unless necessary.
+
+
+# Based on
+
+- [01-hello_world_1_service_1_deployment](../../01-Getting_Started/01-hello_world_1_service_1_deployment
+
+# Configuration
+
+## Service
+
+Creates a service named `helloworld`.
+
+This service listens for the port `80` expecting `HTTP` traffic and will forward the incoming traffic towards the port `80` from the destination pod.
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld
+```
+
+## Deployment
+
+Deploys a Nginx server that listens for the port `80`.
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80
+```
+
+## Gateway
+
+Deploys an Istio gateway that's listening to the port `80` for `HTTP` traffic.
+
+The gateway only will allow the traffic that uses as a URL host: `my.domain`.
+
+The `selector` field is used to "choose" which Istio Load Balancers will have this gateway assigned to.
+
+The Istio `default` profile creates a Load Balancer in the namespace `istio-system` that has the label `istio: ingressgateway` set, allowing us to target that specific Load Balancer and assign this gateway resource to it.
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "my.domain"
+```
+
+## VirtualService
+
+The Virtual Service resources are used to route and filter the received traffic from the gateway resources, and route it towards the desired destination.
+
+On this example we select the gateway `helloworld-gateway`, which is the [gateway that 's described in the `Gateway` section](#gateway).
+
+On this resource, we are also not limiting the incoming traffic to any specific host, allowing for all the incoming traffic to go through the rules set.
+
+Here we created a rule that will be applied on `HTTP` related traffic (including `HTTPS` and `HTTP2`) when the destination path is exactly `/helloworld`.
+
+This traffic will be forwarded to the port `80` of the destination service `helloworld` (the full path URL equivalent would be `helloworld.$NAMESPACE.svc.cluster.local`).
+
+Additionally, there will be an internal URL rewrite set, as if the URL is not modified, it would attempt to reach to the `/helloworld` path from the Nginx deployment, which currently has no content and would result in an error code `404` (Not found).
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"
+```
+
+# Walkthrough
+
+## Deploy resources
+
+Deploy the resources.
+
+```shell
+kubectl apply -f ./ 
+```
+```text
+deployment.apps/helloworld-nginx created
+gateway.networking.istio.io/helloworld-gateway created
+service/helloworld created
+virtualservice.networking.istio.io/helloworld-vs created
+```
+
+## Wait for the deployment to be ready
+
+Wait for the Nginx deployment to be up and ready.
+
+```shell
+kubectl get deployment helloworld-nginx -w 
+```
+```text
+NAME               READY   UP-TO-DATE   AVAILABLE   AGE
+helloworld-nginx   1/1     1            1           44s
+```
+
+## Test the service
+
+### Get LB IP
+
+To perform the desired tests, we will need to obtain the IP Istio Load Balancer that we selected in the [Gateway section](#gateway).
+
+On my environment, the IP is the `192.168.1.50`.
+
+```shell
+kubectl get svc -l istio=ingressgateway -A
+```
+```text
+NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
+istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
+```
+
+### Curl /helloworld
+
+When performing a curl towards the destination path, as we are not using the domain host specified in the [gateway resource](#gateway), we are failing to match any rule.
+
+```shell
+ curl 192.168.1.50/helloworld -I
+```
+```text
+HTTP/1.1 404 Not Found
+date: Wed, 10 May 2023 08:25:26 GMT
+server: istio-envoy
+transfer-encoding: chunked
+```
+
+### Curl my.domain/helloworld
+
+We can "fake" the destination domain by modifying the `Host` header.
+
+After setting that up, and attempting to curl the destination, we receive a positive response from the Nginx backend. 
+
+```shell
+curl 192.168.1.50/helloworld -s -HHOST:my.domain | grep "<title>.*</title>"
+```
+```text
+<title>Welcome to nginx!</title>
+```
+
+
+## Cleanup
+
+Finally, a cleanup from the resources deployed.
+
+```shell
+kubectl delete -f ./
+```
+```text
+deployment.apps "helloworld-nginx" deleted
+gateway.networking.istio.io "helloworld-gateway" deleted
+service "helloworld" deleted
+virtualservice.networking.istio.io "helloworld-vs" deleted
+```
+
+# Links of interest
+
+- https://istio.io/latest/docs/reference/config/networking/gateway/

03-Gateway_Ingress/01-Host_Based_Routing/Service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld

03-Gateway_Ingress/01-Host_Based_Routing/VirtualService.yaml

@@ -1,22 +1,4 @@
 apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
-  name: helloworld-gateway
-spec:
-  selector:
-    istio: ingressgateway
-  servers:
-    - port:
-        number: 443
-        name: secure-http
-        protocol: HTTPS
-      hosts:
-        - "*"
-      tls:
-        mode: SIMPLE
-        credentialName: my-tls-cert-secret
----
-apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: helloworld-vs

03-Gateway_Ingress/02-Restrict_Namespaces/01-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo

03-Gateway_Ingress/02-Restrict_Namespaces/Deployment.yaml

@@ -1,17 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: helloworld
-  labels:
-    app: helloworld
-    service: helloworld
-spec:
-  ports:
-    - port: 80
-      name: http
-  selector:
-    app: helloworld
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:

03-Gateway_Ingress/02-Restrict_Namespaces/Gateway.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 80
+        name: http-b
+        protocol: HTTP
+      hosts:
+        - "foo/*"

03-Gateway_Ingress/02-Restrict_Namespaces/README.md

@@ -0,0 +1,294 @@
+---
+gitea: none
+include_toc: true
+---
+
+# Description
+
+This example deploys the same infrastructure as the [previous example](../../01-Getting_Started/01-hello_world_1_service_1_deployment), and restrict which `VirtualService` Istio resources can access/select the `Gateway` Istio resource, based on the `VirtualService` namespace.
+
+The domain host targeted will be `my.domain`.
+
+This example configures:
+
+    Generic Kubernetes resources:
+    - 1 Service
+    - 1 Deployment
+    - 1 Namespace
+    
+    Istio resources (`default` namespace):
+    - 1 Gateway
+    -  Virtual Service
+
+    Istio resources (`foo`namespace):
+    - 1 Virtual Service
+
+> **Note:**\
+> I don't intend to explain thing related to Kubernetes unless necessary.
+
+# Based on
+
+- [01-hello_world_1_service_1_deployment](../../01-Getting_Started/01-hello_world_1_service_1_deployment
+
+# Configuration
+
+## Service
+
+Creates a service named `helloworld`.
+
+This service listens for the port `80` expecting `HTTP` traffic and will forward the incoming traffic towards the port `80` from the destination pod.
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld
+```
+
+## Deployment
+
+Deploys a Nginx server that listens for the port `80`.
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80
+```
+
+## Namespace
+
+Creates a namespace named `foo`.
+
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo
+```
+
+## Gateway
+
+Deploys an Istio gateway that's listening to the port `80` for `HTTP` traffic.
+
+The gateway won't target any specific host domain, yet limits the `VirtualService` Istio resources that can target this gateway, limiting its access to the `VirtualServices` Istio resources created in the `foo` namespace.
+
+The `selector` field is used to "choose" which Istio Load Balancers will have this gateway assigned to.
+
+The Istio `default` profile creates a Load Balancer in the namespace `istio-system` that has the label `istio: ingressgateway` set, allowing us to target that specific Load Balancer and assign this gateway resource to it.
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 80
+        name: http-b
+        protocol: HTTP
+      hosts:
+        - "foo/*"
+```
+
+## VirtualService
+
+We will create two `VirtualServices` with the same configuration, only difference will be the namespace they are created onto (and the destination path), this will be used to test if the [`Gateway` namespace restriction configured](#gateway) is being applied to the `VirtualService` resources as desired. 
+
+On this example we select the gateway `helloworld-gateway`, which is the [gateway that 's described in the `Gateway` section](#gateway).
+
+On this resource, we are also not limiting the incoming traffic to any specific host, allowing for all the incoming traffic to go through the rules set.
+
+Additionally, there will be an internal URL rewrite set, as if the URL is not modified, it would attempt to reach to the `/helloworld` path from the Nginx deployment, which currently has no content and would result in an error code `404` (Not found).
+
+
+## helloworld-foo
+
+`VirtualService` created in the namespace `foo`.
+
+Here we created a rule that will be applied on `HTTP` related traffic (including `HTTPS` and `HTTP2`) when the destination path is exactly `/helloworld`.
+
+This traffic will be forwarded to the port `80` of the destination service `helloworld.default.svc.cluster.local`.
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-foo
+  namespace: foo
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - default/helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld.default.svc.cluster.local
+            port:
+              number: 80
+      rewrite:
+        uri: "/"
+```
+
+## helloworld-default
+
+`VirtualService` created in the namespace `default`.
+
+Here we created a rule that will be applied on `HTTP` related traffic (including `HTTPS` and `HTTP2`) when the destination path is exactly `/failure`.
+
+This traffic will be forwarded to the port `80` of the destination service `helloworld.default.svc.cluster.local`.
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-default
+  namespace: default
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - default/helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /failure
+      route:
+        - destination:
+            host: helloworld.default.svc.cluster.local
+            port:
+              number: 80
+      rewrite:
+        uri: "/"
+```
+
+# Walkthrough
+
+## Deploy resources
+
+Deploy the resources.
+
+```shell
+kubectl apply -f ./ 
+```
+```text
+namespace/foo created
+deployment.apps/helloworld-nginx created
+gateway.networking.istio.io/helloworld-gateway created
+service/helloworld created
+virtualservice.networking.istio.io/helloworld-foo created
+virtualservice.networking.istio.io/helloworld-default created
+```
+
+## Wait for the deployment to be ready
+
+Wait for the Nginx deployment to be up and ready.
+
+```shell
+kubectl get deployment helloworld-nginx -w 
+```
+```text
+NAME               READY   UP-TO-DATE   AVAILABLE   AGE
+helloworld-nginx   1/1     1            1           44s
+```
+
+## Test the service
+
+### Get LB IP
+
+To perform the desired tests, we will need to obtain the IP Istio Load Balancer that we selected in the [Gateway section](#gateway).
+
+On my environment, the IP is the `192.168.1.50`.
+
+```shell
+kubectl get svc -l istio=ingressgateway -A
+```
+```text
+NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
+istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
+```
+
+### Curl /helloworld
+
+When performing a curl towards the destination path, as we are not using the domain host specified in the [gateway resource](#gateway), we are failing to match any rule.
+
+```shell
+ curl 192.168.1.50/helloworld -I
+```
+```text
+HTTP/1.1 404 Not Found
+date: Wed, 10 May 2023 08:25:26 GMT
+server: istio-envoy
+transfer-encoding: chunked
+```
+
+### Curl my.domain/helloworld
+
+We can "fake" the destination domain by modifying the `Host` header.
+
+After setting that up, and attempting to curl the destination, we receive a positive response from the Nginx backend. 
+
+```shell
+curl 192.168.1.50/helloworld -s -HHOST:my.domain | grep "<title>.*</title>"
+```
+```text
+<title>Welcome to nginx!</title>
+```
+
+
+## Cleanup
+
+Finally, a cleanup from the resources deployed.
+
+```shell
+kubectl delete -f ./
+```
+```text
+namespace "foo" deleted
+deployment.apps "helloworld-nginx" deleted
+gateway.networking.istio.io "helloworld-gateway" deleted
+service "helloworld" deleted
+virtualservice.networking.istio.io "helloworld-foo" deleted
+virtualservice.networking.istio.io "helloworld-default" deleted
+```
+
+# Links of interest
+
+- https://istio.io/latest/docs/reference/config/networking/gateway/

03-Gateway_Ingress/02-Restrict_Namespaces/Service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld

03-Gateway_Ingress/02-Restrict_Namespaces/VirtualService.yaml

@@ -0,0 +1,43 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-foo
+  namespace: foo
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - default/helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld.default.svc.cluster.local
+            port:
+              number: 80
+      rewrite:
+        uri: "/"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-default
+  namespace: default
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - default/helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /failure
+      route:
+        - destination:
+            host: helloworld.default.svc.cluster.local
+            port:
+              number: 80
+      rewrite:
+        uri: "/"

03-Gateway_Ingress/07-HTTPS-Gateway-Simple-TLS/Deployment.yaml

@@ -1,17 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: helloworld
-  labels:
-    app: helloworld
-    service: helloworld
-spec:
-  ports:
-    - port: 80
-      name: http
-  selector:
-    app: helloworld
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:

03-Gateway_Ingress/07-HTTPS-Gateway-Simple-TLS/Gateway.yaml

@@ -0,0 +1,17 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 443
+        name: secure-http
+        protocol: HTTPS
+      hosts:
+        - "*"
+      tls:
+        mode: SIMPLE
+        credentialName: my-tls-cert-secret

03-Gateway_Ingress/07-HTTPS-Gateway-Simple-TLS/Service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld

03-Gateway_Ingress/07-HTTPS-Gateway-Simple-TLS/VirtualService.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"

03-Gateway_Ingress/08a-HTTPS-min-TLS-version/Deployment.yaml

@@ -1,17 +1,3 @@
-## https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: helloworld
-  labels:
-    app: helloworld
-spec:
-  ports:
-    - port: 8080
-      name: http
-  selector:
-    app: helloworld
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:

03-Gateway_Ingress/08a-HTTPS-min-TLS-version/Gateway.yaml

@@ -16,24 +16,3 @@ spec:
         mode: SIMPLE
         credentialName: my-tls-cert-secret
         minProtocolVersion: TLSV1_3
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: helloworld-vs
-spec:
-  hosts:
-    - "*"
-  gateways:
-    - helloworld-gateway
-  http:
-    - match:
-        - uri:
-            exact: /helloworld
-      route:
-        - destination:
-            host: helloworld
-            port:
-              number: 80
-      rewrite:
-        uri: "/"

03-Gateway_Ingress/08a-HTTPS-min-TLS-version/Service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld

03-Gateway_Ingress/08a-HTTPS-min-TLS-version/VirtualService.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"

03-Gateway_Ingress/08b-HTTPS-max-TLS-version/Deployment.yaml

@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80

03-Gateway_Ingress/08b-HTTPS-max-TLS-version/Gateway.yaml

@@ -16,24 +16,3 @@ spec:
         mode: SIMPLE
         credentialName: my-tls-cert-secret
         maxProtocolVersion: TLSV1_2
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: helloworld-vs
-spec:
-  hosts:
-    - "*"
-  gateways:
-    - helloworld-gateway
-  http:
-    - match:
-        - uri:
-            exact: /helloworld
-      route:
-        - destination:
-            host: helloworld
-            port:
-              number: 80
-      rewrite:
-        uri: "/"

03-Gateway_Ingress/08b-HTTPS-max-TLS-version/Service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld

03-Gateway_Ingress/08b-HTTPS-max-TLS-version/VirtualService.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"

03-Sidecar/01-ingress-proxy-forwarding/README.md

@@ -1,172 +0,0 @@
-# Continues from
-
-- 01-hello_world_1_service_1_deployment
-
-# TO TRAFFIC PATH DIAGRAM
-
-`etc -> "POD" -> sidecar -> service container`
-
-# Description
-
-This example configures the sidecar proxy on the pods created, to forward the traffic incoming from the port `8080` to the port `80`
-
-## Files
-
-- deployment.yaml
-- gateway.yaml
-- sidecar.yaml
-
-> Added the `sidecar.yaml` file.
-
-## deployment.yaml
-
-### Creates
-
-#### Service
-
-- helloworld
-
-#### Deployments
-
-- helloworld-nginx  (Nginx container)
-
-## gateway.yaml
-
-### Creates
-
-#### Gateway
-
-##### helloworld-gateway
-
-###### Configuration
-
-```yml
-...
-spec:
-  selector:
-    istio: ingressgateway # use istio default controller
-  servers:
-    - port:
-        number: 80
-        name: http
-        protocol: HTTP
-      hosts:
-        - "*"
-```
-
-#### VirtualService
-
-##### helloworld-vs
-
-###### Configuration
-
-```yaml
-...
-spec:
-  hosts:
-    - "*"
-  gateways:
-    - helloworld-gateway
-  http:
-    - match:
-        - uri:
-            exact: /helloworld
-      route:
-        - destination:
-            host: helloworld.default.svc.cluster.local
-            port:
-              number: 8080
-      rewrite:
-        uri: "/"
-```
-
-- On this example, we are using the port `8080` as a destination.
-
-## sidecar.yaml
-
-### creates
-
-#### sidecar
-
-##### helloworld-sidecar
-
-###### Configuration
-
-```yaml
-...
-spec:
-  workloadSelector:
-    labels:
-      app: helloworld
-  ingress:
-    - port:
-        number: 8080
-        protocol: HTTP
-        name: ingressport
-      defaultEndpoint: 127.0.0.1:80
-````
-
-workloadSelector:
-
-> `workloadSelector` is used to target the `PODS`, on which apply this sidecar configuration. \
-> Bear in mind that this configuration doesn't target kinds `Service`, nor `Deployment`, it's applied to a kind `Pod` or `ServiceEntry` \
-> If there is no `workloadSelector` specified, it will be used as default configuration for the namespace on which was created. \
-> More info in the [Istio documentation for workloadSelector](https://istio.io/latest/docs/reference/config/networking/sidecar/#WorkloadSelector)
-
-ingress:
-
-> Configure the behavior of the ingress traffic.\
-> On this "grabs"/targets the ingress traffic with port 8080, and forwards it to the port IP `127.0.0.1` (loopback) respective to the destination pod, with the destination port set to 80, which is the port that the service is currently listening to.
-
-# Run example
-
-## Deploy resources
-
-```shell
-$ kubectl apply -f ./
-service/helloworld created
-deployment.apps/helloworld-nginx created
-gateway.networking.istio.io/helloworld-gateway created
-virtualservice.networking.istio.io/helloworld-vs created
-sidecar.networking.istio.io/helloworld-sidecar created
-```
-
-## Wait for the pods to be ready
-
-```shell
-$ kubectl get deployment helloworld-nginx -w
-NAME               READY   UP-TO-DATE   AVAILABLE   AGE
-helloworld-nginx   1/1     1            1           39s
-```
-
-## Test the service
-
-### Get LB IP
-
-```shell
-$ kubectl get svc istio-ingressgateway -n istio-system
-NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
-istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
-```
-
-### Curl
-
-```shell
-$ curl 192.168.1.50/helloworld -s | grep "<title>.*</title>"
-<title>Welcome to nginx!</title>
-```
-
-### Delete the sidecar configuration to force failure.
-
-
-```shell
-$ kubectl delete sidecars.networking.istio.io helloworld-sidecar
-sidecar.networking.istio.io "helloworld-sidecar" deleted
-```
-### Curl again
-
-```shell
-$ curl 192.168.1.50/helloworld -s
-upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: delayed connect error: 111
-```
-

04-Backends/05-Service_Entry/Gateway.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"

04-Backends/05-Service_Entry/VirtualService.yaml

@@ -1,19 +1,4 @@
 apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
-  name: helloworld-gateway
-spec:
-  selector:
-    istio: ingressgateway # use istio default controller
-  servers:
-    - port:
-        number: 80
-        name: http
-        protocol: HTTP
-      hosts:
-        - "*"
----
-apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: helloworld-vs

04-Backends/09-HTTPS-backend/README.md

@@ -5,7 +5,7 @@ include_toc: true
 
 # Based on
 
-- [08a-HTTPS-min-TLS-version](../08a-HTTPS-min-TLS-version)
+- [08a-HTTPS-min-TLS-version](../../03-Gateway_Ingress/08a-HTTPS-min-TLS-version)
 
 # Description
 
@@ -197,7 +197,7 @@ spec:
 ```
 
 > **Note**:\
-> As this configuration is very board, and targets the whole namespace, I would strongly recommend referring to the following example [06-Internal-Authentication/02-target-service-accounts](../../06-AuthorizationPolicy/02-target-service-accounts), which shows how to target service accounts set to resources, limiting the scope of this rule set.
+> As this configuration is very board, and targets the whole namespace, I would strongly recommend referring to the following example [06-Internal-Authentication/02-target-service-accounts](../../08-AuthorizationPolicy/02-target-service-accounts), which shows how to target service accounts set to resources, limiting the scope of this rule set.
 
 # Walkthrough
 

05-Sidecar/01-ingress-proxy-forwarding/Deployment.yaml

@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80

05-Sidecar/01-ingress-proxy-forwarding/Gateway.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"

05-Sidecar/01-ingress-proxy-forwarding/README.md

@@ -0,0 +1,291 @@
+---
+gitea: none
+include_toc: true
+---
+
+# Description
+
+This example deploys the same infrastructure as the [previous example](../../01-Getting_Started/01-hello_world_1_service_1_deployment), configures the **sidecar** `envoy-proxy`/`istio-proxy`/`sidecar-proxy` on the pods created, to forward the traffic incoming from the port `8080` to the port `80`.
+
+This example configures:
+
+    Generic Kubernetes resources:
+    - 1 Service
+    - 1 Deployment
+    
+    Istio resources:
+    - 1 Gateway
+    - 1 Virtual Service
+    - 1 Sidecar configration
+
+# Based on
+
+- [01-hello_world_1_service_1_deployment](../../01-Getting_Started/01-hello_world_1_service_1_deployment)
+
+# Configuration
+
+`etc -> "POD" -> sidecar -> service container`
+
+## Service
+
+Creates a service named `helloworld`.
+
+This service listens for the port `8080` expecting `HTTP` traffic and will forward the incoming traffic towards the port `8080` from the destination pod.
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+spec:
+  ports:
+    - port: 8080
+      name: http
+  selector:
+    app: helloworld
+```
+
+## Deployment
+
+Deploys a Nginx server that listens for the port `80`.
+
+We can notice how in the service we opened the port `8080` and in the deployment we are listening to the port `80`, more about this in the [Sidecar Section](#sidecar).
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80
+```
+
+
+## Gateway
+
+Deploys an Istio gateway that's listening to the port `80` for `HTTP` traffic.
+
+It doesn't filter for any specific host.
+
+The `selector` field is used to "choose" which Istio Load Balancers will have this gateway assigned to.
+
+The Istio `default` profile creates a Load Balancer in the namespace `istio-system` that has the label `istio: ingressgateway` set, allowing us to target that specific Load Balancer and assign this gateway resource to it.
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
+```
+
+## VirtualService
+
+The Virtual Service resources are used to route and filter the received traffic from the gateway resources, and route it towards the desired destination.
+
+On this example we select the gateway `helloworld-gateway`, which is the [gateway that 's described in the `Gateway` section](#gateway).
+
+On this resource, we are also not limiting the incoming traffic to any specific host, allowing for all the incoming traffic to go through the rules set.
+
+Here we created a rule that will be applied on `HTTP` related traffic when the destination path is exactly `/helloworld`.
+
+This traffic will be forwarded to the port `8080` of the destination service `helloworld` (the full path URL equivalent would be `helloworld.$NAMESPACE.svc.cluster.local`).
+
+Additionally, there will be an internal URL rewrite set, as if the URL is not modified, it would attempt to reach to the `/helloworld` path from the Nginx deployment, which currently has no content and would result in an error code `404` (Not found).
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"
+```
+
+## Sidecar
+
+This will configure the sidecar configuration from the `envoy-proxy` in each pod.
+
+`workloadSelector` will be used to select the target pods, where, on this scenario, it will target the pods that have the label set `app: helloworld`.
+
+The ingress configuration set, will listen for the port `8080` from the pod, and forward it to the pod's port `80` through the loopback (127.0.0.1) IP.
+
+On this scenario we are performing a simple `8080` to `80` redirect.
+
+> **Note:**\
+> A reminder that a `POD` is an object that groups container(s).
+
++ more notes:
+
+- workloadSelector:
+
+> `workloadSelector` is used to target the `PODS`, on which apply this sidecar configuration. \
+> Bear in mind that this configuration doesn't target kinds `Service`, nor `Deployment`, it's applied to a kind `Pod` or `ServiceEntry` \
+> If there is no `workloadSelector` specified, it will be used as default configuration for the namespace on which was created. \
+> More info in the [Istio documentation for workloadSelector](https://istio.io/latest/docs/reference/config/networking/sidecar/#WorkloadSelector)
+
+- ingress:
+
+> Configure the behavior of the ingress traffic.\
+> On this "grabs"/targets the ingress traffic with port 8080, and forwards it to the port IP `127.0.0.1` (loopback) respective to the destination pod, with the destination port set to 80, which is the port that the service is currently listening to.
+
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Sidecar
+metadata:
+  name: helloworld-sidecar
+spec:
+  workloadSelector:
+    labels:
+      app: helloworld
+  ingress:
+    - port:
+        number: 8080
+        protocol: HTTP
+        name: ingressport
+      defaultEndpoint: 127.0.0.1:80
+```
+
+# Run example
+
+## Deploy resources
+
+```shell
+kubectl apply -f ./
+```
+
+```text
+deployment.apps/helloworld-nginx created
+gateway.networking.istio.io/helloworld-gateway created
+service/helloworld created
+sidecar.networking.istio.io/helloworld-sidecar created
+virtualservice.networking.istio.io/helloworld-vs created
+```
+
+## Wait for the pods to be ready
+
+```shell
+kubectl get deployment helloworld-nginx -w
+```
+
+```text
+NAME               READY   UP-TO-DATE   AVAILABLE   AGE
+helloworld-nginx   1/1     1            1           39s
+```
+
+## Test the service
+
+### Get LB IP
+
+To perform the desired tests, we will need to obtain the IP Istio Load Balancer that we selected in the [Gateway section](#gateway).
+
+On my environment, the IP is the `192.168.1.50`.
+
+```shell
+kubectl get svc -l istio=ingressgateway -A
+```
+```text
+NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
+istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
+```
+
+### Curl
+
+We can perform a curl towards the destination.
+
+A reminder that the configuration set in the [service](#service) created, it's listening to the port `8080` and forwarding the traffic to the same pod (`8080`).
+
+As well on the Istio's [VirtualService](#virtualservice), we configured the destination port as `8080`.
+
+Yet, on the [Sidecar](#sidecar) configuration, we are redirecting the ingress traffic from the port `8080`, to the port `80`.
+
+```shell
+curl 192.168.1.50/helloworld -s | grep "<title>.*</title>"
+```
+```text
+<title>Welcome to nginx!</title>
+```
+
+### Delete the sidecar configuration to force failure.
+
+As per the moment let's delete the `sidecar` configuration deployed.
+
+```shell
+kubectl delete sidecars.networking.istio.io helloworld-sidecar
+```
+```text
+sidecar.networking.istio.io "helloworld-sidecar" deleted
+```
+
+### Curl again
+
+After deleting the `sidecar` configuration, which was handling the ingress traffic from port `8080`, we can observe that we are no longer able to handle the incoming requests, raising an error message. 
+
+```shell
+curl 192.168.1.50/helloworld -s
+```
+```text
+upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: delayed connect error: 111
+```
+
+## Cleanup
+
+Finally, a cleanup from the resources deployed.
+
+```shell
+kubectl delete -f ./
+```
+```text
+deployment.apps "helloworld-nginx" deleted
+gateway.networking.istio.io "helloworld-gateway" deleted
+service "helloworld" deleted
+virtualservice.networking.istio.io "helloworld-vs" deleted
+Error from server (NotFound): error when deleting "Sidecar.yaml": sidecars.networking.istio.io "helloworld-sidecar" not found
+```
+
+

05-Sidecar/01-ingress-proxy-forwarding/Service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+spec:
+  ports:
+    - port: 8080
+      name: http
+  selector:
+    app: helloworld

05-Sidecar/01-ingress-proxy-forwarding/VirtualService.yaml

@@ -1,19 +1,4 @@
 apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
-  name: helloworld-gateway
-spec:
-  selector:
-    istio: ingressgateway # use istio default controller
-  servers:
-    - port:
-        number: 80
-        name: http
-        protocol: HTTP
-      hosts:
-        - "*"
----
-apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: helloworld-vs

07-MeshConfig/01-Outboud-Traffic-Policy/README.md

@@ -10,7 +10,7 @@ On this example compares the behavior between setting up the MeshConfig `Outboun
 
 - REGISTRY_ONLY: Restricted to services that figure in the service registry a and the ServiceEntry objects.
 
-More info regarding this configuration at the pertintent documentation (https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-OutboundTrafficPolicy-Mode)
+More info regarding this configuration at the pertinent documentation (https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-OutboundTrafficPolicy-Mode)
 
 ## Runthrough
 
@@ -70,7 +70,7 @@ server: istio-envoy
 
 ### Test egress the helloworld deployment
 
-It returns a 301 code, meaning that it was able to reach the destination and it was attempted to redirect the traffic from HTTP to HTTPS.
+It returns a 301 code, meaning that it was able to reach the destination, and it was attempted to redirect the traffic from HTTP to HTTPS.
 
 ```shell
 $ kubectl exec -i -t "$(kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}')" -- curl wikipedia.com -I

08-AuthorizationPolicy/01-target-namespaces/README.md

@@ -5,7 +5,7 @@ include_toc: true
 
 # Continues from
 
-- [06-mTLS](../../02-Traffic_management/06-mTLS)
+- [06-mTLS](../../10-mTLS_PeerAuthentication/06-mTLS)
 
 ## Description
 

10-mTLS_PeerAuthentication/01-disable-mTLS/README.md

@@ -558,7 +558,7 @@ On this scenario, we met a fatal error, not allowing us to access the service, u
 
 From my understanding, not only from this interaction, but from investigating through Istio forums (yet I don't have the link handy, so take this words with some grains of salt), **the traffic cannot be double terminated**, for such if we have an `HTTPS` backend, we might require to disable `mTLS` in order to communicate with it. We also would need to set a [Destination Rule like we did further above](#destination-rule), to specify that the traffic must be terminated with the backend (`tls.mode: STRICT`).
 
-Yet this depends on which would be our architecture, due also being able to set up [TLS Passthrough](../../02-Traffic_management/11-TLS-PASSTHROUGH), or use a [TCP Forwarding](../../02-Traffic_management/10-TCP-FORWARDING).
+Yet this depends on which would be our architecture, due also being able to set up [TLS Passthrough](../../03-Gateway_Ingress/11-TLS-PASSTHROUGH), or use a [TCP Forwarding](../../03-Gateway_Ingress/10-TCP-FORWARDING).
 
 ```shell
 curl 192.168.1.50/https-mTLS

10-mTLS_PeerAuthentication/02-portLevelMtls/README.md

@@ -312,7 +312,7 @@ listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
 
 ##### Curl
 
-Even tho, we have set in the [PeerAuthentication configuration](#peerauthentication) mode to `STRICT`, unlike in the [previous example](01-disable-mTLS/#https-1), where the mode was also set to `STRICT`, in this example we configured the `portLevelMtls` field for the port `443`, successfully disabling `mTLS` for this port, and allowing to proceed with the request towards the `HTTPS` backend; which was performed without the need of disabling `mTLS` for the whole deployment. 
+Even tho, we have set in the [PeerAuthentication configuration](#peerauthentication) mode to `STRICT`, unlike in the [previous example](../01-disable-mTLS/#https-1), where the mode was also set to `STRICT`, in this example we configured the `portLevelMtls` field for the port `443`, successfully disabling `mTLS` for this port, and allowing to proceed with the request towards the `HTTPS` backend; which was performed without the need of disabling `mTLS` for the whole deployment. 
 
 ```shell
 curl 192.168.1.50/https

10-mTLS_PeerAuthentication/06-mTLS/README.md

@@ -5,7 +5,7 @@ include_toc: true
 
 # Based on
 
-- [01-hello_world_1_service_1_deployment](../../01-Getting%20Started/01-hello_world_1_service_1_deployment)
+- [01-hello_world_1_service_1_deployment](../../01-Getting_Started/01-hello_world_1_service_1_deployment)
 
 ## Description
 
@@ -68,7 +68,7 @@ istioctl dashboard kiali
 
 ## Display services menu
 
-![Kiali menu, displaying 3 services. helloworld, byeworld and kubernetes](../src/06-kiali-services.png)
+![Kiali menu, displaying 3 services. helloworld, byeworld and kubernetes](src/06-kiali-services.png)
 
 > **Highlight:**\
 > On the column located at the right, we can notice a note saying `Missing Sidecar`
@@ -81,13 +81,13 @@ istioctl dashboard kiali
 
 On the service `byeworld` (reminder that it's pods had the Istio sidecar injection disabled), it displays the message `No mTLS`, meaning that mTLS (Mutual TLS between Istio sidecards) is not available.
 
-![byeworld displays the message `No mTLS`](../src/06-kiali-services-byeworld.png)
+![byeworld displays the message `No mTLS`](src/06-kiali-services-byeworld.png)
 
 ### Helloworld
 
 On the service `helloworld`, it displays the message `mTLS`
 
-![helloworld displays the message `mTLS`](../src/06-kiali-services-helloworld.png)
+![helloworld displays the message `mTLS`](src/06-kiali-services-helloworld.png)
 
 ## Test resources
 ### Curl / LB requests / requests from external traffic