ofilter/Istio_Examples
1
0
Fork 0
Code Issues 26 Pull Requests Packages Projects 1 Releases Wiki Activity

Compare commits

base: ofilter:747c3f11715f1675101fc87326d3682ddce51d44
Branches Tags
ofilter:main
ofilter:dev
...
compare: ofilter:703d380bcabb12983b29a5c120061bca84839ca3
Branches Tags
ofilter:main
ofilter:dev

3 Commits
747c3f1171 ... 703d380bca

Author SHA1 Message Date
savagebidoof
703d380bca added a final dot... 2023-05-15 15:36:08 +02:00
savagebidoof
4681d98ae7 fixed markdown checkboxes 2023-05-15 15:36:00 +02:00
savagebidoof
88e71e8c5b Quality improvements. 2023-05-15 15:28:37 +02:00
3 changed files with 43 additions and 110 deletions
Show Stats Expand all files Collapse all files

3
02-Traffic_management/README.md
View File

@ -1 +1,2 @@
This gloves the resources `Virtual Service` and `Destination Rule`
This gloves the resources `Virtual Service` and `Destination Rule`.

60
05-Sidecar/02-egress-proxy/README.md
View File

@ -288,21 +288,21 @@ foo helloworld-foo 1/1 1 1 10s
Reminder of the **egress** criteria that has been configured to be met:
[ ] Port `80`.
- [ ] Port `80`.
[ ] `HTTP` protocol.
- [ ] `HTTP` protocol.
[ ] Namespace destination `foo`.
- [ ] Namespace destination `foo`.
#### Curl helloworld.foo.svc.cluster.local:80
On this scenario we meet the following criteria:
[x] Port `80`.
- [x] Port `80`.
[x] `HTTP` protocol.
- [x] `HTTP` protocol.
[x] Namespace destination `foo`.
- [x] Namespace destination `foo`.
```shell
NAMESPACE="default" && kubectl exec -n ${NAMESPACE} "$(kubectl get pod -n ${NAMESPACE} -l app=helloworld -o jsonpath={.items..metadata.name})" -- curl helloworld.foo.svc.cluster.local:80 -sI
@ -326,11 +326,11 @@ x-envoy-upstream-service-time: 10
#### Curl helloworld.foo.svc.cluster.local:8080
[ ] Port `80`.
- [ ] Port `80`.
[x] `HTTP` protocol.
- [x] `HTTP` protocol.
[x] Namespace destination `foo`.
- [x] Namespace destination `foo`.
```shell
@ -375,11 +375,11 @@ For such, instead the is sent towards `BlackHoleCluster`.
#### Curl helloworld.default.svc.cluster.local:80
[x] Port `80`.
- [x] Port `80`.
[x] `HTTP` protocol.
- [x] `HTTP` protocol.
[ ] Namespace destination `foo`.
- [ ] Namespace destination `foo`.
```shell
@ -432,11 +432,11 @@ For such it raises a `direct response` with status code `502`, as the `istio-pro
#### Curl helloworld.default.svc.cluster.local:8080
[x] Port `8080`.
- [x] Port `8080`.
[x] `HTTP` protocol.
- [x] `HTTP` protocol.
[ ] Namespace destination `foo`.
- [ ] Namespace destination `foo`.
```shell
@ -479,11 +479,11 @@ We can see, how the `istio-proxy` container, from the `helloworld` POD, in the n
Reminder of the **egress** criteria that has been configured to be met:
[ ] Port `8080`.
- [ ] Port `8080`.
[ ] `HTTP` protocol.
- [ ] `HTTP` protocol.
[ ] Namespace destination `foo` or `default`.
- [ ] Namespace destination `foo` or `default`.
@ -492,11 +492,11 @@ Reminder of the **egress** criteria that has been configured to be met:
On this scenario we meet the following criteria:
[ ] Port `8080`.
- [ ] Port `8080`.
[x] `HTTP` protocol.
- [x] `HTTP` protocol.
[x] Namespace destination `foo` or `default`.
- [x] Namespace destination `foo` or `default`.
```shell
NAMESPACE="foo" && kubectl exec -n ${NAMESPACE} "$(kubectl get pod -n ${NAMESPACE} -l app=helloworld -o jsonpath={.items..metadata.name})" -- curl helloworld.foo.svc.cluster.local:80 -sI
@ -538,11 +538,11 @@ We can see, how the `istio-proxy` container, from the `helloworld` POD, in the n
On this scenario we meet the following criteria:
[x] Port `8080`.
- [x] Port `8080`.
[x] `HTTP` protocol.
- [x] `HTTP` protocol.
[x] Namespace destination `foo` or `default`.
- [x] Namespace destination `foo` or `default`.
```shell
NAMESPACE="foo" && kubectl exec -n ${NAMESPACE} "$(kubectl get pod -n ${NAMESPACE} -l app=helloworld -o jsonpath={.items..metadata.name})" -- curl helloworld.foo.svc.cluster.local:8080 -sI
@ -568,11 +568,11 @@ x-envoy-upstream-service-time: 77
On this scenario we meet the following criteria:
[ ] Port `8080`.
- [ ] Port `8080`.
[x] `HTTP` protocol.
- [x] `HTTP` protocol.
[x] Namespace destination `foo` or `default`.
- [x] Namespace destination `foo` or `default`.
```shell
NAMESPACE="foo" && kubectl exec -n ${NAMESPACE} "$(kubectl get pod -n ${NAMESPACE} -l app=helloworld -o jsonpath={.items..metadata.name})" -- curl helloworld.default.svc.cluster.local:80 -sI
@ -612,11 +612,11 @@ We can see, how the `istio-proxy` container, from the `helloworld` POD, in the n
On this scenario we meet the following criteria:
[x] Port `8080`.
- [x] Port `8080`.
[x] `HTTP` protocol.
- [x] `HTTP` protocol.
[x] Namespace destination `foo` or `default`.
- [x] Namespace destination `foo` or `default`.
```shell
NAMESPACE="foo" && kubectl exec -n ${NAMESPACE} "$(kubectl get pod -n ${NAMESPACE} -l app=helloworld -o jsonpath={.items..metadata.name})" -- curl helloworld.default.svc.cluster.local:8080 -sI

90
README.md
View File

@ -1,92 +1,20 @@
# Disclaimer:
I have absolutely used as a reference and or template other party configurations/files.
I have absolutely used as a reference and/or template other parties configurations/files as well of documentations and examples.
I have tried to reference as much as possible as long it's relevant/useful for the reader.
Refer to the specific `README.md` in each example for more information, as the documentation is still in progress.
As per the moment, most of the examples are located in 02-Traffic_management.
Currently, the resources are under a relocation and the folders might contain things that don't _really match the topic_.
# Stuff
## Directories
```text
├── 00-Troubleshooting
├── 01-Getting_Started
│   ├── 01-hello_world_1_service_1_deployment
│   ├── 02-hello_world_1_service_2_deployments_unmanaged
│   ├── 03-hello_world_1_service_2_deployments_managed_version
│   └── 04-hello_world_1_service_2_deployments_managed_version_foo_namespace
├── 02-Traffic_management
│   ├── 01-2_deployments_method
│   ├── 02-DirectResponse-HTTP-Body
│   ├── 03-HTTPRewrite
│   ├── 04-HTTPRedirect
│   ├── 05a-FaultInjection-delay
│   ├── 05b-FaultInjection-abort
│   ├── 05-hello_world_1_Service_Entry
│   ├── 06-hello_world_1_HTTPS-Service_Entry
│   │   └── src
│   ├── 06-mTLS
│   ├── 07-HTTPS-Gateway-Simple-TLS
│   ├── 08a-HTTPS-min-TLS-version
│   ├── 08b-HTTPS-max-TLS-version
│   ├── 09-HTTPS-backend
│   ├── 10-TCP-FORWARDING
│   ├── 11-TLS-PASSTHROUGH
│   ├── 12-HTTP-to-HTTPS-traffic-redirect
│   └── src
├── 03-Sidecar
│   └── 01-ingress-proxy-forwarding
├── 04-Envoy
│   └── 01-envoy_add_headers
├── 05-MeshConfig
│   └── 01-Outboud-Traffic-Policy
├── 06-AuthorizationPolicy
│   ├── 01-target-namespaces
│   ├── 02-target-service-accounts
│   └── 03-target-deployments
├── 09-Ingress
│   └── 01-Create-Istio-LoadBalancer
├── 10-PeerAuthentication
│   ├── 01-disable-mTLS
│   └── 02-portLevelMtls
├── 99-resources
│   └── HTTPS-NGINX-DOCKERFILE
└── XX-CirtcuitBreaking
```
## Glossary
# Glossary
https://istio.io/latest/docs/reference/glossary/
## Workload
https://istio.io/latest/docs/reference/glossary/#workload
https://kiali.io/docs/architecture/terminology/concepts/#workload
https://istio.io/latest/docs/ops/deployment/vm-architecture/
## Sidecar
https://kubebyexample.com/learning-paths/istio/intro
# Notes for myself
Internal and external authentication should be set together.
https://istio.io/latest/docs/ops/diagnostic-tools/proxy-cmd/
https://istio.io/latest/docs/ops/deployment/deployment-models/
## Services port names
@ -106,12 +34,16 @@ https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selec
# Workload selector is cool
- https://istio.io/latest/docs/reference/config/type/workload-selector/#WorkloadSelector
# Links of interest
- https://istio.io/latest/docs/
- https://istiobyexample.dev/
- https://www.istioworkshop.io/
- https://www.istioworkshop.io/
- https://istio.io/latest/news/
- https://istio.io/latest/blog/
- https://istio.io/latest/about/ecosystem/