idk some changes, managed to deploy a new LB

Istio/02-Traffic_management/06-mTLS/README.md

@@ -9,7 +9,9 @@ include_toc: true
 
 ## Description
 
-Nowadays, by default, Istio will have mTLS automatically enabled, allowing the Istio Sidecars to **automatically** negotiate the TLS traffic between them.encrypted
+Nowadays, by default, Istio will have mTLS automatically enabled, allowing the Istio Sidecars to **automatically** negotiate the TLS traffic between them.encrypted.
+
+More information about that topic in the [following documentation](https://istio.io/latest/docs/tasks/security/authentication/authn-policy/#auto-mutual-tls).
 
 To avoid this behavior, the pod requires to not have an Istio Sidecar set to that pod, for that reason on this example we set up 2 deployments, 1 with a sidecar, and a second without a sidecar.
 

Istio/02-Traffic_management/README.md

@@ -15,8 +15,15 @@ ALL NEEDS DOCUMENTATION
 
 
 
+minimum TLS version:
+https://istio.io/latest/docs/tasks/security/tls-configuration/workload-min-tls-version/
 
 
 Should try to do a double Virtual Service chain
 
-https://academy.tetrate.io/courses/take/istio-fundamentals/lessons/19068816-lab-2-observing-failure-injection
+https://academy.tetrate.io/courses/take/istio-fundamentals/lessons/19068816-lab-2-observing-failure-injection
+
+
+Circuit breaking
+
+https://istio.io/latest/docs/tasks/traffic-management/circuit-breaking/

Istio/06-Internal-Authentication/README.md

@@ -11,4 +11,6 @@
 - Audit / logs (should be the 3th)
 
 
-JWT seems important, refer to source.requestPrincipals
+JWT seems important, refer to source.requestPrincipals
+
+https://istio.io/latest/docs/tasks/security/authentication/

Istio/07-External-Authentication/README.md

@@ -0,0 +1,6 @@
+https://istio.io/latest/docs/tasks/security/authentication/
+
+
+External authorization system sounds cool
+
+https://istio.io/latest/docs/tasks/security/authorization/authz-custom/

Istio/__-cert-management/README.md

@@ -0,0 +1,9 @@
+https://istio.io/latest/docs/tasks/security/cert-management/
+
+https://istio.io/latest/docs/ops/integrations/certmanager/
+
+https://medium.com/@rd.petrusek/kubernetes-istio-cert-manager-and-lets-encrypt-c3e0822a3aaf
+
+https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/ (it's performed during the installation of Istio)
+
+https://istio.io/latest/docs/tasks/security/cert-management/custom-ca-k8s/ (developement)

Istio/__Ingress/01-namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: istio-ingress
+  labels:
+    istio-injection: "enabled"
+---

Istio/__Ingress/README.md

@@ -0,0 +1,23 @@
+https://istio.io/latest/docs/tasks/traffic-management/ingress/
+
+
+TLS
+https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/
+
+
+
+
+https://istio.io/latest/docs/setup/additional-setup/gateway/#deploying-a-gateway
+
+
+kubectl apply -f 01-namespace.yaml
+
+istioctl install -f ingress.yaml
+
+
+kubectl get all -A | grep myistio
+istio-ingress    pod/myistio-ingressgateway-5cdcd89cfb-s4fsz       1/1     Running   0              43s
+istio-ingress   service/myistio-ingressgateway   LoadBalancer   10.102.38.206    192.168.1.51   15021:30287/TCP,80:30979/TCP,443:31405/TCP   43s
+istio-ingress    deployment.apps/myistio-ingressgateway    1/1     1            1           44s
+istio-ingress    replicaset.apps/myistio-ingressgateway-5cdcd89cfb   1         1         1       44s
+istio-ingress   horizontalpodautoscaler.autoscaling/myistio-ingressgateway   Deployment/myistio-ingressgateway   <unknown>/80%   1         5         1          44s

Istio/cert-manager/README.md

@@ -1,5 +0,0 @@
-https://istio.io/latest/docs/tasks/security/cert-management/
-
-https://istio.io/latest/docs/ops/integrations/certmanager/
-
-https://medium.com/@rd.petrusek/kubernetes-istio-cert-manager-and-lets-encrypt-c3e0822a3aaf

Istio/tmp/README.md

@@ -0,0 +1 @@
+https://istio.io/latest/docs/tasks/traffic-management/locality-load-balancing/