Seems like I moved some files around (it's been a while)

Also have documented the ingress example regarding installing a Istio Ingress Gateway Load Balancer.

.placeholder/06-Envoy/01-envoy_add_headers/README.md

@@ -0,0 +1,42 @@
+https://github.com/istio/istio/wiki/EnvoyFilter-Samples
+
+https://stackoverflow.com/questions/73262158/how-to-apply-envoyfilter-to-sidecar-inbound-and-gateway
+
+
+https://istio.io/latest/docs/reference/config/networking/envoy-filter/
+
+https://discuss.istio.io/t/adding-custom-response-headers-using-istios-1-6-0-envoy-lua-filter/7494
+
+
+
+https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/lua_filter
+
+
+> kubectl logs -f deployments/istiod -n istio-system   
+
+
+
+This somewhat is monitoring, can do cool stuff I don't know how or what to do
+
+
+enable export access logs to stdout
+
+
+istioctl install --set profile=default -y --set meshConfig.accessLogFile=/dev/stdout
+
+
+
+https://istio.io/latest/docs/ops/diagnostic-tools/component-logging/
+
+
+
+
+https://dev.to/aws-builders/understanding-istio-access-logs-2k5o
+
+```yaml
+Note: Here I am using request_handle:logCritical method because default logLevel is WARN for Istio components. request_handle:logInfo can be used, if logLevel is set to Info.
+```
+
+https://youtu.be/yOtEG1luTwU
+
+

.placeholder/06-Envoy/01-envoy_add_headers/deployment.yaml

@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+#  annotations:
+#    sidecar.istio.io/componentLogLevel: info
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+      annotations:
+        sidecar.istio.io/componentLogLevel: lua:info
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80

.placeholder/06-Envoy/01-envoy_add_headers/envoy.yaml

@@ -0,0 +1,33 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: envoy-add-response-header
+  namespace: default
+spec:
+  priority:  30
+  workloadSelector:
+    labels:
+      app: helloworld
+  configPatches:
+    - applyTo: HTTP_FILTER
+      match:
+        context: SIDECAR_INBOUND
+        listener:
+          portNumber: 80
+          filterChain:
+            filter:
+              name: "envoy.filters.network.http_connection_manager"
+              subFilter:
+                name: "envoy.filters.http.router"
+      patch:
+        operation: INSERT_BEFORE
+        value:
+          name: envoy.lua
+          typed_config:
+            "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
+            inlineCode: |
+              function envoy_on_response(response_handle)
+                response_handle:headers():add("numbers", "lots of numbers")
+                response_handle:logInfo("Added header `numbers`")
+                response_handle:logInfo(">>>> Executed `envoy-add-response-header` <<<<")
+              end

.placeholder/06-Envoy/01-envoy_add_headers/envoy2.yaml

@@ -0,0 +1,38 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: envoy-add-response-header2
+  namespace: default
+spec:
+  priority:  40
+  workloadSelector:
+    labels:
+      app: helloworld
+  configPatches:
+    - applyTo: HTTP_FILTER
+      match:
+        context: SIDECAR_INBOUND
+        listener:
+          portNumber: 80
+          filterChain:
+            filter:
+              name: "envoy.filters.network.http_connection_manager"
+              subFilter:
+                name: "envoy.filters.http.router"
+      patch:
+        operation: INSERT_BEFORE
+        value:
+          name: envoy.lua
+          typed_config:
+            "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
+            inlineCode: |
+              function envoy_on_response(response_handle)
+                response_handle:headers():add("fruit", "watermelons")
+                response_handle:logCritical("Critical: Added header `fruit`")
+                response_handle:logErr("Error: Added header `fruit`")
+                response_handle:logWarn("Warning: Added header `fruit`")
+                response_handle:logInfo("Info: Added header `fruit`")
+                response_handle:logDebug("Debug: Added header `fruit`")
+                response_handle:logTrace("Trace: Added header `fruit`")
+                response_handle:logInfo(">>>> Executed `envoy-add-response-header2` <<<<")
+              end

.placeholder/06-Envoy/01-envoy_add_headers/gateway.yaml

@@ -0,0 +1,36 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"

.placeholder/06-Envoy/README.md

@@ -0,0 +1,6 @@
+https://youtu.be/yOtEG1luTwU
+
+
+Rate Limit:
+
+https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/

.placeholder/07-MeshConfig/01-Outboud-Traffic-Policy/README.md

@@ -0,0 +1,102 @@
+# Continues from
+
+- 05-hello_world_1_Service_Entry
+
+# Description
+
+On this example compares the behavior between setting up the MeshConfig `OutboundTrafficPolicy.mode` setting to `REGISTRY_ONLY` and `ALLOW_ANY`.
+
+- ALLOW_ANY: Allows all egress/outbound traffic from the mesh.
+
+- REGISTRY_ONLY: Restricted to services that figure in the service registry a and the ServiceEntry objects.
+
+More info regarding this configuration at the pertinent documentation (https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-OutboundTrafficPolicy-Mode)
+
+## Runthrough
+
+### Set ALLOW_ANY outbound traffic policy
+
+```shell
+istioctl install --set profile=default -y --set meshConfig.accessLogFile=/dev/stdout  --set meshConfig.outboundTrafficPolicy.mode=ALLOW_ANY
+```
+
+### Deploy resources
+
+```shell
+$ kubectl apply -f ./
+service/helloworld created
+deployment.apps/helloworld-nginx created
+serviceentry.networking.istio.io/external-svc created
+gateway.networking.istio.io/helloworld-gateway created
+virtualservice.networking.istio.io/helloworld-vs created
+```
+
+### Get LB IP
+
+```shell
+$ kubectl get svc istio-ingressgateway -n istio-system
+NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
+istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
+```
+
+### Test deployments
+
+```shell
+$ curl 192.168.1.50/helloworld -I
+HTTP/1.1 200 OK
+server: istio-envoy
+date: Thu, 20 Apr 2023 18:03:18 GMT
+content-type: text/html
+content-length: 615
+last-modified: Tue, 28 Mar 2023 15:01:54 GMT
+etag: "64230162-267"
+accept-ranges: bytes
+x-envoy-upstream-service-time: 73
+```
+
+```shell
+$ curl 192.168.1.50/external -I
+HTTP/1.1 200 OK
+date: Thu, 20 Apr 2023 18:03:24 GMT
+content-type: text/html
+content-length: 5186
+last-modified: Mon, 17 Mar 2014 17:25:03 GMT
+expires: Thu, 31 Dec 2037 23:55:55 GMT
+cache-control: max-age=315360000
+x-envoy-upstream-service-time: 228
+server: istio-envoy
+```
+
+
+### Test egress the helloworld deployment
+
+It returns a 301 code, meaning that it was able to reach the destination, and it was attempted to redirect the traffic from HTTP to HTTPS.
+
+```shell
+$ kubectl exec -i -t "$(kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}')" -- curl wikipedia.com -I
+HTTP/1.1 301 Moved Permanently
+server: envoy
+date: Thu, 20 Apr 2023 18:06:57 GMT
+content-type: text/html
+content-length: 169
+location: https://wikipedia.com/
+x-envoy-upstream-service-time: 65
+```
+
+### Set REGISTRY_ONLY outbound traffic policy
+
+```shell
+istioctl install --set profile=default -y --set meshConfig.accessLogFile=/dev/stdout  --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
+```
+
+### Test (again) egress the helloworld deployment
+
+It returns a 502 code, meaning that it wasn't able to reach the destination.
+
+```shell
+$ kubectl exec -i -t "$(kubectl get pod -l app=helloworld | tail -n 1 | awk '{print $1}')" -- curl wikipedia.com -I
+HTTP/1.1 502 Bad Gateway
+date: Thu, 20 Apr 2023 18:08:37 GMT
+server: envoy
+transfer-encoding: chunked
+```

.placeholder/07-MeshConfig/01-Outboud-Traffic-Policy/deployment.yaml

@@ -0,0 +1,57 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: helloworld
+  labels:
+    app: helloworld
+    service: helloworld
+spec:
+  ports:
+    - port: 80
+      name: http
+  selector:
+    app: helloworld
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld-nginx
+  labels:
+    app: helloworld
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+    spec:
+      containers:
+        - name: helloworld
+          image: nginx
+          resources:
+            requests:
+              cpu: "100m"
+          imagePullPolicy: IfNotPresent #Always
+          ports:
+            - containerPort: 80
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: external-svc
+spec:
+  hosts:
+    - help.websiteos.com
+    # /websiteos/example_of_a_simple_html_page.htm
+#    - http://help.websiteos.com/websiteos/example_of_a_simple_html_page.htm
+  ports:
+    - number: 80
+      name: http
+      protocol: HTTP
+  resolution: DNS
+  location: MESH_EXTERNAL
+---

.placeholder/07-MeshConfig/01-Outboud-Traffic-Policy/gateway.yaml

@@ -0,0 +1,52 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - match:
+        - uri:
+            exact: /helloworld
+      route:
+        - destination:
+            host: helloworld
+            port:
+              number: 80
+      rewrite:
+        uri: "/"
+
+    - timeout: 3s
+      match:
+        - uri:
+            exact: "/external"
+      route:
+        - destination:
+            host: help.websiteos.com
+            port:
+              number: 80
+      rewrite:
+        uri: "/websiteos/example_of_a_simple_html_page.htm"
+      headers:
+        request:
+          set:
+            HOST: "help.websiteos.com"

.placeholder/07-MeshConfig/README.md

@@ -0,0 +1,10 @@
+
+# Examples
+
+- 01-Outboud-Traffic-Policy
+
+
+
+## Additional
+
+https://istio.io/latest/docs/tasks/observability/distributed-tracing/mesh-and-proxy-config/