diff --git a/Istio/istio-classic/README.md b/Istio/istio-classic/README.md
index 0d1a212..50fa73b 100644
--- a/Istio/istio-classic/README.md
+++ b/Istio/istio-classic/README.md
@@ -12,5 +12,5 @@ https://istio.io/latest/docs/ops/diagnostic-tools/proxy-cmd/
-
+Using service accounts
diff --git a/Istio/sidecar/01-ingress-proxy-forwarding/README.md b/Istio/sidecar/01-ingress-proxy-forwarding/README.md
new file mode 100644
index 0000000..2ea94af
--- /dev/null
+++ b/Istio/sidecar/01-ingress-proxy-forwarding/README.md
@@ -0,0 +1,108 @@
+
+
+
+
+# Continues from
+
+- 01-hello_world_1_service_1_deployment
+
+
+
+
+
+---
+
+## Files
+
+- deployment.yaml
+- gateway.yaml
+- sidecar.yaml
+
+> Added the `sidecar.yaml` file.
+
+## deployment.yaml
+
+### Creates
+
+#### Service
+
+- helloworld
+
+#### Deployments
+
+- helloworld-nginx (Nginx container)
+
+## gateway.yaml
+
+### Creates
+
+#### Gateway
+
+##### helloworld-gateway
+
+###### Configuration
+
+```yml
+port: 80
+istio-ingress: ingressgateway
+hosts: "*"
+```
+
+#### VirtualService
+
+##### helloworld-vs
+
+###### Configuration
+
+
+
+```yaml
+hosts: "*"
+uri: "/helloworld"
+rewrite:
+ uri: "/"
+```
+- Allows the traffic from that have any domain.
+
+- Only allows traffic that has as a destination the directory/path `/helloworld`.
+
+- `rewrite.uri` allows to redirect the traffic towards the root directory of the service, as the service(s) used don't have any directory named `helloworld` but are configured to work at the root base level.
+
+# Run example
+
+## Deploy resources
+
+```shell
+$ kubectl apply -f ./
+service/helloworld created
+deployment.apps/helloworld-nginx created
+gateway.networking.istio.io/helloworld-gateway created
+virtualservice.networking.istio.io/helloworld-vs created
+```
+
+## Wait for the pods to be ready
+
+(I think it deploys 2 pods as there is the Envoy Proxy pod besides the Nginx deployment)
+
+```shell
+$ kubectl get deployment helloworld-nginx -w
+NAME READY UP-TO-DATE AVAILABLE AGE
+helloworld-nginx 1/1 1 1 44s
+```
+
+## Test the service
+
+### Get LB IP
+
+```shell
+$ kubectl get svc istio-ingressgateway -n istio-system
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+istio-ingressgateway LoadBalancer 10.97.47.216 192.168.1.50 15021:31316/TCP,80:32012/TCP,443:32486/TCP 39h
+```
+
+### Curl
+
+```shell
+$ curl 192.168.1.50/helloworld -s | grep ".*" ✔
+Welcome to nginx!
+```
\ No newline at end of file
diff --git a/Istio/sidecar/01-ingress-proxy-forwarding/deployment.yaml b/Istio/sidecar/01-ingress-proxy-forwarding/deployment.yaml
new file mode 100644
index 0000000..8c16538
--- /dev/null
+++ b/Istio/sidecar/01-ingress-proxy-forwarding/deployment.yaml
@@ -0,0 +1,44 @@
+## https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: helloworld-service
+ labels:
+ app: helloworld
+ service: helloworld
+# namespace: visiblent
+spec:
+ ports:
+ - port: 8080
+ name: http
+ selector:
+ app: helloworld
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: helloworld-nginx
+ labels:
+ app: helloworld
+# namespace: visiblent
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: helloworld
+ template:
+ metadata:
+ labels:
+ app: helloworld
+# namespace: visiblent
+ spec:
+# serviceAccountName: istio-helloworld
+ containers:
+ - name: helloworld
+ image: nginx
+ resources:
+ requests:
+ cpu: "100m"
+ imagePullPolicy: IfNotPresent #Always
+ ports:
+ - containerPort: 80
diff --git a/Istio/sidecar/01-ingress-proxy-forwarding/gateway.yaml b/Istio/sidecar/01-ingress-proxy-forwarding/gateway.yaml
new file mode 100644
index 0000000..6206265
--- /dev/null
+++ b/Istio/sidecar/01-ingress-proxy-forwarding/gateway.yaml
@@ -0,0 +1,64 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+ name: helloworld-gateway
+spec:
+ selector:
+ istio: ingressgateway # use istio default controller
+ servers:
+ - port:
+ number: 80
+ name: http
+ protocol: HTTP
+ hosts:
+ - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: helloworld-vs
+spec:
+ hosts:
+ - "*"
+ gateways:
+ - helloworld-gateway
+ http:
+ - match:
+ - uri:
+ exact: /helloworld
+ route:
+ - destination:
+ host: helliworld
+# host: helloworlddo
+# host: helloworld-nginx-56c5c77cd7-9mxmf.visiblent
+ port:
+ number: 8080
+ rewrite:
+ uri: "/"
+---
+#apiVersion: networking.istio.io/v1alpha3
+#kind: VirtualService
+#metadata:
+# name: helloworld-vs
+#spec:
+# hosts:
+# - "*"
+# gateways:
+# - helloworld-gateway
+# http:
+# - timeout: 3s
+# match:
+# - uri:
+# - exact: "/external"
+# route:
+# - destination:
+# host: help.websiteos.com
+# port:
+# number: 80
+# rewrite:
+# uri: "/websiteos/example_of_a_simple_html_page.htm"
+# headers:
+# request:
+# set:
+# HOST: "help.websiteos.com"
\ No newline at end of file
diff --git a/Istio/sidecar/01-ingress-proxy-forwarding/sidecar.yaml b/Istio/sidecar/01-ingress-proxy-forwarding/sidecar.yaml
new file mode 100644
index 0000000..7ce4d69
--- /dev/null
+++ b/Istio/sidecar/01-ingress-proxy-forwarding/sidecar.yaml
@@ -0,0 +1,48 @@
+## First we overide the default configuration.
+# This configures the egress, to only allow egress within the same namespace, and to `istio-system`
+#apiVersion: networking.istio.io/v1beta1
+#kind: Sidecar
+#metadata:
+# name: default
+# namespace: istio-config
+#spec:
+# egress:
+# - hosts:
+# - "./*"
+# - "istio-system/*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Sidecar
+metadata:
+ name: helloworlddo
+# name: helloworld-sidecar
+# namespace: visiblent
+spec:
+ workloadSelector:
+ labels:
+ app: helloworld
+ ingress:
+# - bind: 192.168.1.50
+# - bind: 172.17.121.220
+ - port:
+ number: 8080
+ protocol: HTTP
+ name: ingressport
+ defaultEndpoint: 127.0.0.1:80
+# defaultEndpoint: unix:///var/run/someuds.sock
+# captureMode: DEFAULT
+# egress:
+# - port:
+# number: 80
+# protocol: HTTP
+# name: egressport
+# hosts:
+# - "prod-us1/*"
+# - hosts:
+# - "istio-system/*"
+# egress:
+# hosts:
+# - "./*"
+# - "istio-system/*"
+# captureMode: DEFAULT
+
diff --git a/Istio/sidecar/01-visibility/README.md b/Istio/sidecar/01-visibility/README.md
deleted file mode 100644
index 24129d7..0000000
--- a/Istio/sidecar/01-visibility/README.md
+++ /dev/null
@@ -1,27 +0,0 @@
-https://github.com/steren/istio.github.io/blob/master/_docs/setup/kubernetes/sidecar-injection.md
-
-https://istio.io/latest/docs/reference/config/networking/sidecar/
-
-
-# Continues from
-
-- 01-hello_world_1_service_1_deployment
-
-
-
-the labbel `workloadSelector` only affects the pods.
-
-```yaml
- workloadSelector:
-```
-
-
-
-
-```sh
-kubectl create namespace istio-config
-```
-
-
-
-No fucking clue on how to make it NOT work.
diff --git a/Istio/sidecar/01-visibility/gateway.yaml b/Istio/sidecar/01-visibility/gateway.yaml
deleted file mode 100644
index ea57ed8..0000000
--- a/Istio/sidecar/01-visibility/gateway.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
-apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
- name: helloworld-gateway
-spec:
- selector:
- istio: ingressgateway # use istio default controller
- servers:
- - port:
- number: 80
- name: http
- protocol: HTTP
- hosts:
- - "*"
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
- name: helloworld-vs
-spec:
- hosts:
- - "*"
- gateways:
- - helloworld-gateway
- http:
- - match:
- - uri:
- exact: /helloworld
- route:
- - destination:
- host: helloworld.visiblent.svc.cluster.local
- port:
- number: 80
- rewrite:
- uri: "/"
\ No newline at end of file
diff --git a/Istio/sidecar/01-visibility/sidecar.yaml b/Istio/sidecar/01-visibility/sidecar.yaml
deleted file mode 100644
index 7faeb95..0000000
--- a/Istio/sidecar/01-visibility/sidecar.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-## First we overide the default configuration.
-# This configures the egress, to only allow egress within the same namespace, and to `istio-system`
-apiVersion: networking.istio.io/v1beta1
-kind: Sidecar
-metadata:
- name: default
- namespace: istio-config
-spec:
- egress:
- - hosts:
- - "./*"
-# - "istio-system/*"
----
-apiVersion: networking.istio.io/v1beta1
-kind: Sidecar
-metadata:
- name: default
- namespace: visiblent
-spec:
- egress:
- - hosts:
- - "visiblent/*"
- - "istio-system/*"
diff --git a/Istio/sidecar/01-visibility/tmp.yaml b/Istio/sidecar/01-visibility/tmp.yaml
deleted file mode 100644
index 7c95865..0000000
--- a/Istio/sidecar/01-visibility/tmp.yaml
+++ /dev/null
@@ -1,235 +0,0 @@
-## https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
-#apiVersion: v1
-#kind: Service
-#metadata:
-# name: helloworld
-# labels:
-# app: helloworld
-# service: helloworld
-#spec:
-# ports:
-# - port: 80
-# name: http
-# selector:
-# app: helloworld
-#---
-##apiVersion: v1
-##kind: ServiceAccount
-##metadata:
-## name: istio-helloworld
-## labels:
-## account:
-#---
-#apiVersion: apps/v1
-#kind: Deployment
-#metadata:
-# creationTimestamp: null
-# labels:
-# app: helloworld
-# name: helloworld-nginx
-#spec:
-# replicas: 1
-# selector:
-# matchLabels:
-# app: helloworld
-# strategy: {}
-# template:
-# metadata:
-# annotations:
-# kubectl.kubernetes.io/default-container: helloworld
-# kubectl.kubernetes.io/default-logs-container: helloworld
-# prometheus.io/path: /stats/prometheus
-# prometheus.io/port: "15020"
-# prometheus.io/scrape: "true"
-# sidecar.istio.io/status: '{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["workload-socket","credential-socket","workload-certs","istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null,"revision":"default"}'
-# creationTimestamp: null
-# labels:
-# app: helloworld
-# security.istio.io/tlsMode: istio
-# service.istio.io/canonical-name: helloworld
-# service.istio.io/canonical-revision: latest
-# spec:
-# containers:
-# - image: nginx
-# imagePullPolicy: IfNotPresent
-# name: helloworld
-# ports:
-# - containerPort: 80
-# resources:
-# requests:
-# cpu: 100m
-# - args:
-# - proxy
-# - sidecar
-# - --domain
-# - $(POD_NAMESPACE).svc.cluster.local
-# - --proxyLogLevel=warning
-# - --proxyComponentLogLevel=misc:error
-# - --log_output_level=default:info
-# - --concurrency
-# - "2"
-# env:
-# - name: JWT_POLICY
-# value: third-party-jwt
-# - name: PILOT_CERT_PROVIDER
-# value: istiod
-# - name: CA_ADDR
-# value: istiod.istio-system.svc:15012
-# - name: POD_NAME
-# valueFrom:
-# fieldRef:
-# fieldPath: metadata.name
-# - name: POD_NAMESPACE
-# valueFrom:
-# fieldRef:
-# fieldPath: metadata.namespace
-# - name: INSTANCE_IP
-# valueFrom:
-# fieldRef:
-# fieldPath: status.podIP
-# - name: SERVICE_ACCOUNT
-# valueFrom:
-# fieldRef:
-# fieldPath: spec.serviceAccountName
-# - name: HOST_IP
-# valueFrom:
-# fieldRef:
-# fieldPath: status.hostIP
-# - name: PROXY_CONFIG
-# value: |
-# {}
-# - name: ISTIO_META_POD_PORTS
-# value: |-
-# [
-# {"containerPort":80}
-# ]
-# - name: ISTIO_META_APP_CONTAINERS
-# value: helloworld
-# - name: ISTIO_META_CLUSTER_ID
-# value: Kubernetes
-# - name: ISTIO_META_INTERCEPTION_MODE
-# value: REDIRECT
-# - name: ISTIO_META_MESH_ID
-# value: cluster.local
-# - name: TRUST_DOMAIN
-# value: cluster.local
-# image: istio/proxyv2:1.16.1
-# name: istio-proxy
-# ports:
-# - containerPort: 15090
-# name: http-envoy-prom
-# protocol: TCP
-# readinessProbe:
-# failureThreshold: 30
-# httpGet:
-# path: /healthz/ready
-# port: 15021
-# initialDelaySeconds: 1
-# periodSeconds: 2
-# timeoutSeconds: 3
-# resources:
-# limits:
-# cpu: "2"
-# memory: 1Gi
-# requests:
-# cpu: 100m
-# memory: 128Mi
-# securityContext:
-# allowPrivilegeEscalation: false
-# capabilities:
-# drop:
-# - ALL
-# privileged: false
-# readOnlyRootFilesystem: true
-# runAsGroup: 1337
-# runAsNonRoot: true
-# runAsUser: 1337
-# volumeMounts:
-# - mountPath: /var/run/secrets/workload-spiffe-uds
-# name: workload-socket
-# - mountPath: /var/run/secrets/credential-uds
-# name: credential-socket
-# - mountPath: /var/run/secrets/workload-spiffe-credentials
-# name: workload-certs
-# - mountPath: /var/run/secrets/istio
-# name: istiod-ca-cert
-# - mountPath: /var/lib/istio/data
-# name: istio-data
-# - mountPath: /etc/istio/proxy
-# name: istio-envoy
-# - mountPath: /var/run/secrets/tokens
-# name: istio-token
-# - mountPath: /etc/istio/pod
-# name: istio-podinfo
-# initContainers:
-# - args:
-# - istio-iptables
-# - -p
-# - "15001"
-# - -z
-# - "15006"
-# - -u
-# - "1337"
-# - -m
-# - REDIRECT
-# - -i
-# - '*'
-# - -x
-# - ""
-# - -b
-# - '*'
-# - -d
-# - 15090,15021,15020
-# - --log_output_level=default:info
-# image: istio/proxyv2:1.16.1
-# name: istio-init
-# resources:
-# limits:
-# cpu: "2"
-# memory: 1Gi
-# requests:
-# cpu: 100m
-# memory: 128Mi
-# securityContext:
-# allowPrivilegeEscalation: false
-# capabilities:
-# add:
-# - NET_ADMIN
-# - NET_RAW
-# drop:
-# - ALL
-# privileged: false
-# readOnlyRootFilesystem: false
-# runAsGroup: 0
-# runAsNonRoot: false
-# runAsUser: 0
-# volumes:
-# - name: workload-socket
-# - name: credential-socket
-# - name: workload-certs
-# - emptyDir:
-# medium: Memory
-# name: istio-envoy
-# - emptyDir: {}
-# name: istio-data
-# - downwardAPI:
-# items:
-# - fieldRef:
-# fieldPath: metadata.labels
-# path: labels
-# - fieldRef:
-# fieldPath: metadata.annotations
-# path: annotations
-# name: istio-podinfo
-# - name: istio-token
-# projected:
-# sources:
-# - serviceAccountToken:
-# audience: istio-ca
-# expirationSeconds: 43200
-# path: istio-token
-# - configMap:
-# name: istio-ca-root-cert
-# name: istiod-ca-cert
-#status: {}
-#---
diff --git a/Istio/sidecar/README.md b/Istio/sidecar/README.md
index 156694b..28b6d63 100644
--- a/Istio/sidecar/README.md
+++ b/Istio/sidecar/README.md
@@ -8,6 +8,8 @@ I am not very sure on how or why to use this...
+NOT HOW TO TRIGGER / UNTRIGGER IT
+
```yaml
apiVersion:
networking.istio.io/v1alpha3
@@ -20,4 +22,66 @@ spec:
- hosts:
- "./*"
- "istio-system/*"
-```
\ No newline at end of file
+```
+
+
+
+whats this again??
+
+istio operator right? ye, but what is it again? I think I checked this time ago when doing something about creating a new ingress
+
+
+kubectl get io -A
+
+
+2023-04-17T00:08:00.086475Z info validationController Not ready to switch validation to fail-closed: dummy invalid config not rejected
+
+
+2023-04-17T00:08:04.012630Z info validationServer configuration is invalid: gateway must have at least one server
+
+
+
+
+kubectl logs -f deployments/istiod -n istio-system
+
+https://istio.io/latest/docs/reference/config/networking/sidecar/
+
+
+
+
+ egress:
+ - port:
+ number: 8080
+ protocol: HTTP
+ hosts:
+ - "staging/*"
+
+
+
+With the YAML above, the sidecar proxies the traffic that’s bound for port 8080 for services running in the staging namespace.
+
+
+
+
+
+
+
+
+- Confirm pod ingress port forwarding
+
+- Confirm it can reach other places / namespaces / resources (pod egress)
+
+- mtls (somehow)
+
+
+# Ingress
+
+Does stuff
+
+# Egress
+
+What is "bind"
+
+# CaptureMode
+
+Not my problem rn
\ No newline at end of file
diff --git a/Istio/sidecar/01-visibility/01-namespace.yaml b/Istio/sidecar/placeholder/01-namespace.yaml
similarity index 92%
rename from Istio/sidecar/01-visibility/01-namespace.yaml
rename to Istio/sidecar/placeholder/01-namespace.yaml
index e63c0e0..625c1cd 100644
--- a/Istio/sidecar/01-visibility/01-namespace.yaml
+++ b/Istio/sidecar/placeholder/01-namespace.yaml
@@ -5,4 +5,5 @@ metadata:
labels:
# istio-injection: "false"
istio-injection: "enabled"
+ f: "3"
---
\ No newline at end of file
diff --git a/Istio/sidecar/placeholder/README.md b/Istio/sidecar/placeholder/README.md
new file mode 100644
index 0000000..8f520e8
--- /dev/null
+++ b/Istio/sidecar/placeholder/README.md
@@ -0,0 +1,66 @@
+https://github.com/steren/istio.github.io/blob/master/_docs/setup/kubernetes/sidecar-injection.md
+
+https://istio.io/latest/docs/reference/config/networking/sidecar/
+
+
+# Continues from
+
+- 01-hello_world_1_service_1_deployment
+
+
+
+the labbel `workloadSelector` only affects the pods.
+
+```yaml
+ workloadSelector:
+```
+
+
+whats this command again?
+
+
+istioctl operator init
+
+
+https://istio.io/latest/docs/ops/common-problems/injection/
+
+
+```sh
+kubectl create namespace istio-config
+```
+
+
+
+No fucking clue on how to make it NOT work.
+
+
+
+https://istio.io/latest/blog/2021/discovery-selectors/#discovery-selectors-vs-sidecar-resource
+
+
+
+https://istio.io/latest/docs/reference/config/networking/sidecar/
+
+# Sidecar notes
+
+Sidecar describes the configuration of the sidecar proxy that mediates inbound and outbound communication to the
+workload instance it is attached to.
+
+By default, Istio will program all sidecar proxies in the mesh with the necessary
+configuration required to reach every workload instance in the mesh, as well as accept traffic on all the ports associated
+with the workload.
+
+The Sidecar configuration provides a way to fine tune the set of ports, protocols that the proxy will
+accept when forwarding traffic to and from the workload. In addition, it is possible to restrict the set of services that
+the proxy can reach when forwarding outbound traffic from workload instances.
+
+
+
+
+The behavior of the system is undefined if two or more Sidecar configurations with a workloadSelector select the same workload instance.
+
+
+
+https://youtu.be/lnYTqNfyzNk
+
+https://www.youtube.com/watch?v=UJ86BNQEcTA
diff --git a/Istio/sidecar/placeholder/deployment-SE.yaml b/Istio/sidecar/placeholder/deployment-SE.yaml
new file mode 100644
index 0000000..6eb148c
--- /dev/null
+++ b/Istio/sidecar/placeholder/deployment-SE.yaml
@@ -0,0 +1,19 @@
+## https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+#---
+#apiVersion: networking.istio.io/v1alpha3
+#kind: ServiceEntry
+#metadata:
+# name: external-svc
+# namespace: visiblent
+#spec:
+# hosts:
+# - help.websiteos.com
+# # /websiteos/example_of_a_simple_html_page.htm
+## - http://help.websiteos.com/websiteos/example_of_a_simple_html_page.htm
+# ports:
+# - number: 80
+# name: http
+# protocol: HTTP
+# resolution: DNS
+# location: MESH_EXTERNAL
+#---
\ No newline at end of file
diff --git a/Istio/sidecar/01-visibility/deployment.yaml b/Istio/sidecar/placeholder/deployment.yaml
similarity index 79%
rename from Istio/sidecar/01-visibility/deployment.yaml
rename to Istio/sidecar/placeholder/deployment.yaml
index da44c94..16de6e5 100644
--- a/Istio/sidecar/01-visibility/deployment.yaml
+++ b/Istio/sidecar/placeholder/deployment.yaml
@@ -1,19 +1,19 @@
-# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+## https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
apiVersion: v1
kind: Service
metadata:
- name: helloworld
+ name: helliworld
labels:
app: helloworld
service: helloworld
- namespace: visiblent
+# namespace: visiblent
spec:
ports:
- - port: 80
+ - port: 8080
name: http
selector:
app: helloworld
----
+#---
#apiVersion: v1
#kind: ServiceAccount
#metadata:
@@ -27,7 +27,7 @@ metadata:
name: helloworld-nginx
labels:
app: helloworld
- namespace: visiblent
+# namespace: visiblent
spec:
replicas: 1
selector:
@@ -37,7 +37,7 @@ spec:
metadata:
labels:
app: helloworld
- namespace: visiblent
+# namespace: visiblent
spec:
# serviceAccountName: istio-helloworld
containers:
diff --git a/Istio/sidecar/placeholder/gateway.yaml b/Istio/sidecar/placeholder/gateway.yaml
new file mode 100644
index 0000000..6206265
--- /dev/null
+++ b/Istio/sidecar/placeholder/gateway.yaml
@@ -0,0 +1,64 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+ name: helloworld-gateway
+spec:
+ selector:
+ istio: ingressgateway # use istio default controller
+ servers:
+ - port:
+ number: 80
+ name: http
+ protocol: HTTP
+ hosts:
+ - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: helloworld-vs
+spec:
+ hosts:
+ - "*"
+ gateways:
+ - helloworld-gateway
+ http:
+ - match:
+ - uri:
+ exact: /helloworld
+ route:
+ - destination:
+ host: helliworld
+# host: helloworlddo
+# host: helloworld-nginx-56c5c77cd7-9mxmf.visiblent
+ port:
+ number: 8080
+ rewrite:
+ uri: "/"
+---
+#apiVersion: networking.istio.io/v1alpha3
+#kind: VirtualService
+#metadata:
+# name: helloworld-vs
+#spec:
+# hosts:
+# - "*"
+# gateways:
+# - helloworld-gateway
+# http:
+# - timeout: 3s
+# match:
+# - uri:
+# - exact: "/external"
+# route:
+# - destination:
+# host: help.websiteos.com
+# port:
+# number: 80
+# rewrite:
+# uri: "/websiteos/example_of_a_simple_html_page.htm"
+# headers:
+# request:
+# set:
+# HOST: "help.websiteos.com"
\ No newline at end of file
diff --git a/Istio/sidecar/placeholder/sidecar.yaml b/Istio/sidecar/placeholder/sidecar.yaml
new file mode 100644
index 0000000..594f2c9
--- /dev/null
+++ b/Istio/sidecar/placeholder/sidecar.yaml
@@ -0,0 +1,47 @@
+## First we overide the default configuration.
+# This configures the egress, to only allow egress within the same namespace, and to `istio-system`
+apiVersion: networking.istio.io/v1beta1
+kind: Sidecar
+metadata:
+ name: default
+ namespace: istio-config
+spec:
+ egress:
+ - hosts:
+ - "./*"
+ - "istio-system/*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Sidecar
+metadata:
+ name: helloworlddo
+# namespace: visiblent
+spec:
+ workloadSelector:
+ labels:
+ app: helloworld
+ ingress:
+# - bind: 192.168.1.50
+# - bind: 172.17.121.220
+ - port:
+ number: 8080
+ protocol: HTTP
+ name: ingressport
+ defaultEndpoint: 127.0.0.1:80
+# defaultEndpoint: unix:///var/run/someuds.sock
+# captureMode: DEFAULT
+# egress:
+# - port:
+# number: 80
+# protocol: HTTP
+# name: egressport
+# hosts:
+# - "prod-us1/*"
+# - hosts:
+# - "istio-system/*"
+# egress:
+# hosts:
+# - "./*"
+# - "istio-system/*"
+# captureMode: DEFAULT
+
diff --git a/Istio/sidecar/placeholder/tmp.yaml b/Istio/sidecar/placeholder/tmp.yaml
new file mode 100644
index 0000000..db3a681
--- /dev/null
+++ b/Istio/sidecar/placeholder/tmp.yaml
@@ -0,0 +1,23 @@
+#apiVersion:
+# networking.istio.io/v1alpha3
+#kind: Sidecar
+#metadata:
+# name: default
+# namespace: default
+#spec:
+# egress:
+# - hosts:
+# - "./*"
+# - "istio-system/*"
+#---
+#apiVersion: networking.istio.io/v1alpha3
+#kind: Sidecar
+#metadata:
+# name: default-sidecar
+# namespace: default
+#spec:
+# egress:
+# - hosts:
+# - "default/*"
+# - "istio-system/*"
+# - "staging/*"
\ No newline at end of file
diff --git a/Istio/sidecar/placeholder/txt.txt b/Istio/sidecar/placeholder/txt.txt
new file mode 100644
index 0000000..a7966da
--- /dev/null
+++ b/Istio/sidecar/placeholder/txt.txt
@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: ratings
+ labels:
+ app: ratings
+ service: ratings
+spec:
+ ports:
+ - port: 8443
+ name: https
+ targetPort: 80
+ selector:
+ app: ratings
+
+
+
+apiVersion: security.istio.io/v1beta1
+kind: PeerAuthentication
+metadata:
+ name: ratings-peer-auth
+ namespace: prod-us1
+spec:
+ selector:
+ matchLabels:
+ app: ratings
+ mtls:
+ mode: STRICT
+ portLevelMtls:
+ 80:
+ mode: DISABLE
+
+
+
+apiVersion: networking.istio.io/v1alpha3
+kind: Sidecar
+metadata:
+ name: ratings
+ namespace: prod-us1
+spec:
+ workloadSelector:
+ labels:
+ app: ratings
+ ingress:
+ - port:
+ number: 80
+ protocol: HTTPS
+ name: somename
+ defaultEndpoint: unix:///var/run/someuds.sock
+ tls:
+ mode: SIMPLE
+ privateKey: "/etc/certs/privatekey.pem"
+ serverCertificate: "/etc/certs/servercert.pem"
\ No newline at end of file