From fb347581973947f27096becb4818eaa4a727a06c Mon Sep 17 00:00:00 2001 From: savagebidoof Date: Fri, 5 May 2023 02:33:16 +0200 Subject: [PATCH] Files rebasing --- .placeholder/text.md | 54 ++++++++++++++++ .../03-HTTPRewrite/README.md | 2 +- .../04-HTTPRedirect/README.md | 60 ------------------ .../05-Service_Entry/Gateway.yaml | 14 ++++ .../README.md | 0 .../ServiceEntry.yaml | 0 .../VirtualService.yaml} | 15 ----- .../gateway.yaml | 55 ---------------- .../{deployment.yaml => Deployment.yaml} | 14 ---- .../07-HTTPS-Gateway-Simple-TLS/Gateway.yaml | 17 +++++ .../07-HTTPS-Gateway-Simple-TLS/Service.yaml | 13 ++++ .../{gateway.yaml => VirtualService.yaml} | 18 ------ .../{deployment.yaml => Deployment.yaml} | 14 ---- .../{gateway.yaml => Gateway.yaml} | 21 ------ .../08a-HTTPS-min-TLS-version/Service.yaml | 13 ++++ .../VirtualService.yaml | 20 ++++++ .../{deployment.yaml => Deployment.yaml} | 14 ---- .../{gateway.yaml => Gateway.yaml} | 21 ------ .../08b-HTTPS-max-TLS-version/Service.yaml | 13 ++++ .../VirtualService.yaml | 20 ++++++ .../{gateway.yaml => Gateway.yaml} | 0 .../{deployment.yaml => Deployment.yaml} | 14 ---- .../{gateway.yaml => Gateway.yaml} | 0 .../01-ingress-proxy-forwarding/Service.yaml | 12 ++++ .../{sidecar.yaml => Sidecar.yaml} | 0 .../01-target-namespaces/README.md | 2 +- .../01-disable-mTLS/README.md | 0 .../01-disable-mTLS/Service.yaml | 0 .../01-disable-mTLS/authentication.yaml | 0 .../01-disable-mTLS/deployment.yaml | 0 .../01-disable-mTLS/gateway.yaml | 0 .../02-portLevelMtls/README.md | 2 +- .../02-portLevelMtls/Service.yaml | 0 .../02-portLevelMtls/authentication.yaml | 0 .../02-portLevelMtls/deployment.yaml | 0 .../02-portLevelMtls/gateway.yaml | 0 .../06-mTLS/README.md | 8 +-- .../06-mTLS/authentication.yaml | 0 .../06-mTLS/deployment.yaml | 0 .../06-mTLS/deployment_2.yaml | 0 .../06-mTLS/gateway.yaml | 0 .../src/06-kiali-services-byeworld.png | Bin .../src/06-kiali-services-helloworld.png | Bin .../06-mTLS}/src/06-kiali-services.png | Bin .../05a-FaultInjection-delay/README.md | 0 .../05a-FaultInjection-delay/deployment.yaml | 0 .../05a-FaultInjection-delay/gateway.yaml | 0 .../05b-FaultInjection-abort/README.md | 0 .../05b-FaultInjection-abort/deployment.yaml | 0 .../05b-FaultInjection-abort/gateway.yaml | 0 .../DestinationRule.yaml | 13 ++++ .../Gateway.yaml | 14 ++++ .../06-HTTPS-Gateway_Service_Entry}/README.md | 6 +- .../ServiceEntry.yaml | 0 .../VirtualService.yaml | 26 ++++++++ .../src/github-screenshot.png | Bin 90-MixConfigs/REDME.md | 3 + 57 files changed, 242 insertions(+), 256 deletions(-) create mode 100644 .placeholder/text.md create mode 100755 02-Traffic_management/05-Service_Entry/Gateway.yaml rename 02-Traffic_management/{05-hello_world_1_Service_Entry => 05-Service_Entry}/README.md (100%) rename 02-Traffic_management/{05-hello_world_1_Service_Entry => 05-Service_Entry}/ServiceEntry.yaml (100%) rename 02-Traffic_management/{05-hello_world_1_Service_Entry/gateway.yaml => 05-Service_Entry/VirtualService.yaml} (73%) mode change 100755 => 100644 delete mode 100755 02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/gateway.yaml rename 02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/{deployment.yaml => Deployment.yaml} (71%) create mode 100755 02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Gateway.yaml create mode 100644 02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Service.yaml rename 02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/{gateway.yaml => VirtualService.yaml} (51%) mode change 100755 => 100644 rename 02-Traffic_management/08a-HTTPS-min-TLS-version/{deployment.yaml => Deployment.yaml} (71%) rename 02-Traffic_management/08a-HTTPS-min-TLS-version/{gateway.yaml => Gateway.yaml} (50%) create mode 100644 02-Traffic_management/08a-HTTPS-min-TLS-version/Service.yaml create mode 100644 02-Traffic_management/08a-HTTPS-min-TLS-version/VirtualService.yaml rename 02-Traffic_management/08b-HTTPS-max-TLS-version/{deployment.yaml => Deployment.yaml} (71%) rename 02-Traffic_management/08b-HTTPS-max-TLS-version/{gateway.yaml => Gateway.yaml} (50%) create mode 100644 02-Traffic_management/08b-HTTPS-max-TLS-version/Service.yaml create mode 100644 02-Traffic_management/08b-HTTPS-max-TLS-version/VirtualService.yaml rename 02-Traffic_management/12-HTTP-to-HTTPS-traffic-redirect/{gateway.yaml => Gateway.yaml} (100%) rename 03-Sidecar/01-ingress-proxy-forwarding/{deployment.yaml => Deployment.yaml} (65%) rename 03-Sidecar/01-ingress-proxy-forwarding/{gateway.yaml => Gateway.yaml} (100%) create mode 100644 03-Sidecar/01-ingress-proxy-forwarding/Service.yaml rename 03-Sidecar/01-ingress-proxy-forwarding/{sidecar.yaml => Sidecar.yaml} (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/01-disable-mTLS/README.md (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/01-disable-mTLS/Service.yaml (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/01-disable-mTLS/authentication.yaml (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/01-disable-mTLS/deployment.yaml (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/01-disable-mTLS/gateway.yaml (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/02-portLevelMtls/README.md (97%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/02-portLevelMtls/Service.yaml (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/02-portLevelMtls/authentication.yaml (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/02-portLevelMtls/deployment.yaml (100%) rename {10-PeerAuthentication => 10-mTLS_PeerAuthentication}/02-portLevelMtls/gateway.yaml (100%) rename {02-Traffic_management => 10-mTLS_PeerAuthentication}/06-mTLS/README.md (94%) rename {02-Traffic_management => 10-mTLS_PeerAuthentication}/06-mTLS/authentication.yaml (100%) rename {02-Traffic_management => 10-mTLS_PeerAuthentication}/06-mTLS/deployment.yaml (100%) rename {02-Traffic_management => 10-mTLS_PeerAuthentication}/06-mTLS/deployment_2.yaml (100%) rename {02-Traffic_management => 10-mTLS_PeerAuthentication}/06-mTLS/gateway.yaml (100%) rename {02-Traffic_management => 10-mTLS_PeerAuthentication/06-mTLS}/src/06-kiali-services-byeworld.png (100%) rename {02-Traffic_management => 10-mTLS_PeerAuthentication/06-mTLS}/src/06-kiali-services-helloworld.png (100%) rename {02-Traffic_management => 10-mTLS_PeerAuthentication/06-mTLS}/src/06-kiali-services.png (100%) rename {02-Traffic_management => 11-Fault_Injection}/05a-FaultInjection-delay/README.md (100%) rename {02-Traffic_management => 11-Fault_Injection}/05a-FaultInjection-delay/deployment.yaml (100%) rename {02-Traffic_management => 11-Fault_Injection}/05a-FaultInjection-delay/gateway.yaml (100%) rename {02-Traffic_management => 11-Fault_Injection}/05b-FaultInjection-abort/README.md (100%) rename {02-Traffic_management => 11-Fault_Injection}/05b-FaultInjection-abort/deployment.yaml (100%) rename {02-Traffic_management => 11-Fault_Injection}/05b-FaultInjection-abort/gateway.yaml (100%) create mode 100644 90-MixConfigs/06-HTTPS-Gateway_Service_Entry/DestinationRule.yaml create mode 100755 90-MixConfigs/06-HTTPS-Gateway_Service_Entry/Gateway.yaml rename {02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry => 90-MixConfigs/06-HTTPS-Gateway_Service_Entry}/README.md (92%) rename {02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry => 90-MixConfigs/06-HTTPS-Gateway_Service_Entry}/ServiceEntry.yaml (100%) create mode 100644 90-MixConfigs/06-HTTPS-Gateway_Service_Entry/VirtualService.yaml rename {02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry => 90-MixConfigs/06-HTTPS-Gateway_Service_Entry}/src/github-screenshot.png (100%) create mode 100644 90-MixConfigs/REDME.md diff --git a/.placeholder/text.md b/.placeholder/text.md new file mode 100644 index 0000000..7b872f4 --- /dev/null +++ b/.placeholder/text.md @@ -0,0 +1,54 @@ + +https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPRedirect + +## The idea is that this rewrite is handled "externally" by the client, not by Istio. + + + +## Practical examples + + +### HTTP to HTTPS redirect. + +The following Virtual Service configuration will redirect all the incoming traffic from the gateway `my-gateway` that uses the http protocol, to the https protocol. + +In this example, it would forward all the `http` traffic without taking into account which port is used. + +``` +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: to-https-vs +spec: + hosts: + - "*" + gateways: + - my-gateway + http: + - match: + - name: to_https + match: + scheme: http + redirect: + scheme: https +``` + +### Migrated from a domain + +The following will update the requests coming "to" the domain `old.domain.com` and rewrite the URL to use the "new" `new.domain.com` + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: update-domain-vs +spec: + hosts: + - "old.domain.com" + gateways: + - helloworld-gateway + http: + - name: forward-to-new-domain + redirect: + authority: "new.domain.com" +``` \ No newline at end of file diff --git a/02-Traffic_management/03-HTTPRewrite/README.md b/02-Traffic_management/03-HTTPRewrite/README.md index 0be9df1..3ee81ee 100755 --- a/02-Traffic_management/03-HTTPRewrite/README.md +++ b/02-Traffic_management/03-HTTPRewrite/README.md @@ -221,7 +221,7 @@ curl 192.168.1.50/helloworld -s | grep "

.*

"

404 Not Found

``` -## Cleanup +## Cleanup` Finally, a cleanup from the resources deployed. diff --git a/02-Traffic_management/04-HTTPRedirect/README.md b/02-Traffic_management/04-HTTPRedirect/README.md index 3b6ec0c..a6f5625 100755 --- a/02-Traffic_management/04-HTTPRedirect/README.md +++ b/02-Traffic_management/04-HTTPRedirect/README.md @@ -253,63 +253,3 @@ virtualservice.networking.istio.io "helloworld-vs" deleted - -# Continues from - -- 01-hello_world_1_service_1_deployment - - - -https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPRedirect - -## The idea is that this rewrite is handled "externally" by the client, not by Istio. - - - -## Practical examples - - -### HTTP to HTTPS redirect. - -The following Virtual Service configuration will redirect all the incoming traffic from the gateway `my-gateway` that uses the http protocol, to the https protocol. - -In this example, it would forward all the `http` traffic without taking into account which port is used. - -``` -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: to-https-vs -spec: - hosts: - - "*" - gateways: - - my-gateway - http: - - match: - - name: to_https - match: - scheme: http - redirect: - scheme: https -``` - -### Migrated from a domain - -The following will update the requests coming "to" the domain `old.domain.com` and rewrite the URL to use the "new" `new.domain.com` - -```yaml -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: update-domain-vs -spec: - hosts: - - "old.domain.com" - gateways: - - helloworld-gateway - http: - - name: forward-to-new-domain - redirect: - authority: "new.domain.com" -``` \ No newline at end of file diff --git a/02-Traffic_management/05-Service_Entry/Gateway.yaml b/02-Traffic_management/05-Service_Entry/Gateway.yaml new file mode 100755 index 0000000..bbd9d67 --- /dev/null +++ b/02-Traffic_management/05-Service_Entry/Gateway.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" \ No newline at end of file diff --git a/02-Traffic_management/05-hello_world_1_Service_Entry/README.md b/02-Traffic_management/05-Service_Entry/README.md similarity index 100% rename from 02-Traffic_management/05-hello_world_1_Service_Entry/README.md rename to 02-Traffic_management/05-Service_Entry/README.md diff --git a/02-Traffic_management/05-hello_world_1_Service_Entry/ServiceEntry.yaml b/02-Traffic_management/05-Service_Entry/ServiceEntry.yaml similarity index 100% rename from 02-Traffic_management/05-hello_world_1_Service_Entry/ServiceEntry.yaml rename to 02-Traffic_management/05-Service_Entry/ServiceEntry.yaml diff --git a/02-Traffic_management/05-hello_world_1_Service_Entry/gateway.yaml b/02-Traffic_management/05-Service_Entry/VirtualService.yaml old mode 100755 new mode 100644 similarity index 73% rename from 02-Traffic_management/05-hello_world_1_Service_Entry/gateway.yaml rename to 02-Traffic_management/05-Service_Entry/VirtualService.yaml index 8d3c198..b86b1c8 --- a/02-Traffic_management/05-hello_world_1_Service_Entry/gateway.yaml +++ b/02-Traffic_management/05-Service_Entry/VirtualService.yaml @@ -1,19 +1,4 @@ apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: helloworld-gateway -spec: - selector: - istio: ingressgateway # use istio default controller - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" ---- -apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: helloworld-vs diff --git a/02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/gateway.yaml b/02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/gateway.yaml deleted file mode 100755 index 387584a..0000000 --- a/02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/gateway.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: helloworld-gateway -spec: - selector: - istio: ingressgateway # use istio default controller - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: helloworld-vs -spec: - hosts: - - "*" - gateways: - - helloworld-gateway - http: - - name: https-external-service - timeout: 3s - match: - - uri: - exact: "/external" - route: - - destination: - host: "github.com" - port: - number: 8443 - rewrite: - uri: "/OriolFilter/" - headers: - request: - set: - HOST: "github.com" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: github.com - namespace: default -spec: - host: github.com - trafficPolicy: - portLevelSettings: - - port: - number: 8443 - tls: - mode: SIMPLE \ No newline at end of file diff --git a/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/deployment.yaml b/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Deployment.yaml similarity index 71% rename from 02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/deployment.yaml rename to 02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Deployment.yaml index a283aab..233fd2c 100755 --- a/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/deployment.yaml +++ b/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Deployment.yaml @@ -1,17 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: helloworld - labels: - app: helloworld - service: helloworld -spec: - ports: - - port: 80 - name: http - selector: - app: helloworld ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Gateway.yaml b/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Gateway.yaml new file mode 100755 index 0000000..d122db5 --- /dev/null +++ b/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Gateway.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 443 + name: secure-http + protocol: HTTPS + hosts: + - "*" + tls: + mode: SIMPLE + credentialName: my-tls-cert-secret diff --git a/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Service.yaml b/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Service.yaml new file mode 100644 index 0000000..784987b --- /dev/null +++ b/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/Service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: helloworld + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld diff --git a/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/gateway.yaml b/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/VirtualService.yaml old mode 100755 new mode 100644 similarity index 51% rename from 02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/gateway.yaml rename to 02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/VirtualService.yaml index cc236c0..205231b --- a/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/gateway.yaml +++ b/02-Traffic_management/07-HTTPS-Gateway-Simple-TLS/VirtualService.yaml @@ -1,22 +1,4 @@ apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: helloworld-gateway -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 443 - name: secure-http - protocol: HTTPS - hosts: - - "*" - tls: - mode: SIMPLE - credentialName: my-tls-cert-secret ---- -apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: helloworld-vs diff --git a/02-Traffic_management/08a-HTTPS-min-TLS-version/deployment.yaml b/02-Traffic_management/08a-HTTPS-min-TLS-version/Deployment.yaml similarity index 71% rename from 02-Traffic_management/08a-HTTPS-min-TLS-version/deployment.yaml rename to 02-Traffic_management/08a-HTTPS-min-TLS-version/Deployment.yaml index a283aab..233fd2c 100755 --- a/02-Traffic_management/08a-HTTPS-min-TLS-version/deployment.yaml +++ b/02-Traffic_management/08a-HTTPS-min-TLS-version/Deployment.yaml @@ -1,17 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: helloworld - labels: - app: helloworld - service: helloworld -spec: - ports: - - port: 80 - name: http - selector: - app: helloworld ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/02-Traffic_management/08a-HTTPS-min-TLS-version/gateway.yaml b/02-Traffic_management/08a-HTTPS-min-TLS-version/Gateway.yaml similarity index 50% rename from 02-Traffic_management/08a-HTTPS-min-TLS-version/gateway.yaml rename to 02-Traffic_management/08a-HTTPS-min-TLS-version/Gateway.yaml index 9829a3f..90b9197 100755 --- a/02-Traffic_management/08a-HTTPS-min-TLS-version/gateway.yaml +++ b/02-Traffic_management/08a-HTTPS-min-TLS-version/Gateway.yaml @@ -16,24 +16,3 @@ spec: mode: SIMPLE credentialName: my-tls-cert-secret minProtocolVersion: TLSV1_3 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: helloworld-vs -spec: - hosts: - - "*" - gateways: - - helloworld-gateway - http: - - match: - - uri: - exact: /helloworld - route: - - destination: - host: helloworld - port: - number: 80 - rewrite: - uri: "/" \ No newline at end of file diff --git a/02-Traffic_management/08a-HTTPS-min-TLS-version/Service.yaml b/02-Traffic_management/08a-HTTPS-min-TLS-version/Service.yaml new file mode 100644 index 0000000..271ce25 --- /dev/null +++ b/02-Traffic_management/08a-HTTPS-min-TLS-version/Service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: helloworld + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld \ No newline at end of file diff --git a/02-Traffic_management/08a-HTTPS-min-TLS-version/VirtualService.yaml b/02-Traffic_management/08a-HTTPS-min-TLS-version/VirtualService.yaml new file mode 100644 index 0000000..205231b --- /dev/null +++ b/02-Traffic_management/08a-HTTPS-min-TLS-version/VirtualService.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - match: + - uri: + exact: /helloworld + route: + - destination: + host: helloworld + port: + number: 80 + rewrite: + uri: "/" \ No newline at end of file diff --git a/02-Traffic_management/08b-HTTPS-max-TLS-version/deployment.yaml b/02-Traffic_management/08b-HTTPS-max-TLS-version/Deployment.yaml similarity index 71% rename from 02-Traffic_management/08b-HTTPS-max-TLS-version/deployment.yaml rename to 02-Traffic_management/08b-HTTPS-max-TLS-version/Deployment.yaml index a283aab..233fd2c 100755 --- a/02-Traffic_management/08b-HTTPS-max-TLS-version/deployment.yaml +++ b/02-Traffic_management/08b-HTTPS-max-TLS-version/Deployment.yaml @@ -1,17 +1,3 @@ -apiVersion: v1 -kind: Service -metadata: - name: helloworld - labels: - app: helloworld - service: helloworld -spec: - ports: - - port: 80 - name: http - selector: - app: helloworld ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/02-Traffic_management/08b-HTTPS-max-TLS-version/gateway.yaml b/02-Traffic_management/08b-HTTPS-max-TLS-version/Gateway.yaml similarity index 50% rename from 02-Traffic_management/08b-HTTPS-max-TLS-version/gateway.yaml rename to 02-Traffic_management/08b-HTTPS-max-TLS-version/Gateway.yaml index e7b67fe..7f00c46 100755 --- a/02-Traffic_management/08b-HTTPS-max-TLS-version/gateway.yaml +++ b/02-Traffic_management/08b-HTTPS-max-TLS-version/Gateway.yaml @@ -16,24 +16,3 @@ spec: mode: SIMPLE credentialName: my-tls-cert-secret maxProtocolVersion: TLSV1_2 ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: helloworld-vs -spec: - hosts: - - "*" - gateways: - - helloworld-gateway - http: - - match: - - uri: - exact: /helloworld - route: - - destination: - host: helloworld - port: - number: 80 - rewrite: - uri: "/" \ No newline at end of file diff --git a/02-Traffic_management/08b-HTTPS-max-TLS-version/Service.yaml b/02-Traffic_management/08b-HTTPS-max-TLS-version/Service.yaml new file mode 100644 index 0000000..271ce25 --- /dev/null +++ b/02-Traffic_management/08b-HTTPS-max-TLS-version/Service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: helloworld + labels: + app: helloworld + service: helloworld +spec: + ports: + - port: 80 + name: http + selector: + app: helloworld \ No newline at end of file diff --git a/02-Traffic_management/08b-HTTPS-max-TLS-version/VirtualService.yaml b/02-Traffic_management/08b-HTTPS-max-TLS-version/VirtualService.yaml new file mode 100644 index 0000000..205231b --- /dev/null +++ b/02-Traffic_management/08b-HTTPS-max-TLS-version/VirtualService.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - match: + - uri: + exact: /helloworld + route: + - destination: + host: helloworld + port: + number: 80 + rewrite: + uri: "/" \ No newline at end of file diff --git a/02-Traffic_management/12-HTTP-to-HTTPS-traffic-redirect/gateway.yaml b/02-Traffic_management/12-HTTP-to-HTTPS-traffic-redirect/Gateway.yaml similarity index 100% rename from 02-Traffic_management/12-HTTP-to-HTTPS-traffic-redirect/gateway.yaml rename to 02-Traffic_management/12-HTTP-to-HTTPS-traffic-redirect/Gateway.yaml diff --git a/03-Sidecar/01-ingress-proxy-forwarding/deployment.yaml b/03-Sidecar/01-ingress-proxy-forwarding/Deployment.yaml similarity index 65% rename from 03-Sidecar/01-ingress-proxy-forwarding/deployment.yaml rename to 03-Sidecar/01-ingress-proxy-forwarding/Deployment.yaml index 603c10e..233fd2c 100755 --- a/03-Sidecar/01-ingress-proxy-forwarding/deployment.yaml +++ b/03-Sidecar/01-ingress-proxy-forwarding/Deployment.yaml @@ -1,17 +1,3 @@ -## https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml -apiVersion: v1 -kind: Service -metadata: - name: helloworld - labels: - app: helloworld -spec: - ports: - - port: 8080 - name: http - selector: - app: helloworld ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/03-Sidecar/01-ingress-proxy-forwarding/gateway.yaml b/03-Sidecar/01-ingress-proxy-forwarding/Gateway.yaml similarity index 100% rename from 03-Sidecar/01-ingress-proxy-forwarding/gateway.yaml rename to 03-Sidecar/01-ingress-proxy-forwarding/Gateway.yaml diff --git a/03-Sidecar/01-ingress-proxy-forwarding/Service.yaml b/03-Sidecar/01-ingress-proxy-forwarding/Service.yaml new file mode 100644 index 0000000..fd3d077 --- /dev/null +++ b/03-Sidecar/01-ingress-proxy-forwarding/Service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: helloworld + labels: + app: helloworld +spec: + ports: + - port: 8080 + name: http + selector: + app: helloworld \ No newline at end of file diff --git a/03-Sidecar/01-ingress-proxy-forwarding/sidecar.yaml b/03-Sidecar/01-ingress-proxy-forwarding/Sidecar.yaml similarity index 100% rename from 03-Sidecar/01-ingress-proxy-forwarding/sidecar.yaml rename to 03-Sidecar/01-ingress-proxy-forwarding/Sidecar.yaml diff --git a/06-AuthorizationPolicy/01-target-namespaces/README.md b/06-AuthorizationPolicy/01-target-namespaces/README.md index 54bebf0..bf57e99 100755 --- a/06-AuthorizationPolicy/01-target-namespaces/README.md +++ b/06-AuthorizationPolicy/01-target-namespaces/README.md @@ -5,7 +5,7 @@ include_toc: true # Continues from -- [06-mTLS](../../02-Traffic_management/06-mTLS) +- [06-mTLS](../../10-mTLS_PeerAuthentication/06-mTLS) ## Description diff --git a/10-PeerAuthentication/01-disable-mTLS/README.md b/10-mTLS_PeerAuthentication/01-disable-mTLS/README.md similarity index 100% rename from 10-PeerAuthentication/01-disable-mTLS/README.md rename to 10-mTLS_PeerAuthentication/01-disable-mTLS/README.md diff --git a/10-PeerAuthentication/01-disable-mTLS/Service.yaml b/10-mTLS_PeerAuthentication/01-disable-mTLS/Service.yaml similarity index 100% rename from 10-PeerAuthentication/01-disable-mTLS/Service.yaml rename to 10-mTLS_PeerAuthentication/01-disable-mTLS/Service.yaml diff --git a/10-PeerAuthentication/01-disable-mTLS/authentication.yaml b/10-mTLS_PeerAuthentication/01-disable-mTLS/authentication.yaml similarity index 100% rename from 10-PeerAuthentication/01-disable-mTLS/authentication.yaml rename to 10-mTLS_PeerAuthentication/01-disable-mTLS/authentication.yaml diff --git a/10-PeerAuthentication/01-disable-mTLS/deployment.yaml b/10-mTLS_PeerAuthentication/01-disable-mTLS/deployment.yaml similarity index 100% rename from 10-PeerAuthentication/01-disable-mTLS/deployment.yaml rename to 10-mTLS_PeerAuthentication/01-disable-mTLS/deployment.yaml diff --git a/10-PeerAuthentication/01-disable-mTLS/gateway.yaml b/10-mTLS_PeerAuthentication/01-disable-mTLS/gateway.yaml similarity index 100% rename from 10-PeerAuthentication/01-disable-mTLS/gateway.yaml rename to 10-mTLS_PeerAuthentication/01-disable-mTLS/gateway.yaml diff --git a/10-PeerAuthentication/02-portLevelMtls/README.md b/10-mTLS_PeerAuthentication/02-portLevelMtls/README.md similarity index 97% rename from 10-PeerAuthentication/02-portLevelMtls/README.md rename to 10-mTLS_PeerAuthentication/02-portLevelMtls/README.md index aeb0aa2..0dfb971 100644 --- a/10-PeerAuthentication/02-portLevelMtls/README.md +++ b/10-mTLS_PeerAuthentication/02-portLevelMtls/README.md @@ -312,7 +312,7 @@ listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes ##### Curl -Even tho, we have set in the [PeerAuthentication configuration](#peerauthentication) mode to `STRICT`, unlike in the [previous example](01-disable-mTLS/#https-1), where the mode was also set to `STRICT`, in this example we configured the `portLevelMtls` field for the port `443`, successfully disabling `mTLS` for this port, and allowing to proceed with the request towards the `HTTPS` backend; which was performed without the need of disabling `mTLS` for the whole deployment. +Even tho, we have set in the [PeerAuthentication configuration](#peerauthentication) mode to `STRICT`, unlike in the [previous example](../01-disable-mTLS/#https-1), where the mode was also set to `STRICT`, in this example we configured the `portLevelMtls` field for the port `443`, successfully disabling `mTLS` for this port, and allowing to proceed with the request towards the `HTTPS` backend; which was performed without the need of disabling `mTLS` for the whole deployment. ```shell curl 192.168.1.50/https diff --git a/10-PeerAuthentication/02-portLevelMtls/Service.yaml b/10-mTLS_PeerAuthentication/02-portLevelMtls/Service.yaml similarity index 100% rename from 10-PeerAuthentication/02-portLevelMtls/Service.yaml rename to 10-mTLS_PeerAuthentication/02-portLevelMtls/Service.yaml diff --git a/10-PeerAuthentication/02-portLevelMtls/authentication.yaml b/10-mTLS_PeerAuthentication/02-portLevelMtls/authentication.yaml similarity index 100% rename from 10-PeerAuthentication/02-portLevelMtls/authentication.yaml rename to 10-mTLS_PeerAuthentication/02-portLevelMtls/authentication.yaml diff --git a/10-PeerAuthentication/02-portLevelMtls/deployment.yaml b/10-mTLS_PeerAuthentication/02-portLevelMtls/deployment.yaml similarity index 100% rename from 10-PeerAuthentication/02-portLevelMtls/deployment.yaml rename to 10-mTLS_PeerAuthentication/02-portLevelMtls/deployment.yaml diff --git a/10-PeerAuthentication/02-portLevelMtls/gateway.yaml b/10-mTLS_PeerAuthentication/02-portLevelMtls/gateway.yaml similarity index 100% rename from 10-PeerAuthentication/02-portLevelMtls/gateway.yaml rename to 10-mTLS_PeerAuthentication/02-portLevelMtls/gateway.yaml diff --git a/02-Traffic_management/06-mTLS/README.md b/10-mTLS_PeerAuthentication/06-mTLS/README.md similarity index 94% rename from 02-Traffic_management/06-mTLS/README.md rename to 10-mTLS_PeerAuthentication/06-mTLS/README.md index 4e6dadb..91d4a72 100755 --- a/02-Traffic_management/06-mTLS/README.md +++ b/10-mTLS_PeerAuthentication/06-mTLS/README.md @@ -5,7 +5,7 @@ include_toc: true # Based on -- [01-hello_world_1_service_1_deployment](../../01-Getting%20Started/01-hello_world_1_service_1_deployment) +- [01-hello_world_1_service_1_deployment](../../01-Getting_Started/01-hello_world_1_service_1_deployment) ## Description @@ -68,7 +68,7 @@ istioctl dashboard kiali ## Display services menu -![Kiali menu, displaying 3 services. helloworld, byeworld and kubernetes](../src/06-kiali-services.png) +![Kiali menu, displaying 3 services. helloworld, byeworld and kubernetes](src/06-kiali-services.png) > **Highlight:**\ > On the column located at the right, we can notice a note saying `Missing Sidecar` @@ -81,13 +81,13 @@ istioctl dashboard kiali On the service `byeworld` (reminder that it's pods had the Istio sidecar injection disabled), it displays the message `No mTLS`, meaning that mTLS (Mutual TLS between Istio sidecards) is not available. -![byeworld displays the message `No mTLS`](../src/06-kiali-services-byeworld.png) +![byeworld displays the message `No mTLS`](src/06-kiali-services-byeworld.png) ### Helloworld On the service `helloworld`, it displays the message `mTLS` -![helloworld displays the message `mTLS`](../src/06-kiali-services-helloworld.png) +![helloworld displays the message `mTLS`](src/06-kiali-services-helloworld.png) ## Test resources ### Curl / LB requests / requests from external traffic diff --git a/02-Traffic_management/06-mTLS/authentication.yaml b/10-mTLS_PeerAuthentication/06-mTLS/authentication.yaml similarity index 100% rename from 02-Traffic_management/06-mTLS/authentication.yaml rename to 10-mTLS_PeerAuthentication/06-mTLS/authentication.yaml diff --git a/02-Traffic_management/06-mTLS/deployment.yaml b/10-mTLS_PeerAuthentication/06-mTLS/deployment.yaml similarity index 100% rename from 02-Traffic_management/06-mTLS/deployment.yaml rename to 10-mTLS_PeerAuthentication/06-mTLS/deployment.yaml diff --git a/02-Traffic_management/06-mTLS/deployment_2.yaml b/10-mTLS_PeerAuthentication/06-mTLS/deployment_2.yaml similarity index 100% rename from 02-Traffic_management/06-mTLS/deployment_2.yaml rename to 10-mTLS_PeerAuthentication/06-mTLS/deployment_2.yaml diff --git a/02-Traffic_management/06-mTLS/gateway.yaml b/10-mTLS_PeerAuthentication/06-mTLS/gateway.yaml similarity index 100% rename from 02-Traffic_management/06-mTLS/gateway.yaml rename to 10-mTLS_PeerAuthentication/06-mTLS/gateway.yaml diff --git a/02-Traffic_management/src/06-kiali-services-byeworld.png b/10-mTLS_PeerAuthentication/06-mTLS/src/06-kiali-services-byeworld.png similarity index 100% rename from 02-Traffic_management/src/06-kiali-services-byeworld.png rename to 10-mTLS_PeerAuthentication/06-mTLS/src/06-kiali-services-byeworld.png diff --git a/02-Traffic_management/src/06-kiali-services-helloworld.png b/10-mTLS_PeerAuthentication/06-mTLS/src/06-kiali-services-helloworld.png similarity index 100% rename from 02-Traffic_management/src/06-kiali-services-helloworld.png rename to 10-mTLS_PeerAuthentication/06-mTLS/src/06-kiali-services-helloworld.png diff --git a/02-Traffic_management/src/06-kiali-services.png b/10-mTLS_PeerAuthentication/06-mTLS/src/06-kiali-services.png similarity index 100% rename from 02-Traffic_management/src/06-kiali-services.png rename to 10-mTLS_PeerAuthentication/06-mTLS/src/06-kiali-services.png diff --git a/02-Traffic_management/05a-FaultInjection-delay/README.md b/11-Fault_Injection/05a-FaultInjection-delay/README.md similarity index 100% rename from 02-Traffic_management/05a-FaultInjection-delay/README.md rename to 11-Fault_Injection/05a-FaultInjection-delay/README.md diff --git a/02-Traffic_management/05a-FaultInjection-delay/deployment.yaml b/11-Fault_Injection/05a-FaultInjection-delay/deployment.yaml similarity index 100% rename from 02-Traffic_management/05a-FaultInjection-delay/deployment.yaml rename to 11-Fault_Injection/05a-FaultInjection-delay/deployment.yaml diff --git a/02-Traffic_management/05a-FaultInjection-delay/gateway.yaml b/11-Fault_Injection/05a-FaultInjection-delay/gateway.yaml similarity index 100% rename from 02-Traffic_management/05a-FaultInjection-delay/gateway.yaml rename to 11-Fault_Injection/05a-FaultInjection-delay/gateway.yaml diff --git a/02-Traffic_management/05b-FaultInjection-abort/README.md b/11-Fault_Injection/05b-FaultInjection-abort/README.md similarity index 100% rename from 02-Traffic_management/05b-FaultInjection-abort/README.md rename to 11-Fault_Injection/05b-FaultInjection-abort/README.md diff --git a/02-Traffic_management/05b-FaultInjection-abort/deployment.yaml b/11-Fault_Injection/05b-FaultInjection-abort/deployment.yaml similarity index 100% rename from 02-Traffic_management/05b-FaultInjection-abort/deployment.yaml rename to 11-Fault_Injection/05b-FaultInjection-abort/deployment.yaml diff --git a/02-Traffic_management/05b-FaultInjection-abort/gateway.yaml b/11-Fault_Injection/05b-FaultInjection-abort/gateway.yaml similarity index 100% rename from 02-Traffic_management/05b-FaultInjection-abort/gateway.yaml rename to 11-Fault_Injection/05b-FaultInjection-abort/gateway.yaml diff --git a/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/DestinationRule.yaml b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/DestinationRule.yaml new file mode 100644 index 0000000..efc6b68 --- /dev/null +++ b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/DestinationRule.yaml @@ -0,0 +1,13 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: github.com + namespace: default +spec: + host: github.com + trafficPolicy: + portLevelSettings: + - port: + number: 8443 + tls: + mode: SIMPLE \ No newline at end of file diff --git a/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/Gateway.yaml b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/Gateway.yaml new file mode 100755 index 0000000..456e384 --- /dev/null +++ b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/Gateway.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: helloworld-gateway +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" diff --git a/02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/README.md b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/README.md similarity index 92% rename from 02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/README.md rename to 90-MixConfigs/06-HTTPS-Gateway_Service_Entry/README.md index 1eed779..e860918 100755 --- a/02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/README.md +++ b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/README.md @@ -8,7 +8,7 @@ The page used as a destination is my own [GitHub page](https://github.com/). # Based on -- [05-hello_world_1_Service_Entry](../05-hello_world_1_Service_Entry) +- [05-hello_world_1_Service_Entry](../../02-Traffic_management/05-Service_Entry) # Configuration @@ -75,7 +75,7 @@ The path `/external` will forward the request towards the destination URL `githu Highlight that the destination is `github.com`, which is the same as the contents set on the field `host` from the [ServiceEntry resource configured above](#serviceentry). -As seen [in the previous example, where the host that didn't have the `HOST` header wasn't able to receive a response by the destination](../05-hello_world_1_Service_Entry/#external-noh), we configured the `HOST` header to match the URL from the external service. +As seen [in the previous example, where the host that didn't have the `HOST` header wasn't able to receive a response by the destination](../../02-Traffic_management/05-Service_Entry/#external-noh), we configured the `HOST` header to match the URL from the external service. ```yaml apiVersion: networking.istio.io/v1alpha3 @@ -108,7 +108,7 @@ spec: ## DestinationRule -As seen in the example [02-Traffic_management/09-HTTPS-backend](../09-HTTPS-backend), where we configure Istio to use an `HTTPS` backend, the same configuration is applied on this case (yes, I am aware that a `ServiceEntry` is also a backend). +As seen in the example [02-Traffic_management/09-HTTPS-backend](../../02-Traffic_management/09-HTTPS-backend), where we configure Istio to use an `HTTPS` backend, the same configuration is applied on this case (yes, I am aware that a `ServiceEntry` is also a backend). For such, we deploy a `DestinationRule` setting to expect to terminate the TLS traffic, for the traffic with resource destination `github.com`, and port `8443`, which matches the settings set in our [ServiceEntry](#serviceentry) deployed. diff --git a/02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/ServiceEntry.yaml b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/ServiceEntry.yaml similarity index 100% rename from 02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/ServiceEntry.yaml rename to 90-MixConfigs/06-HTTPS-Gateway_Service_Entry/ServiceEntry.yaml diff --git a/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/VirtualService.yaml b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/VirtualService.yaml new file mode 100644 index 0000000..9f8a04d --- /dev/null +++ b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/VirtualService.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: helloworld-vs +spec: + hosts: + - "*" + gateways: + - helloworld-gateway + http: + - name: https-external-service + timeout: 3s + match: + - uri: + exact: "/external" + route: + - destination: + host: "github.com" + port: + number: 8443 + rewrite: + uri: "/OriolFilter/" + headers: + request: + set: + HOST: "github.com" \ No newline at end of file diff --git a/02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/src/github-screenshot.png b/90-MixConfigs/06-HTTPS-Gateway_Service_Entry/src/github-screenshot.png similarity index 100% rename from 02-Traffic_management/06-hello_world_1_HTTPS-Service_Entry/src/github-screenshot.png rename to 90-MixConfigs/06-HTTPS-Gateway_Service_Entry/src/github-screenshot.png diff --git a/90-MixConfigs/REDME.md b/90-MixConfigs/REDME.md new file mode 100644 index 0000000..e8909b7 --- /dev/null +++ b/90-MixConfigs/REDME.md @@ -0,0 +1,3 @@ +# Examples of mix configurations + +ie. gateway with HTTPS traffic through simple TLS, and a Service Entry as a backend. \ No newline at end of file