...
Name of the Cluster | Microservice | Istio Configuration | Comments | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Cluster01 |
|
| |||||||||||
Cluster01 Resources
1. DestinationRule for TLS, Loadbalancing and circuit breaking - productpage
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: bookinfo-productpage-dr namespace: default spec: host: "productpage.default.svc.cluster.local" trafficPolicy: tls: mode: ISTIO_MUTUAL loadbalancer: consistentHash: httpCookie: "user2" connectionPool: tcp: maxConnections: 10 http: http2MaxRequests: 1000 maxRequestsPerConnection: 100 outlierDetection: consecutiveErrors: 7 interval: 5m baseEjectionTime: 15m |
2. AuthorizationPolicy
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: deny-all namespace: default spec: selector: matchLabels: app: productpage rules: - from: - source: principals: ["cluster.global/ns/default/sa/sleep", "cluster.global/ns/default/sa/bookinfo-user" ] to: - operation: methods: ["GET"] paths: ["/static*"] - operation: methods: ["GET"] paths: ["/api/v1/products"] |
3. DestinationRule for TLS - bookinfo-user
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: bookinfo-user namespace: default spec: host: "bookinfo-user.default.svc.cluster.local" trafficPolicy: tls: mode: ISTIO_MUTUAL |
4. DestinationRule (httpbin) for simple TLS, Loadbalancing and circuit breaking
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: httpbin-dr namespace: default spec: host: "httpbin.default.svc.cluster.local" trafficPolicy: tls: mode: ISTIO_MUTUAL loadbalancer: consistentHash: httpCookie: "user1" connectionPool: tcp: maxConnections: 10 http: http2MaxRequests: 1000 maxRequestsPerConnection: 100 outlierDetection: consecutiveErrors: 7 interval: 5m baseEjectionTime: 15m |
5. AuthorizationPolicy
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: deny-all namespace: default spec: selector: matchLabels: app: httpbin rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] to: - operation: methods: ["GET"] paths: ["/status*"] - operation: methods: ["POST"] paths: ["/headers"] |
6. DestinationRule for TLS - sleep
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: sleep-dr namespace: default spec: host: "sleep.default.svc.cluster.local" trafficPolicy: tls: mode: ISTIO_MUTUAL |
...