Versions Compared

Old Version 5

changes.mady.by.user Pramod Raghavendra Jayathirth

Saved on

compared with

New Version 6

changes.mady.by.user Pramod Raghavendra Jayathirth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Name of the ClusterMicroserviceIstio ConfigurationComments
Cluster01
  1. httpbin 
  2. sleep
  3. bookinfo-productpage
  4. bookinfo-user


MicroserviceResource
httpbin

destinationRule for simple TLS, Loadbalancing and circuit breaking

AuthorizationPolicy for Access Control

sleepdestinationRule for TLS
bookinfo-productpage

destinationRule for simple TLS, Loadbalancing and circuit breaking

AuthorizationPolicy for Access Control

bookinfo-userdestinationRule for TLS







Cluster01 Resources

1.  DestinationRule for TLS, Loadbalancing and circuit breaking - productpage

Code Block
languageyml
themeEclipse
titleDestinationRule
linenumberstrue
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: bookinfo-productpage-dr
  namespace: default
spec:
  host: "productpage.default.svc.cluster.local"
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
    loadbalancer:
      consistentHash:
        httpCookie: "user2"
    connectionPool:
      tcp:
        maxConnections: 10
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 100
    outlierDetection:
      consecutiveErrors: 7
      interval: 5m
      baseEjectionTime: 15m

2.  AuthorizationPolicy

Code Block
languageyml
themeEclipse
titleAuthorizationPolicy
linenumberstrue
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
 name: deny-all
 namespace: default
spec:
  selector:
   matchLabels:
     app: productpage
  rules:
  - from:
    - source:
        principals: ["cluster.global/ns/default/sa/sleep", "cluster.global/ns/default/sa/bookinfo-user" ]
    to:
    - operation:
        methods: ["GET"]
        paths: ["/static*"]
    - operation:
        methods: ["GET"]
        paths: ["/api/v1/products"]

3. DestinationRule for TLS - bookinfo-user

Code Block
languageyml
themeEclipse
titleDestinationRule
linenumberstrue
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: bookinfo-user
  namespace: default
spec:
  host: "bookinfo-user.default.svc.cluster.local"
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL

4.  DestinationRule (httpbin) for simple TLS, Loadbalancing and circuit breaking 

Code Block
languageyml
themeEclipse
titleDestinationRule
linenumberstrue
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: httpbin-dr
  namespace: default
spec:
  host: "httpbin.default.svc.cluster.local"
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
    loadbalancer:
      consistentHash:
        httpCookie: "user1"
    connectionPool:
      tcp:
        maxConnections: 10
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 100
    outlierDetection:
      consecutiveErrors: 7
      interval: 5m
      baseEjectionTime: 15m

5.  AuthorizationPolicy

Code Block
languageyml
themeEclipse
titleAuthorizationPolicy
linenumberstrue
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
 name: deny-all
 namespace: default
spec:
  selector:
   matchLabels:
     app: httpbin
  rules:
  - from:
    - source:
        principals: ["cluster.local/ns/default/sa/sleep"]
    to:
    - operation:
        methods: ["GET"]
        paths: ["/status*"]
    - operation:
        methods: ["POST"]
        paths: ["/headers"]

6. DestinationRule for TLS - sleep

Code Block
languageyml
themeEclipse
titleDestinationRule
linenumberstrue
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sleep-dr
  namespace: default
spec:
  host: "sleep.default.svc.cluster.local"
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL

...