istio-demo | repository contains scripts/manifests for an Istio service | Service Mesh library
kandi X-RAY | istio-demo Summary
kandi X-RAY | istio-demo Summary
Contains manifest files and scripts for giving an Istio demo.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of istio-demo
istio-demo Key Features
istio-demo Examples and Code Snippets
Community Discussions
Trending Discussions on istio-demo
QUESTION
We have installed istion-1.4.0 from istio-demo.yml file by running the following command on k8s cluster - 1.15.1
kubectl apply -f istio-demo.yml
Now we need to upgrade our istio from 1.4.0 to 1.5.0 and as per my understanding its not straight forward, due to changes in istio components ( introducing of istiod and removing citadel,galley,policy & telemetry).
How can i move from kubectl to istoctl so that my future upgrade to istio in-line with.??
...ANSWER
Answered 2020-Aug-11 at 13:44As I mentioned in comments I have followed a theme on istio discuss about upgrade created by@laurentiuspurba.
I have changed it a little for your use case, so an upgrade from 1.4 to 1.5.
Take a look at below steps to follow.
1.Follow istio documentation and install istioctl 1.4 and 1.5 with:
QUESTION
I am trying to install Istio on a Kubernetes cluster. I created a three node cluster and installed istioctl 1.1.0 version. The istio installation comes with a istio-demo.yaml
file located inside install/kubernetes/istio-demo.yaml
directory. When I ran the kubectl apply -f install/kubernetes/istio-demo.yaml
command, I got the below output.
Then I listed the services using kubectl get svc -n istio-system
I am seeing the services
Then when I list the pods using kubectl get pod -n istio-system
I cannot see the pods. Where am I going wrong?
ANSWER
Answered 2020-May-05 at 12:31You can check which apis support current Kubernetes object using
QUESTION
I am trying to setup the OPA adapter in Istio with the simplest rule to deny everything by default:
...ANSWER
Answered 2019-Aug-19 at 08:58Alternatively you can try out the OPA/Istio/Envoy integration that enforces the same type of policies at the proxy layer
QUESTION
I have an existing GKE cluster with the Istio addon installed, e.g.:
...ANSWER
Answered 2019-Aug-15 at 22:13Managed Istio per design will revert any custom configuration and will disable SDS again. So, IMHO, it is a non-useful scenario. You can enable SDS manually following this guide, but keep in mind that the configuration will remain active only for 2-3 minutes.
Currently GKE doesn't support enabling SDS when creating a cluster from scratch. On GKE managed Istio, Google is looking to have the ability to enable SDS on GKE clusters, but they don't have an ETA yet for that release.
However, if you use non-managed (open source) Istio, SDS feature is in the Istio roadmap, and I think it should be available in version 1.2, but it is not a guarantee.
QUESTION
I was playing around in minikube and installed the wrong version of istio. I ran:
...ANSWER
Answered 2019-Aug-27 at 23:15One way would be kubectl delete -f
but it implies few things:
The resources were first created. It simply removes all of those, if you really want to "revert to the previous state" I'm not sure there are built-in tools in Kubernetes to do that (so you really would restore from a backup, if you have one)
The containers did not modify the host machines: containers may mount root filesystem and change it, or kernel subsystems (iptables, etc). The
delete
command would not revert it either, and in that case you really need to check the documentation for the product to see if they offer any official way to guarantees a proper cleanup
QUESTION
I followed Istio's official documentation to setup Istio for sample bookinfo app with minikube. but I'm getting Unable to connect to the server: net/http: TLS handshake timeout error. these are the steps that I have followed(I have kubectl & minikube installed).
...ANSWER
Answered 2018-Nov-06 at 06:31Problem resolved. when I run minikube start --memory=4048
. maybe it was a memory issue.
QUESTION
I'm trying to install Istio 1.13.1 on Kubernetes 1.13.5 deployed on minikube 1.0.0 but I get some errors in the end. Here is log of the installation:
...ANSWER
Answered 2019-Apr-19 at 20:20In the docs there is a step to execute CRDs init. I don't see that in your snippet, seems like that's what you're missing.
So:
QUESTION
I have implemented an istio policy so that users will need a JWT token to access my backend, and admin-backend services. However, it is not letting me through with a valid token. I am running istio-demo on minikube and have done nothing with my deployment but configure an egress for auth0. Then when I go to apply my policy, I can no longer access these services with my requests.
rbac-policy.yaml
...ANSWER
Answered 2019-Mar-17 at 04:13I figured this out a few days ago and forgot to post the answer. I needed to remove mtls from config.
QUESTION
I previously had a bunch of microservices running fine without mtls enabled, that I could access via my frontend http://192.168.99.100:31001/
, backend(s), and db running on various other NodePort's.
For the next stage of my project I need to enable mtls to accomplish securing my services via a JWT token controlled by istio. But, when I use istio-auth-demo instead of istio-demo I cannot access my services via their endpoint. What do I need to do to fix this? I have wrote a gateway, virtualservice, and destinationrules that I thought might clear up the issue.
Just looking for someone to point me in the right direction.
...ANSWER
Answered 2019-Mar-10 at 15:00I am not sure what was the issue here. Maybe it was because I was running it on minikube and some config wasn't supported. I just enabled mtls on the pods I wanted and ran the regular version of istio.
QUESTION
I am using istio 1.0.2 version with istio-demo-auth.yaml, I have a mssql db outside the k8s cluster, I want to connect it form the istio injected services. I try with this Consuming External TCP Services blogs, but the services cannot connect to the outside mssql instance. The service entry as below:
...ANSWER
Answered 2018-Nov-14 at 11:22As @SmileSees mentioned, the issue has been resolved by disabling mutual TLS authentication for the target mssql
instance. Due to the fact that the database instance located outside the Istio mesh and no sidecar Envoy
injected for this service, TLS security connection was not established.
You can consider to use SPIFFE framework for securing services across heterogeneous environments.
Referenced links for further research:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install istio-demo
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page