# Cheat Sheet

## Quick start

Install latest `istioctl.`

```bash
curl -sL https://istio.io/downloadIstioctl | sh -
```

Configure PATH\`.

```bash
export PATH=$PATH:$HOME/.istioctl/bin
```

Run pre-install check.

```bash
istioctl x precheck
```

Deploy Istio.

```bash
istioctl install --set profile=demo
```

{% hint style="info" %}
Learn more about Istio profiles here: <https://istio.io/latest/docs/setup/additional-setup/config-profiles/>
{% endhint %}

### References

<https://medium.com/expedia-group-tech/flagger-get-started-with-istio-and-kubernetes-896261c3ed88>

## Gateway and Virtual Service

```bash
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-app-gw
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "my-app.com"
```

```bash
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-example
  labels:
    app: my-example
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-example
  template:
    metadata:
      labels:
        app: my-example
    spec:
      containers:
      - name: my-example
        image: nginx

        ports:
        - containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
  name: my-example
spec:
  selector:
    app: my-example
  ports:
  - protocol: TCP
    port: 80
  type: NodePort
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my-example
spec:
  hosts:
  - "my-app.com"
  gateways:
  - default/my-app-gw # Gateway can be in a different namespace
  http:
  - match:
    - uri:
        prefix: /t2
    rewrite:
      uri: /
    route:
    - destination:
        port:
          number: 80
        host: my-example
```

### References

<https://istio.io/latest/docs/ops/best-practices/traffic-management/?_ga=2.51151081.1502515420.1625493144-1378528285.1625493144#split-virtual-services>

## TLS

```bash
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: some-config-namespace
spec:
  selector:
    app: my-gateway-controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      httpsRedirect: true # sends 301 redirect for http requests
  - port:
      number: 443
      name: https-443
      protocol: HTTPS
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      mode: SIMPLE # enables HTTPS on this port
      serverCertificate: /etc/certs/servercert.pem
      privateKey: /etc/certs/privatekey.pem
  - port:
      number: 9443
      name: https-9443
      protocol: HTTPS
    hosts:
    - "bookinfo-namespace/*.bookinfo.com"
    tls:
      mode: SIMPLE # enables HTTPS on this port
      credentialName: bookinfo-secret # fetches certs from Kubernetes secret
  - port:
      number: 9080
      name: http-wildcard
      protocol: HTTP
    hosts:
    - "*"
  - port:
      number: 2379 # to expose internal service via external port 2379
      name: mongo
      protocol: MONGO
    hosts:
    - "*"
```

### References

<https://istio.io/latest/docs/reference/config/networking/gateway/>

## Commands

### List routes

```bash
istioctl proxy-config -n istio-system route istio-ingressgateway-76c54bbfb6-bjtv5
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.devops.buzz/public/istio/cheat-sheet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.