Cheat Sheet

Istio tips and tricks.

Last updated 3 years ago

Cheat Sheet

Istio tips and tricks.

Quick start

Install latest istioctl.

curl -sL https://istio.io/downloadIstioctl | sh -

Configure PATH`.

export PATH=$PATH:$HOME/.istioctl/bin

Run pre-install check.

istioctl x precheck

Deploy Istio.

istioctl install --set profile=demo

Learn more about Istio profiles here:

References

Gateway and Virtual Service

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-app-gw
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "my-app.com"

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-example
  labels:
    app: my-example
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-example
  template:
    metadata:
      labels:
        app: my-example
    spec:
      containers:
      - name: my-example
        image: nginx

        ports:
        - containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
  name: my-example
spec:
  selector:
    app: my-example
  ports:
  - protocol: TCP
    port: 80
  type: NodePort
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my-example
spec:
  hosts:
  - "my-app.com"
  gateways:
  - default/my-app-gw # Gateway can be in a different namespace
  http:
  - match:
    - uri:
        prefix: /t2
    rewrite:
      uri: /
    route:
    - destination:
        port:
          number: 80
        host: my-example

References

TLS

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: some-config-namespace
spec:
  selector:
    app: my-gateway-controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      httpsRedirect: true # sends 301 redirect for http requests
  - port:
      number: 443
      name: https-443
      protocol: HTTPS
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      mode: SIMPLE # enables HTTPS on this port
      serverCertificate: /etc/certs/servercert.pem
      privateKey: /etc/certs/privatekey.pem
  - port:
      number: 9443
      name: https-9443
      protocol: HTTPS
    hosts:
    - "bookinfo-namespace/*.bookinfo.com"
    tls:
      mode: SIMPLE # enables HTTPS on this port
      credentialName: bookinfo-secret # fetches certs from Kubernetes secret
  - port:
      number: 9080
      name: http-wildcard
      protocol: HTTP
    hosts:
    - "*"
  - port:
      number: 2379 # to expose internal service via external port 2379
      name: mongo
      protocol: MONGO
    hosts:
    - "*"

References

Commands

List routes

istioctl proxy-config -n istio-system route istio-ingressgateway-76c54bbfb6-bjtv5

PreviousCheat sheet NextCheat Sheet

Last updated 3 years ago

Quick start

Install latest istioctl.

curl -sL https://istio.io/downloadIstioctl | sh -

Configure PATH`.

export PATH=$PATH:$HOME/.istioctl/bin

Run pre-install check.

istioctl x precheck

Deploy Istio.

istioctl install --set profile=demo

Learn more about Istio profiles here:

References

Gateway and Virtual Service

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-app-gw
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "my-app.com"

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-example
  labels:
    app: my-example
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-example
  template:
    metadata:
      labels:
        app: my-example
    spec:
      containers:
      - name: my-example
        image: nginx

        ports:
        - containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
  name: my-example
spec:
  selector:
    app: my-example
  ports:
  - protocol: TCP
    port: 80
  type: NodePort
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my-example
spec:
  hosts:
  - "my-app.com"
  gateways:
  - default/my-app-gw # Gateway can be in a different namespace
  http:
  - match:
    - uri:
        prefix: /t2
    rewrite:
      uri: /
    route:
    - destination:
        port:
          number: 80
        host: my-example

References

TLS

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
  namespace: some-config-namespace
spec:
  selector:
    app: my-gateway-controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      httpsRedirect: true # sends 301 redirect for http requests
  - port:
      number: 443
      name: https-443
      protocol: HTTPS
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      mode: SIMPLE # enables HTTPS on this port
      serverCertificate: /etc/certs/servercert.pem
      privateKey: /etc/certs/privatekey.pem
  - port:
      number: 9443
      name: https-9443
      protocol: HTTPS
    hosts:
    - "bookinfo-namespace/*.bookinfo.com"
    tls:
      mode: SIMPLE # enables HTTPS on this port
      credentialName: bookinfo-secret # fetches certs from Kubernetes secret
  - port:
      number: 9080
      name: http-wildcard
      protocol: HTTP
    hosts:
    - "*"
  - port:
      number: 2379 # to expose internal service via external port 2379
      name: mongo
      protocol: MONGO
    hosts:
    - "*"

References

Commands

List routes

istioctl proxy-config -n istio-system route istio-ingressgateway-76c54bbfb6-bjtv5