DevOps Buzz
Search…
Bash / Shell
Bitbucket
Distros
Elasticsearch
General
Guidelines / Standards
microk8s
Prometheus
RabbitMQ
VirtualBox
Cheat Sheet
Istio tips and tricks.

Quick start

Install latest istioctl.
curl -sL https://istio.io/downloadIstioctl | sh -
Configure PATH`.
export PATH=$PATH:$HOME/.istioctl/bin
Run pre-install check.
istioctl x precheck
Deploy Istio.
istioctl install --set profile=demo

References

Gateway and Virtual Service

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-app-gw
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "my-app.com"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-example
labels:
app: my-example
spec:
replicas: 1
selector:
matchLabels:
app: my-example
template:
metadata:
labels:
app: my-example
spec:
containers:
- name: my-example
image: nginx
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
name: my-example
spec:
selector:
app: my-example
ports:
- protocol: TCP
port: 80
type: NodePort
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-example
spec:
hosts:
- "my-app.com"
gateways:
- default/my-app-gw # Gateway can be in a different namespace
http:
- match:
- uri:
prefix: /t2
rewrite:
uri: /
route:
- destination:
port:
number: 80
host: my-example

References

TLS

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
namespace: some-config-namespace
spec:
selector:
app: my-gateway-controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- uk.bookinfo.com
- eu.bookinfo.com
tls:
httpsRedirect: true # sends 301 redirect for http requests
- port:
number: 443
name: https-443
protocol: HTTPS
hosts:
- uk.bookinfo.com
- eu.bookinfo.com
tls:
mode: SIMPLE # enables HTTPS on this port
serverCertificate: /etc/certs/servercert.pem
privateKey: /etc/certs/privatekey.pem
- port:
number: 9443
name: https-9443
protocol: HTTPS
hosts:
- "bookinfo-namespace/*.bookinfo.com"
tls:
mode: SIMPLE # enables HTTPS on this port
credentialName: bookinfo-secret # fetches certs from Kubernetes secret
- port:
number: 9080
name: http-wildcard
protocol: HTTP
hosts:
- "*"
- port:
number: 2379 # to expose internal service via external port 2379
name: mongo
protocol: MONGO
hosts:
- "*"

References

Commands

List routes

istioctl proxy-config -n istio-system route istio-ingressgateway-76c54bbfb6-bjtv5
Copy link
Outline
Quick start
References
Gateway and Virtual Service
References
TLS
References
Commands
List routes