istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix the non-existent file in the test description of Citadel health checking (#1744)

This commit is contained in:
lei-tang 2018-07-14 04:39:29 -07:00 committed by Martin Taillefer
parent 97a59a82e0
commit 289e90b854
1 changed files with 8 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
content/docs/tasks/security/health-check/index.md
View File

@ -27,25 +27,14 @@ this feature is not needed if the production setup is not using the
## Before you begin
* Set up Istio by following the instructions in the
[quick start](/docs/setup/kubernetes/quick-start/) with global mutual TLS enabled:
{{< text bash >}}
$ kubectl apply -f install/kubernetes/istio-demo-auth.yaml
{{< /text >}}
_**OR**_
Using [Helm](/docs/setup/kubernetes/helm-install/) with `global.mtls.enabled` to `true`.
[quick start](/docs/setup/kubernetes/quick-start/) with global mutual TLS enabled.
It is recommended to install using [Helm](/docs/setup/kubernetes/helm-install/) with the Helm arguments `global.mtls.enabled` and `security.healthCheckEnabled` set as `true`.
> Starting with Istio 0.7, you can use [authentication policy](/docs/concepts/security/#authentication-policy) to configure mutual TLS for all/selected services in a namespace (repeated for all namespaces to get global setting). See [authentication policy task](/docs/tasks/security/authn-policy/)
## Deploying Citadel with health checking
Deploy Citadel with health checking enabled.
{{< text bash >}}
$ kubectl apply -f install/kubernetes/istio-citadel-with-health-check.yaml
{{< /text >}}
Deploy Citadel with health checking enabled by setting the Helm argument `security.healthCheckEnabled` as `true`.
Deploy the `istio-citadel` service so that the CSR service can be found by the health checker.
@ -91,17 +80,13 @@ Observe that the health checking interval is about 15 seconds, which is the defa
## (Optional) Configuring the health checking
Optionally, adjust the health checking configuration to meet your own needs. Open the file
`install/kubernetes/istio-citadel-with-health-check.yaml`, and locate the following lines.
Optionally, adjust the health checking configuration to meet your own needs. Open the `istio.yaml` generated via [helm template](/docs/setup/kubernetes/helm-install/#option-1-install-with-helm-via-helm-template), and locate the following lines.
{{< text plain >}}
...
- --liveness-probe-path=/tmp/ca.liveness # path to the liveness health checking status file
- --liveness-probe-interval=60s # interval for health checking file update
- --probe-check-interval=15s # interval for health status check
- --logtostderr
- --stderrthreshold
- INFO
livenessProbe:
exec:
command:
@ -130,16 +115,11 @@ continuously failed health checks.
## Cleanup
* To disable health checking on Citadel:
* To disable health checking on Citadel, deploy Citadel with health checking disabled by setting the Helm argument `security.healthCheckEnabled` as `false`.
* To remove Citadel deployment and service:
{{< text bash >}}
$ kubectl apply -f install/kubernetes/istio-demo-auth.yaml
$ kubectl delete svc istio-citadel -n istio-system
{{< /text >}}
* To remove Citadel:
{{< text bash >}}
$ kubectl delete -f install/kubernetes/istio-citadel-with-health-check.yaml
$ kubectl delete deploy istio-citadel -n istio-system
$ kubectl delete svc istio-citadel -n istio-system
{{< /text >}}