From 483aad2b98d69c71e368264224ffde6cd7bcf452 Mon Sep 17 00:00:00 2001 From: Diem Vu <25132401+diemtvu@users.noreply.github.com> Date: Wed, 25 Jul 2018 06:32:33 -0700 Subject: [PATCH] Correct authn policy for health check demo (#1949) --- .../app-health-check/index.md | 129 ++++++++++++------ 1 file changed, 88 insertions(+), 41 deletions(-) diff --git a/content/docs/tasks/traffic-management/app-health-check/index.md b/content/docs/tasks/traffic-management/app-health-check/index.md index 99192c6846..161d62faf7 100644 --- a/content/docs/tasks/traffic-management/app-health-check/index.md +++ b/content/docs/tasks/traffic-management/app-health-check/index.md @@ -46,20 +46,40 @@ The number '0' in the 'RESTARTS' column means liveness probes worked fine. Readi ### Mutual TLS enabled -Run this command to enable mutual TLS for services in the default namespace: +To enable mutual TLS for services in the default namespace, you must configure an authentication policy and a destination rule. +Follow these steps to complete the configuration: -{{< text bash >}} -$ cat <}} +1. To configure the authentication policy, run: + + {{< text bash >}} + $ cat <}} + +1. To configure the destination rule, run: + + {{< text bash >}} + $ cat <}} Run this command to re-deploy the service: @@ -68,7 +88,29 @@ $ kubectl delete -f <(istioctl kube-inject -f @samples/health-check/liveness-com $ kubectl apply -f <(istioctl kube-inject -f @samples/health-check/liveness-command.yaml@) {{< /text >}} -Repeat the commands in the previous section to verify that the liveness probes work. +Repeat the check status command to verify that the liveness probes work: + +{{< text bash >}} +$ kubectl get pod +NAME READY STATUS RESTARTS AGE +liveness-6857c8775f-zdv9r 2/2 Running 0 4m +{{< /text >}} + +### Cleanup + +Remove the mutual TLS policy and corresponding destination rule added in the steps above: + +1. To remove the mutual TLS policy, run: + + {{< text bash >}} + $ kubectl delete policies default + {{< /text >}} + +1. To remove the corresponding destination rule, run: + + {{< text bash >}} + $ kubectl delete destinationrules default + {{< /text >}} ## Liveness and readiness probes with HTTP request option @@ -76,21 +118,6 @@ This section shows how to configure health checking with the HTTP request option ### Mutual TLS is disabled -Run this command to remove the mutual TLS policy: - -{{< text bash >}} -$ cat <}} - Run this command to deploy [liveness-http]({{< github_file >}}/samples/health-check/liveness-http.yaml) in the default namespace: {{< text bash >}} @@ -107,19 +134,39 @@ liveness-http-975595bb6-5b2z7c 2/2 Running 0 1m ### Mutual TLS is enabled -Run this command to enable mutual TLS for services in the default namespace: +Again, enable mutual TLS for services in the default namespace by adding namespace-wide authentication policy and a destination rule: -{{< text bash >}} -$ cat <}} +1. To configure the authentication policy, run: + + {{< text bash >}} + $ cat <}} + +1. To configure the destination rule, run: + + {{< text bash >}} + $ cat <}} Run these commands to re-deploy the service: