.*

#!/bin/bash # shellcheck disable=SC2034,SC2153,SC2155,SC2164 # Copyright Istio Authors. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. #################################################################################################### # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: # docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md #################################################################################################### snip_before_you_begin_1() { istioctl install --set profile=demo --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY } snip_before_you_begin_2() { kubectl apply -f samples/sleep/sleep.yaml } snip_before_you_begin_3() { kubectl apply -f <(istioctl kube-inject -f samples/sleep/sleep.yaml) } snip_before_you_begin_4() { export SOURCE_POD=$(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) } snip_configure_direct_traffic_to_a_wildcard_host_1() { kubectl apply -f - <.*"; curl -s https://de.wikipedia.org/wiki/Wikipedia:Hauptseite | grep -o ".*"' } ! read -r -d '' snip_configure_direct_traffic_to_a_wildcard_host_2_out <<\ENDSNIP Wikipedia, the free encyclopedia Wikipedia – Die freie Enzyklopädie ENDSNIP snip_cleanup_direct_traffic_to_a_wildcard_host_1() { kubectl delete serviceentry wikipedia } snip_wildcard_configuration_for_a_single_hosting_server_1() { kubectl apply -f - <.*"; curl -s https://de.wikipedia.org/wiki/Wikipedia:Hauptseite | grep -o ".*"' } ! read -r -d '' snip_wildcard_configuration_for_a_single_hosting_server_3_out <<\ENDSNIP Wikipedia, the free encyclopedia Wikipedia – Die freie Enzyklopädie ENDSNIP snip_wildcard_configuration_for_a_single_hosting_server_4() { kubectl exec "$(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n istio-system -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:' } ! read -r -d '' snip_wildcard_configuration_for_a_single_hosting_server_4_out <<\ENDSNIP outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2 ENDSNIP snip_cleanup_wildcard_configuration_for_a_single_hosting_server_1() { kubectl delete serviceentry www-wikipedia kubectl delete gateway istio-egressgateway kubectl delete virtualservice direct-wikipedia-through-egress-gateway kubectl delete destinationrule egressgateway-for-wikipedia } snip_setup_egress_gateway_with_sni_proxy_1() { cat < ./sni-proxy.conf # setup custom path that do not require root access pid /tmp/nginx.pid; events { } stream { log_format log_stream '\$remote_addr [\$time_local] \$protocol [\$ssl_preread_server_name]' '\$status \$bytes_sent \$bytes_received \$session_time'; access_log /var/log/nginx/access.log log_stream; error_log /var/log/nginx/error.log; # tcp forward proxy by SNI server { resolver 8.8.8.8 ipv6=off; listen 127.0.0.1:18443; proxy_pass \$ssl_preread_server_name:443; ssl_preread on; } } EOF } snip_setup_egress_gateway_with_sni_proxy_2() { kubectl create configmap egress-sni-proxy-configmap -n istio-system --from-file=nginx.conf=./sni-proxy.conf } snip_setup_egress_gateway_with_sni_proxy_3() { istioctl manifest generate -f - < ./egressgateway-with-sni-proxy.yaml apiVersion: install.istio.io/v1alpha1 kind: IstioOperator spec: # Only generate a gateway component defined below. # Using this with "istioctl install" will reconcile and remove existing control-plane components. # Instead use "istioctl manifest generate" or "kubectl create" if using the istio operator. profile: empty components: egressGateways: - name: istio-egressgateway-with-sni-proxy enabled: true label: app: istio-egressgateway-with-sni-proxy istio: egressgateway-with-sni-proxy k8s: service: ports: - port: 443 targetPort: 8443 name: https overlays: - kind: Deployment name: istio-egressgateway-with-sni-proxy patches: - path: spec.template.spec.containers[-1] value: | name: sni-proxy image: nginx volumeMounts: - name: sni-proxy-config mountPath: /etc/nginx readOnly: true securityContext: runAsNonRoot: true runAsUser: 101 - path: spec.template.spec.volumes[-1] value: | name: sni-proxy-config configMap: name: egress-sni-proxy-configmap defaultMode: 292 # 0444 EOF } snip_setup_egress_gateway_with_sni_proxy_4() { kubectl apply -f ./egressgateway-with-sni-proxy.yaml } snip_setup_egress_gateway_with_sni_proxy_5() { kubectl get pod -l istio=egressgateway-with-sni-proxy -n istio-system } ! read -r -d '' snip_setup_egress_gateway_with_sni_proxy_5_out <<\ENDSNIP NAME READY STATUS RESTARTS AGE istio-egressgateway-with-sni-proxy-79f6744569-pf9t2 2/2 Running 0 17s ENDSNIP snip_setup_egress_gateway_with_sni_proxy_6() { kubectl apply -f - <.*"; curl -s https://de.wikipedia.org/wiki/Wikipedia:Hauptseite | grep -o ".*"' } ! read -r -d '' snip_configure_traffic_through_egress_gateway_with_sni_proxy_4_out <<\ENDSNIP Wikipedia, the free encyclopedia Wikipedia – Die freie Enzyklopädie ENDSNIP snip_configure_traffic_through_egress_gateway_with_sni_proxy_5() { kubectl logs -l istio=egressgateway-with-sni-proxy -c istio-proxy -n istio-system } ! read -r -d '' snip_configure_traffic_through_egress_gateway_with_sni_proxy_6 <<\ENDSNIP [2019-01-02T16:34:23.312Z] "- - -" 0 - 578 79141 624 - "-" "-" "-" "-" "127.0.0.1:18443" outbound|18443||sni-proxy.local 127.0.0.1:55018 172.30.109.84:443 172.30.109.112:45346 en.wikipedia.org [2019-01-02T16:34:24.079Z] "- - -" 0 - 586 65770 638 - "-" "-" "-" "-" "127.0.0.1:18443" outbound|18443||sni-proxy.local 127.0.0.1:55034 172.30.109.84:443 172.30.109.112:45362 de.wikipedia.org ENDSNIP snip_configure_traffic_through_egress_gateway_with_sni_proxy_7() { kubectl logs -l istio=egressgateway-with-sni-proxy -n istio-system -c sni-proxy } ! read -r -d '' snip_configure_traffic_through_egress_gateway_with_sni_proxy_7_out <<\ENDSNIP 127.0.0.1 [01/Aug/2018:15:32:02 +0000] TCP [en.wikipedia.org]200 81513 280 0.600 127.0.0.1 [01/Aug/2018:15:32:03 +0000] TCP [de.wikipedia.org]200 67745 291 0.659 ENDSNIP snip_cleanup_wildcard_configuration_for_arbitrary_domains_1() { kubectl delete serviceentry wikipedia kubectl delete gateway istio-egressgateway-with-sni-proxy kubectl delete virtualservice direct-wikipedia-through-egress-gateway kubectl delete destinationrule egressgateway-for-wikipedia kubectl delete --ignore-not-found=true envoyfilter forward-downstream-sni kubectl delete --ignore-not-found=true envoyfilter -n istio-system egress-gateway-sni-verifier } snip_cleanup_wildcard_configuration_for_arbitrary_domains_2() { kubectl delete serviceentry sni-proxy kubectl delete destinationrule disable-mtls-for-sni-proxy kubectl delete configmap egress-sni-proxy-configmap -n istio-system kubectl delete -f ./egressgateway-with-sni-proxy.yaml } snip_cleanup_wildcard_configuration_for_arbitrary_domains_3() { rm ./sni-proxy.conf ./egressgateway-with-sni-proxy.yaml } snip_cleanup_1() { kubectl delete -f samples/sleep/sleep.yaml } snip_cleanup_2() { istioctl x uninstall --purge }