mirror of https://github.com/istio/istio.io.git
79 lines
2.9 KiB
Plaintext
79 lines
2.9 KiB
Plaintext
# Created by TestMutualTLSMigration. DO NOT EDIT THIS FILE MANUALLY!
|
|
|
|
$snippet create_ns_foo_bar_legacy.sh syntax="bash"
|
|
$ kubectl create ns foo
|
|
$ kubectl apply -f <(istioctl kube-inject -f @samples/httpbin/httpbin.yaml@) -n foo
|
|
$ kubectl apply -f <(istioctl kube-inject -f @samples/sleep/sleep.yaml@) -n foo
|
|
$ kubectl create ns bar
|
|
$ kubectl apply -f <(istioctl kube-inject -f @samples/httpbin/httpbin.yaml@) -n bar
|
|
$ kubectl apply -f <(istioctl kube-inject -f @samples/sleep/sleep.yaml@) -n bar
|
|
$ kubectl create ns legacy
|
|
$ kubectl apply -f samples/sleep/sleep.yaml -n legacy
|
|
$endsnippet
|
|
|
|
$snippet curl_foo_bar_legacy.sh syntax="bash" outputis="text"
|
|
$ for from in "foo" "bar" "legacy"; do kubectl exec $(kubectl get pod -l app=sleep -n ${from} -o jsonpath={.items..metadata.name}) -c sleep -n ${from} -- curl http://httpbin.foo:8000/ip -s -o /dev/null -w "sleep.${from} to httpbin.foo: %{http_code}\n"; done
|
|
sleep.foo to httpbin.foo: 200
|
|
sleep.bar to httpbin.foo: 200
|
|
sleep.legacy to httpbin.foo: 200
|
|
$endsnippet
|
|
|
|
$snippet verify_initial_policies.sh syntax="bash" outputis="text"
|
|
$ kubectl get policies.authentication.istio.io --all-namespaces
|
|
NAMESPACE NAME AGE
|
|
istio-system grafana-ports-mtls-disabled 2m8s
|
|
$endsnippet
|
|
|
|
$snippet configure_mtls_destinationrule.sh syntax="bash"
|
|
$ cat <<EOF | kubectl apply -n foo -f -
|
|
apiVersion: "networking.istio.io/v1alpha3"
|
|
kind: "DestinationRule"
|
|
metadata:
|
|
name: "example-httpbin-istio-client-mtls"
|
|
spec:
|
|
host: httpbin.foo.svc.cluster.local
|
|
trafficPolicy:
|
|
tls:
|
|
mode: ISTIO_MUTUAL
|
|
EOF
|
|
$endsnippet
|
|
|
|
$snippet curl_foo_bar_legacy_post_dr.sh syntax="bash" outputis="text"
|
|
$ for from in "foo" "bar" "legacy"; do kubectl exec $(kubectl get pod -l app=sleep -n ${from} -o jsonpath={.items..metadata.name}) -c sleep -n ${from} -- curl http://httpbin.foo:8000/ip -s -o /dev/null -w "sleep.${from} to httpbin.foo: %{http_code}\n"; done
|
|
sleep.foo to httpbin.foo: 200
|
|
sleep.bar to httpbin.foo: 200
|
|
sleep.legacy to httpbin.foo: 200
|
|
$endsnippet
|
|
|
|
$snippet httpbin_foo_mtls_only.sh syntax="bash"
|
|
$ cat <<EOF | kubectl apply -n foo -f -
|
|
apiVersion: "authentication.istio.io/v1alpha1"
|
|
kind: "Policy"
|
|
metadata:
|
|
name: "example-httpbin-strict"
|
|
namespace: foo
|
|
spec:
|
|
targets:
|
|
- name: httpbin
|
|
peers:
|
|
- mtls:
|
|
mode: STRICT
|
|
EOF
|
|
$endsnippet
|
|
|
|
$snippet curl_foo_bar_legacy_httpbin_foo_mtls.sh syntax="bash" outputis="text"
|
|
$ for from in "foo" "bar" "legacy"; do kubectl exec $(kubectl get pod -l app=sleep -n ${from} -o jsonpath={.items..metadata.name}) -c sleep -n ${from} -- curl http://httpbin.foo:8000/ip -s -o /dev/null -w "sleep.${from} to httpbin.foo: %{http_code}\n"; done
|
|
sleep.foo to httpbin.foo: 200
|
|
sleep.bar to httpbin.foo: 200
|
|
sleep.legacy to httpbin.foo: 000
|
|
command terminated with exit code 56
|
|
$endsnippet
|
|
|
|
$snippet cleanup.sh syntax="bash" outputis="text"
|
|
$ kubectl delete ns foo bar legacy
|
|
namespace "foo" deleted
|
|
namespace "bar" deleted
|
|
namespace "legacy" deleted
|
|
$endsnippet
|
|
|