istio.io

History

Vadim Eisenberg 0ed0d7d55f Wildcard https egress gateway (#1984 ) * add initial sceleton of the wildcard https egress gateway blog post * fixed the links and bare URLs * add missing 'the' * complete the Background section * add before you begin and cleanup sections * add initial configuration items and their cleanup * add SNI with placeholder * assume Istio with mutual TLS * use two virtual services for the egress traffic required due to https://github.com/istio/istio/issues/7361 * add wikipedia subset to the VirtualService * add a step to check Envoy's statistics * move the blog post to tasks * convert blog post to task fix weight, remove attribution and publish date, replace "blog post" with "task" in text * change the title of the section for configuring the HTTPS traffic * route the traffic from the gateway to www.wikipedia.org * add a motivation for an additional forward proxy * add instructions for deploying a new egress gateway * add a config map for Nginx configuration * escape $ signs in nginx config * add empty events section to the nginx config * create nginx config map in istio-system, use nginx.conf key * add instructions to add nginx container to an egress gateway * add directing the traffic in egress gateway to localhost * replace istioctl by kubectl * add missing apiVersion fields * unite two virtual services into one * use ISTIO_MUTUAL instead of MUTUAL * move wildcard egress task to the advanced egress examples * fix links and rename task to example * run the SNI proxy on port 8443 * use full url of the sni-proxy and port 8443 * use ServiceEntry with static IP endpoint 127.0.0.1 for sni-proxy.local * drop nginx prefix from sni-proxy items * add a destination rule to disable mTLS to sni-proxy * fix the logs of the Istio proxy and the SNI proxy * remove deleting the SNI proxy * make the name of the SNI proxy's ServiceEntry name to be sni-proxy * unite the editing steps of the egress gateway with SNI proxy into one step with substeps * restructure creating/deleting configuration items for egress gateway with SNI proxy * clarify the virtual rule for egress gateway with SNI proxy * add wildcarded to .spelling https://en.wiktionary.org/wiki/wildcarded * add "hostnames" to .spelling * put localhost in backticks * add 127.0.0.1 and localhost in parentheses * mTLS -> mutual TLS * add wikipedia to .spelling * put .com and .org and * in backticks * remove redundant empty line * add using helm template configVolumes and additionalContainers * add an explanation about Nginx * move creating nginx configuration before creating egressgateway with sni proxy deployment * add a comment about manual editing of the deployment yaml before Istio 1.1 * add a step for verifying that the sni proxy runs * Configure Egress Gateway -> Configure an Egress Gateway * we -> you * remove double "mutual" * add semicolon, "and", "also" to a sentence about multiple configuration items * remove redundant the * This could not always be the case -> However, this may not... * IP -> IP address * split the explanation about the requirement for SNI proxy into two paragraphs * add a link to Envoy proxy * IP -> IP address, host -> hosts * split the motivation for the SNI proxy into one more paragraph * remove two redundant commas * requests to -> requests sent to * request -> requests * Let's reconfigure -> In this section you will configure * arbitrary -> arbitrary, not preconfigured * for that functionality -> to achieve that functionality * split long lines * add explanation about the port to listen and port to forward for the SNI proxy * add an explanation about the Nginx configuration * fix the name of the config map volume, add a link to Config Map Volume kubernetes description * sent to, destined to -> destined for * gateway's proxy -> gateway's Envoy proxy * the counter for the SNI proxy -> the counter for traffic to the SNI proxy * replace the cleanup section with a reference to the Egress Gateway's cleanup section * add setting istio.globalNamespace option * fix a typo in the name parameter of helm template * add cpu.targetAverageUtilization to the egressgateway deployment * remove the part: for Istio before 1.1 * rename the egressgateway proxy to be "istio-proxy" * add printing mixer log * in cleanup rename nginx-sni-proxy-config to sni-proxy-config * split a long line * add configuration for traffic without mTLS * set-sni-for-egress-gateway -> egressgateway-for-wikipedia * use local directory instead of $HOME * create virtual service together with gateway and destination rule they are depenedant on mTLS between the sidecar and the egress gateway * add monitoring and policy subsection * change connection event from close to open * Cleanup of the monitoring and policy -> Cleanup of monitoring and policy enforcement * move wildcard egress gateway into advanced gateways examples * add missing dot at the end of the example description * replace cat <<EOF \| kubectl apply/create -f - with kubectl apply/create -f - <<EOF * use -l with kubectl logs for the mixer log * add egress gateway with SNI proxy diagram * remove mTLS for TLS * remove mTLS from the first part (without SNI proxy) * make the section titles shorter * fix the links to advanced gateway examples * remove a redundant empty line * our requests -> your requests * send requests -> send requests to * remove mentioning a destination rule to set destination SNI * add explanation about SNI monitoring and policies	2018-10-30 11:53:02 -04:00
..
EgressGatewayWithSNIProxy.svg	Wildcard https egress gateway (#1984 )	2018-10-30 11:53:02 -04:00
index.md	Wildcard https egress gateway (#1984 )	2018-10-30 11:53:02 -04:00

Vadim Eisenberg 0ed0d7d55f Wildcard https egress gateway (#1984 )

* add initial sceleton of the wildcard https egress gateway blog post

* fixed the links and bare URLs

* add missing 'the'

* complete the Background section

* add before you begin and cleanup sections

* add initial configuration items and their cleanup

* add SNI with placeholder

* assume Istio with mutual TLS

* use two virtual services for the egress traffic

required due to https://github.com/istio/istio/issues/7361

* add wikipedia subset to the VirtualService

* add a step to check Envoy's statistics

* move the blog post to tasks

* convert blog post to task

fix weight, remove attribution and publish date, replace "blog post" with "task" in text

* change the title of the section for configuring the HTTPS traffic

* route the traffic from the gateway to www.wikipedia.org

* add a motivation for an additional forward proxy

* add instructions for deploying a new egress gateway

* add a config map for Nginx configuration

* escape $ signs in nginx config

* add empty events section to the nginx config

* create nginx config map in istio-system, use nginx.conf key

* add instructions to add nginx container to an egress gateway

* add directing the traffic in egress gateway to localhost

* replace istioctl by kubectl

* add missing apiVersion fields

* unite two virtual services into one

* use ISTIO_MUTUAL instead of MUTUAL

* move wildcard egress task to the advanced egress examples

* fix links and rename task to example

* run the SNI proxy on port 8443

* use full url of the sni-proxy and port 8443

* use ServiceEntry with static IP endpoint 127.0.0.1 for sni-proxy.local

* drop nginx prefix from sni-proxy items

* add a destination rule to disable mTLS to sni-proxy

* fix the logs of the Istio proxy and the SNI proxy

* remove deleting the SNI proxy

* make the name of the SNI proxy's ServiceEntry name to be sni-proxy

* unite the editing steps of the egress gateway with SNI proxy into one step with substeps

* restructure creating/deleting configuration items for egress gateway with SNI proxy

* clarify the virtual rule for egress gateway with SNI proxy

* add wildcarded to .spelling

https://en.wiktionary.org/wiki/wildcarded

* add "hostnames" to .spelling

* put localhost in backticks

* add 127.0.0.1 and localhost in parentheses

* mTLS -> mutual TLS

* add wikipedia to .spelling

* put *.com and *.org and * in backticks

* remove redundant empty line

* add using helm template configVolumes and additionalContainers

* add an explanation about Nginx

* move creating nginx configuration before creating egressgateway with sni proxy deployment

* add a comment about manual editing of the deployment yaml before Istio 1.1

* add a step for verifying that the sni proxy runs

* Configure Egress Gateway -> Configure an Egress Gateway

* we -> you

* remove double "mutual"

* add semicolon, "and", "also" to a sentence about multiple configuration items

* remove redundant the

* This could not always be the case -> However, this may not...

* IP -> IP address

* split the explanation about the requirement for SNI proxy into two paragraphs

* add a link to Envoy proxy

* IP -> IP address, host -> hosts

* split the motivation for the SNI proxy into one more paragraph

* remove two redundant commas

* requests to -> requests sent to

* request -> requests

* Let's reconfigure -> In this section you will configure

* arbitrary -> arbitrary, not preconfigured

* for that functionality -> to achieve that functionality

* split long lines

* add explanation about the port to listen and port to forward for the SNI proxy

* add an explanation about the Nginx configuration

* fix the name of the config map volume, add a link to Config Map Volume kubernetes description

* sent to, destined to -> destined for

* gateway's proxy -> gateway's Envoy proxy

* the counter for the SNI proxy -> the counter for traffic to the SNI proxy

* replace the cleanup section with a reference to the Egress Gateway's cleanup section

* add setting istio.globalNamespace option

* fix a typo in the name parameter of helm template

* add cpu.targetAverageUtilization to the egressgateway deployment

* remove the part: for Istio before 1.1

* rename the egressgateway proxy to be "istio-proxy"

* add printing mixer log

* in cleanup rename nginx-sni-proxy-config to sni-proxy-config

* split a long line

* add configuration for traffic without mTLS

* set-sni-for-egress-gateway -> egressgateway-for-wikipedia

* use local directory instead of $HOME

* create virtual service together with gateway and destination rule

they are depenedant on mTLS between the sidecar and the egress gateway

* add monitoring and policy subsection

* change connection event from close to open

* Cleanup of the monitoring and policy -> Cleanup of monitoring and policy enforcement

* move wildcard egress gateway into advanced gateways examples

* add missing dot at the end of the example description

* replace cat <<EOF | kubectl apply/create -f - with kubectl apply/create -f - <<EOF

* use -l with kubectl logs for the mixer log

* add egress gateway with SNI proxy diagram

* remove mTLS for TLS

* remove mTLS from the first part (without SNI proxy)

* make the section titles shorter

* fix the links to advanced gateway examples

* remove a redundant empty line

* our requests -> your requests

* send requests -> send requests to

* remove mentioning a destination rule to set destination SNI

* add explanation about SNI monitoring and policies

2018-10-30 11:53:02 -04:00

EgressGatewayWithSNIProxy.svg

Wildcard https egress gateway (#1984 )

2018-10-30 11:53:02 -04:00

index.md

Wildcard https egress gateway (#1984 )

2018-10-30 11:53:02 -04:00