knative
/
docs
mirror of https://github.com/knative/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Document Eventing istio integration (#5879) 

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
This commit is contained in:
Pierangelo Di Pilato 2024-05-14 18:25:46 +02:00 committed by GitHub
parent 76df699457
commit a88c3e451f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 75 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/nav.yml
View File

@ -288,6 +288,7 @@ nav:
- EventType auto creation: eventing/features/eventtype-auto-creation.md
- Transport Encryption: eventing/features/transport-encryption.md
- Sender Identity: eventing/features/sender-identity.md
- Eventing with Istio: eventing/features/istio-integration.md
- FAQ: eventing/faq/README.md
# Eventing reference docs
- Reference:

1
docs/eventing/features/README.md
View File

@ -75,3 +75,4 @@ Knative Eventing:
| [New trigger filters](new-trigger-filters.md) | `new-trigger-filters` | Enables a new Trigger `filters` field that supports a set of powerful filter expressions. | Beta, enabled by default |
| [Transport encryption](transport-encryption.md) | `transport-encryption` | Enables components to encrypt traffic using TLS by exposing HTTPS URL. | Beta, disabled by default |
| [Sender Identity](sender-identity.md) | `authentication-oidc` | Enables Eventing sources to send authenticated requests and addressables to require authenticated requests. | Alpha, disabled by default |
| [Eventing with Istio](istio-integration.md) | `istio` | Enables Eventing components to communicate with workloads in an Istio mesh. | Beta, disabled by default |

73
docs/eventing/features/istio-integration.md Normal file
View File

@ -0,0 +1,73 @@
# Eventing integration with Istio service mesh
**Flag name**: `istio`
**Stage**: Beta, disabled by default
**Tracking issue**: [#6596](https://github.com/knative/eventing/issues/6596)
## Overview
Administrators can use Istio with Eventing to encrypt, authenticate and authorize requests to
Eventing components.
## Prerequisites
- In order to enable the istio integration, you will need to install Istio by
following [the Istio installation guides](https://istio.io/latest/docs/setup/install/).
## Installation
Some Eventing components use services of type `ExternalName` and with such services, Istio need to
be manually configured to connect to such services using mutual TLS.
Eventing releases a controller that automatically configures Istio so that any pod that is part of
an Istio mesh can communicate with Eventing components that are also part of the same Istio mesh.
1. Create the Eventing namespace and enable Istio injection:
```shell
kubectl create namespace knative-eventing --dry-run=client -oyaml | kubectl apply -f -
kubectl label namespace knative-eventing istio-injection=enabled
```
2. [Follow Eventing installation](./../../install)
3. Install `eventing-istio-controller`:
```shell
kubectl apply -f {{ artifact(org="knative-extensions", repo="eventing-istio",file="eventing-istio.yaml")}}
```
4. Verify `eventing-istio-controller` is ready:
```shell
kubectl get deployment -n knative-eventing
```
Example output:
```shell
NAME ... READY
eventing-istio-controller ... True
# other deployments omitted ...
```
## Enable istio integration
The `istio` feature flag is an enum configuration that configures the `eventing-istio-controller` to
create Istio resources for Eventing resources.
The possible values for `istio` are:
- `disabled`
- Disable Eventing integration with Istio
- `enabled`
- Enabled Eventing integration with Istio
For example, to enable `istio` integration, the `config-features` ConfigMap will look like
the following:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: config-features
namespace: knative-eventing
data:
istio: "enabled"
```