Versions Compared

Old Version 2

changes.mady.by.user Pramod Raghavendra Jayathirth (Deactivated)

Saved on

compared with

New Version 3

changes.mady.by.user Pramod Raghavendra Jayathirth (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Important Info - cert-chain.pem is Envoy’s cert that needs to be presented to the other side. key.pem is Envoy’s private key paired with Envoy’s cert in cert-chain.pem. root-cert.pem is the root cert to verify the peer’s cert. In this example, we only have one Citadel in a cluster, so all Envoys have the same root-cert.pem.

Add Inbound service

The intent for this scenario

...

Add Security details for clients

WARNING - This task requires mutual TLS enabled because the following examples use principal and namespace in the policies

Code Block
languagejs
themeMidnight
titleGET
linenumberstrue
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients/sleep/security/security-intent
{
	"metadata": {
	"name": "<name>" // unique name for each intent
    "description": "Security intent"
	"application": "<app1>",
	"userdata1": <>,
	"userdata2": <>
	}

	spec:{
	serviceAccountAccess : {[ "cluster.local/ns/default/sa/sleep": ["GET": "/status"],
							  "cluster.local/ns/default/sa/sleep" : ["GET": "/headers"]}
	}
}

RETURN STATUS: 201
RETURN BODY:
{ 
  "name": "<name>"
  "Message": "Security Rules created"
}

...

Name of the ClusterMicroserviceIstio ConfigurationComments
Cluster01
  1. sleep 


MicroserviceResource
commonserviceEntry (httpbin)
sleeptcp-app

virtualservice,

destinationRule for simple TLS









Cluster02httpbin


httpbin
MicroserviceResource
tcp-echo

virtualservice,

AuthorizationPolicy,

destinationRule for simple TLS, Loadbalancing and circuit breakingAuthorizationPolicy for Access Control




Cluster01 Resources

1. ServiceEntry - To enable sleep to access httpbin  

...