curl -L https://github.com/istio/istio/releases/download/1.22.1/istioctl-1.22.1-linux-amd64.tar.gz -o /tmp/istioctl-1.22.1-linux-amd64.tar.gz
mkdir -p /tmp/istio-download
sudo tar xzvf /tmp/istioctl-1.22.1-linux-amd64.tar.gz -C /usr/local/bin
rm -f /tmp/istioctl-1.22.1-linux-amd64.tar.gz
istioctl versionistioctl analyzeistioctl install \
--set profile=demo \
--set meshConfig.enableTracing=true \
-y
kubectl label namespace default istio-injection=enabledkubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/bookinfo/platform/kube/bookinfo.yamlcat << EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bookinfo
spec:
rules:
- host: bookinfo.kubernetes.local
http:
paths:
- backend:
service:
name: productpage
port:
number: 9080
path: /
pathType: Prefix
EOFkubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/bookinfo/networking/bookinfo-gateway.yamlkubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/addons/jaeger.yamlkubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/addons/kiali.yaml
cat << EOF | kubectl -n istio-system apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kiali
spec:
rules:
- host: kiali.kubernetes.local
http:
paths:
- backend:
service:
name: kiali
port:
number: 20001
path: /
pathType: Prefix
EOFPatch Kiali configuration
kubectl -n istio-system edit cm kiali external_services:
prometheus:
url: http://prometheus-server.observability:80apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: service-viewer
namespace: default
spec:
rules:
- services: ["*"]
methods: ["GET"]
Below is an example of ServiceRole object “product-viewer”, which has “read” (“GET” and “HEAD”) access to “products.svc.cluster.local” service at versions “v1” and “v2”. “path” is not specified, so it applies to any path in the service.
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: products-viewer
namespace: default
spec:
rules:
- services: ["products.svc.cluster.local"]
methods: ["GET", "HEAD"]
constraints:
- key: "destination.labels[version]"
values: ["v1", "v2"]apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: test-binding-products
namespace: default
spec:
subjects:
- user: [email protected]
- properties:
source.namespace: "abc"
roleRef:
kind: ServiceRole
name: "products-viewer"apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: helloworld
spec:
hosts:
- helloworld
http:
- route:
- destination:
host: helloworld
subset: v1
weight: 90
- destination:
host: helloworld
subset: v2
weight: 10apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: my-destination-rule
spec:
host: my-svc
trafficPolicy:
loadBalancer:
simple: RANDOM
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
- name: v3
labels:
version: v3apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ext-res-dr
spec:
host: ext-svc.example.com
trafficPolicy:
connectionPool:
tcp:
connectTimeout: 1sapiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
route:
- destination:
host: productpage
subset: v1