Istio
Headers used for tracing:
x-b3-traceidx-b3-spanidx-b3-sampledx-b3-parentspanid
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
Match specific URI:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: api
spec:
hosts:
- "*"
gateways:
- my-gateway
# when in different namespace
# - my-gateway.namespace-name
http:
- match:
- uri:
exact: /v1/account
route:
- destination:
# the api service
host: api
port:
number: 80
Enable Mutual TLS:
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: default
namespace: microservices
spec:
peers:
- mtls: {}
Enable mtls
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: frontend
spec:
# kubernetes Service name
host: frontend
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: backend
spec:
# kubernetes Service name
host: backend
trafficPolicy:
tls:
mode: ISTIO_MUTUAL