search

solo-io / workshops

Apache License 2.0
126 stars 72 forks source link

gloo-mesh-2-all-mgmt-ctrl track edit notes #175

Open find-arka opened 1 year ago

find-arka commented 1 year ago

After,

And also delete the different objects we've created:

kubectl --context ${MGMT} -n bookinfo-team delete virtualdestination productpage
kubectl --context ${MGMT} -n bookinfo-team delete outlierdetectionpolicy outlier-detection
  • We should also delete the failoverpolicy

Proposed:

kubectl --context $CLUSTER1 -n httpbin \
apply -f https://raw.githubusercontent.com/istio/istio/release-1.17/samples/sleep/sleep.yaml

kubectl --context $CLUSTER1 -n httpbin \
get pod -l app=sleep;

kubectl --context $CLUSTER1 -n httpbin \
exec -it deploy/sleep -- \
curl -s -o /dev/null -w "%{http_code}" http://reviews.bookinfo-backends.svc.cluster.local:9080/reviews/0

We should break the following section into 3 separate sections

pod=$(kubectl --context ${CLUSTER1} -n bookinfo-frontends get pods -l app=productpage -o jsonpath='{.items[0].metadata.name}')
echo "From productpage to details, should be allowed"
kubectl --context ${CLUSTER1} -n bookinfo-frontends debug -i -q ${pod} --image=curlimages/curl -- curl -s http://details.bookinfo-backends:9080/details/0 | jq

echo "From productpage to reviews, should be allowed"
kubectl --context ${CLUSTER1} -n bookinfo-frontends debug -i -q ${pod} --image=curlimages/curl -- curl -s http://reviews.bookinfo-backends:9080/reviews/0 | jq

echo "From productpage to ratings, should be denied"
kubectl --context ${CLUSTER1} -n bookinfo-frontends debug -i -q ${pod} --image=curlimages/curl -- curl -s http://ratings.bookinfo-backends:9080/ratings/0 -i

Module 3

If you refresh your browser, you should see that you get a response either from the local service or from the external service.

^ this currently fails-

# curl -k https://10.5.0.254/get

error:

upstream connect error or disconnect/reset before headers. retried and the latest reset reason: connection failure, transport failure reason: TLS error: 268435581:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
istioctl --context $CLUSTER1 \
> pc secrets \
> -n istio-gateways svc/istio-ingressgateway
RESOURCE NAME               TYPE           STATUS     VALID CERT     SERIAL NUMBER                                        NOT AFTER                NOT BEFORE
kubernetes://tls-secret     CA             ACTIVE     true           417331438521364388010583664345130880179005978002     2024-03-31T13:24:41Z     2023-04-01T13:24:41Z
default                     Cert Chain     ACTIVE     true           138903141074340073272611178638063452375              2023-04-02T14:26:31Z     2023-04-01T14:24:31Z
ROOTCA                      CA             ACTIVE     true           268534852559328264948732062514656608914              2024-03-31T14:26:12Z     2023-04-01T14:26:12Z
istioctl --context $CLUSTER1 pc secrets -n httpbin deploy/in-mesh
RESOURCE NAME     TYPE           STATUS     VALID CERT     SERIAL NUMBER                               NOT AFTER                NOT BEFORE
default           Cert Chain     ACTIVE     true           205165220293220887344568674427115039589     2023-04-02T12:45:12Z     2023-04-01T12:43:12Z
ROOTCA            CA             ACTIVE     true           40700971172074859705572646854716953212      2033-03-29T12:43:20Z     2023-04-01T12:43:20Z

solution