首页 文库资料 文章资讯  上传文档  发布文章  登录账户

分类

全部云计算&大数据(16)Istio(16)

语言

全部英语(8)中文(简体)(7)英语(1)

格式

全部PDF文档 PDF(15)PPT文档 PPT(1)
 
本次搜索耗时 0.012 秒,为您找到相关结果约 16 个.

  • pdf文档 Istio Security Assessment

    this could not be reproduced. Description Istio VirtualServices define the sets of traffic routing rules to apply when a host is addressed. They support matching on various criteria including URI paths and they must declare a gateways field containing a list of strings identifying the Gateway that the rules should be applied to. One feature of this field is that the string can also specify the namespace pods, services, IPs as well as specific Istio configurations such as routing policies, networking rules, and the configuration of the Istio sidecar injected into each workload. As discussed in finding NCC-GOIST2005-013
    0 码力 | 51 页 | 849.66 KB | 1 年前
    3

  • pdf文档 Preserve Original Source Address within Istio

    header “x-forwarded-for” • User Protocol #IstioCon LVS ① user send traffic to LVS ② PREROUTING chain intercept packet and send it to INPUT ③ LVS work on INPUT, modify the packet dest ip + port and istio.io/interceptionMode: TPROXY, istio will automatically set the original src filter and iptabels rules #IstioCon Preserve TCP Original Src Addr - inner ① Config original src filter: IP_TRANSPARENT and listener. ② Setting annotation sidecar.istio.io/interceptionMode: TPROXY, this will set all the rules as inner cluster #IstioCon Content 1. TCP Original Address Preserve Background Demo 1. HTTP
    0 码力 | 29 页 | 713.08 KB | 1 年前
    3

  • pdf文档 Extending service mesh capabilities using a streamlined way based on WASM and ORAS

    based on WASM and ORAS 王夕宁 | 阿里云服务网格ASM 2 Envoy’s Filter Chain Listener Downstre am Filter Filter Filter Cluster Upstrea m Filter Chain 扩展自定义Filter, 并通过xDS API动态配置 L4 Network Filters L7 Http Filters Listener Downst ream Filter Filter Filter Cluster Upstrea m Filter Chain Listener Downst ream Filter Filter Filter Cluster Upstrea m Filter Chain 4 实际示例中用到的Envoy Filters 端口9080 监听 envoy.filte rs.network network .metadata _exchange envoy.http _connectio n_manage r Cluster Productp age服务 Filter Chain envoy.filters.ht tp.wasm/envo y.wasm.metad ata_exchange Istio_authn kubectl exec -it [productpage-xxx] -c
    0 码力 | 23 页 | 2.67 MB | 1 年前
    3

  • pdf文档 Istio控制平面组件原理解析

    能 ü方案二 • 使用主题订阅模式,减少阻塞问题Istio_Ca——安全证书管理(ICA) u证书生成 u证书挂载 u证书过期证书生成 ü生成root-cert.pem ü生成cert-chain.pem ü生成key.pem证书挂载 üICA以Name为istio.default在k8s创建Secrets对象 ü应用服务获取Secrets对象证书,并挂载到/etc/certs • volumeMounts: secret: • optional: true • secretName: istio.default证书过期 üroot-cert.pem 实际有效期1年,没有找到更新方式,手动更新? ücert-chain.pem 和 key.pem 实际有效期90天,程序控制有效期45天 ü证书过期会被重新生成并挂载到/etc/certs ü触发envoy热启动ü方案一: • 把重新生成证书时间改为凌晨http://www
    0 码力 | 30 页 | 9.28 MB | 6 月前
    3

  • pdf文档 Your laptop as part of the service mesh

    infrastructure: yes #IstioCon Drawbacks Contract header needs to be preserved all the way through the call chain #IstioCon Demo time #IstioCon Thank you ! ● Your laptop as part of the service mesh @ Medium
    0 码力 | 30 页 | 555.24 KB | 1 年前
    3

  • pdf文档 Leveraging Istio for Creating API Tests - Low Effort API Testing for Microservices

    End-to-end Component Service | CONFIDENTIAL REQUEST RESPONSE API MOCKS ASSERTION RULES CONTEXT RULES … … … … … … Test Driver TEST ENVIRONMENT Derive different types of tests Mocks for to test any component/service | CONFIDENTIAL REQUEST RESPONSE API MOCKS ASSERTION RULES CONTEXT RULES … … … … … … Test Driver TEST ENVIRONMENT Derive different types of tests Mocks for Comprehensive comparison of results • ML-driven identification of decision rules • Human review to accept the learned rules • No code! Test data | CONFIDENTIAL 18 Summary: create different types
    0 码力 | 21 页 | 1.09 MB | 1 年前
    3

  • ppt文档 Secure your microservices with istio step by step

    AuthorizationPolicy metadata: name: require-jwt namespace: istio-system spec: action: ALLOW rules: - from: - source: requestPrincipals: ["testing@secure.istio.io/testing@sec ure.istio "productpage-viewer" namespace: default spec: selector: matchLabels: app: productpage rules: - to: - operation: methods: ["GET"] apiVersion: "security.istio.io/v1beta1" kind: name: "details-viewer" namespace: default spec: selector: matchLabels: app: details rules: - from: - source: principals: ["cluster.local/ns/default/sa/bookinfo-productpage"]
    0 码力 | 34 页 | 67.93 MB | 1 年前
    3

  • pdf文档 Optimal Canary Deployments using Istio and how it scores over Spring Cloud and Kubernetes

    R V I C E (ClusterIP) – demo-canary-svc ISTIO VIRTUAL SERVICE + Destination Rules ISTIO VIRTUAL SERVICE + Destination Rules Header: X-User-Type: Non-Admin Header: X-User-Type: Admin Header: X-User-Type:
    0 码力 | 9 页 | 1011.00 KB | 1 年前
    3

  • pdf文档 Istio Meetup China 服务网格安全 理解 Istio CNI

    container update iptable rule for proxy terminate init container Start workload with updated ip routing rules Networking lifecycle (Istio CNI) Kubelet Start a pausing pod Kubelet invoke CNI plugins CNI plugins in Istio CNI Could happen in suddenly increased nodes and premptable nodes Bypassing all iptable rules set by data plane proxies Troubleshooting Istio CNI Check the istio proxy container through nsenter
    0 码力 | 19 页 | 3.17 MB | 1 年前
    3

  • pdf文档 Kubernetes容器应用基于Istio的灰度发布实践

    20% svcB svcA Rules API Pilot 80% Istio 灰度发布:基于请求内容 Version2 Envoy SVC Envoy SVC Pod1 Pod2 Pod3 Envoy SVC Pod1 Pod2 Version1(canary) group=dev svcB svcA Rules API Pilot apiVersion:
    0 码力 | 38 页 | 14.93 MB | 1 年前
    3
共 16 条
  • 1
  • 2
前往
相关搜索词
IstioSecurityAssessmentPreserveOriginalSourceAddresswithinExtendingservicemeshcapabilitiesusingstreamlinedwaybasedonWASMandORAS控制平面组件原理解析YourlaptopaspartoftheLeveragingforCreatingAPITestsLowEffortTestingMicroservicesSecureyourmicroserviceswithistiostepbyOptimalCanaryDeploymentshowitscoresoverSpringCloudKubernetesMeetupChina服务网格安全理解CNI容器应用基于灰度发布实践