March 2020
Intermediate to advanced
626 pages
14h 45m
English
We can apply rules to outgoing services through the egress gateway to enable/disable access to external services. From a security standpoint, this is a nice capability that allows us to enforce rules outside the application framework. Let's take a look:
$ kubectl -n istio-system get cm istio -o yaml | sed 's/mode: ALLOW_ANY/mode: REGISTRY_ONLY/g' | kubectl replace -n istio-system -f -configmap/istio replaced
$ kubectl -n istio-system get cm istio -o yaml | grep -m 1 -o "mode: REGISTRY_ONLY"mode: REGISTRY_ONLY
Read now
Unlock full access