March 2020
Intermediate to advanced
626 pages
14h 45m
English
The istioctl tool can be used to check whether the TLS settings match between the authentication policy and the destination rules for a particular microservice. Let's take a look:
$ HTTPBIN=$(kubectl -n istio-lab get pods -l app=httpbin -o jsonpath={.items[0].metadata.name}) ; echo $HTTPBINhttpbin-v1-b9985cc7d-4wmcf$ istioctl authn tls-check $HTTPBIN.istio-lab istio-ingressgateway.istio-system.svc.cluster.localHOST:PORT STATUS ---istio-ingressgateway.istio-system.svc.cluster.local:80 OK ------ SERVER CLIENT AUTHN POLICY DESTINATION RULE--- HTTP/mTLS HTTP default/ -If the status shows Conflict, this is an indication that the destination rules are in ...
Read now
Unlock full access