-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Charles-Edouard Brétéché <[email protected]>
- Loading branch information
1 parent
a1e616f
commit f92f029
Showing
3 changed files
with
27 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,47 @@ | ||
| # Istio Demo | ||
|
|
||
| This Istio Demo is prototype of the kyverno envoy plugin . | ||
| This Istio Demo is prototype of the kyverno envoy plugin. | ||
|
|
||
| ## Overview | ||
|
|
||
| The goal of the demo to show user how kyverno-envoy-plugin will work with istio and how it can be used to enforce policies to the traffic between services. The Kyverno-envoy-plugin allows configuring these Envoy proxies to query Kyverno-json for policy decisions on incoming requests. | ||
|
|
||
| ## Contains | ||
|
|
||
| - A manifests folder with everything we need to run the demo . | ||
| - bootstrap.sh creates the cluster and installs istio . | ||
| ## Demo instructions | ||
|
|
||
| ### Required tools | ||
|
|
||
| 1. [`kind`](https://kind.sigs.k8s.io/) | ||
| 1. [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) | ||
| 1. [`helm`](https://helm.sh/docs/intro/install/) | ||
|
|
||
| ### Create a local cluster and install Istio | ||
|
|
||
| The [bootstrap.sh](bootstrap.sh) script contains everything needed to create a local cluster and install Istio. | ||
|
|
||
| ```console | ||
| # create a local cluster and install istio | ||
| ./bootstrap.sh | ||
| ``` | ||
|
|
||
| ### Sample application | ||
|
|
||
| Manifests for the sample application are available in [sample-application.yaml](manifests/sample-application.yaml). | ||
|
|
||
| ```console | ||
| # deploy sample application | ||
| kubectl apply -f ./manifests.yaml | ||
| ``` | ||
|
|
||
| ## Architecture | ||
|
|
||
| The below architecture illustrates a scenario where no service mesh or Envoy-like components have been pre-installed or already installed. | ||
|
|
||
|  | ||
|
|
||
|
|
||
| The below architecture illustrates a scenario where a service mesh or Envoy-like components have been pre-installed or already installed. | ||
|  | ||
|
|
||
| ## Requirements | ||
|
|
||
| - Istio Authorizationpolicy manifest to add "extension provider " concept in MeshConfig to specify Where/how to talk to envoy ext-authz service | ||
| - | ||
| - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.