Instantly share code, notes, and snippets.

View auth-policy-dev.yaml
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: default
namespace: dev
spec:
peers:
- mtls: {}
origins:
- jwt:
View transactions.yaml
---
additions:
- kind: dns#resourceRecordSet
name: storefront-demo.com.
rrdatas:
- ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 25 21600 3600
259200 300
ttl: 21600
type: SOA
- kind: dns#resourceRecordSet
View istio-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: storefront-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
View auth-policy-uat.yaml
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: default
namespace: uat
spec:
peers:
- mtls: {}
origins:
- jwt:
View part2_deploy_resources.sh
#!/bin/bash
#
# Part 2: Deploy resources
# Constants - CHANGE ME!
readonly CERT_PATH=~/Documents/Articles/gke-kafka/sslforfree_non_prod
readonly NAMESPACES=( 'dev' 'test' 'uat' )
# Require HTTPS for all access
kubectl create -n istio-system secret tls istio-ingressgateway-certs \
View part1_create_environment.sh
#!/bin/bash
#
# Part 1: Create local Kubernetes cluster on GKE
# Constants - CHANGE ME!
readonly PROJECT='gke-confluent-atlas'
readonly CLUSTER='storefront-api-non-prod'
readonly REGION='us-central1'
readonly MASTER_AUTH_NETS='<your_ip_cidr>'
readonly NAMESPACES=( 'dev' 'test' 'uat' )
View part3_set_cloud_dns.sh
#!/bin/bash
#
# Part 3: Update Cloud DNS A Records for new GKE cluster
# Constants - CHANGE ME!
readonly PROJECT='gke-confluent-atlas'
readonly DOMAIN='storefront-demo.com'
readonly ZONE='storefront-demo-com-zone'
readonly REGION='us-central1'
readonly TTL=300
View accounts-jwt-policy.yaml
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: accounts-auth-policy
namespace: prod
spec:
targets:
- name: accounts
peers:
- mtls: {}
View ingressgateway-jwt-policy.yaml
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: ingressgateway
namespace: istio-system
spec:
targets:
- name: istio-ingressgateway
peers:
- mtls: {}
View jwt-https-curl.sh
curl --verbose \
https://api.dev.storefront-demo.com/accounts/actuator/health \
-H 'Authorization: Bearer <your_jwt_token_goes_here>'