Last active
June 25, 2020 13:26
-
-
Save howardjohn/33e896b31265c8a8635cc5e03d016b83 to your computer and use it in GitHub Desktop.
Running istio-agent locally bootstrapped with SA token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir -p ./var/run/secrets/tokens ./var/run/secrets/istio | |
| echo '{"kind":"TokenRequest","apiVersion":"authentication.k8s.io/v1","spec":{"audiences":["istio-ca"]}}' | kubectl create --raw /api/v1/namespaces/default/serviceaccounts/default/token -f - | jq -j '.status.token' > ./var/run/secrets/tokens/istio-token | |
| kubectl -n istio-system get secret istio-ca-secret -ojsonpath='{.data.ca-cert\.pem}' | base64 -d > ./var/run/secrets/istio/root-cert.pem | |
| CA_ADDR=localhost:15012 PROXY_CONFIG="$(cat proxyconfig.yaml | envsubst)" go run ./pilot/cmd/pilot-agent proxy sidecar --templateFile ./tools/packaging/common/envoy_bootstrap_v2.json | |
| where proxyconfig.yaml: | |
| binaryPath: $GOPATH/src/istio.io/istio/out/linux_amd64/release/envoy | |
| configPath: $HOME/kube/local/proxy | |
| discoveryAddress: localhost:15012 | |
| statusPort: 15020 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Also need to port-forward istiod on port 15012 in this example