Skip to content

Instantly share code, notes, and snippets.

@incfly

incfly/httpbin-ingress.yaml

Last active March 8, 2022 13:40
Show Gist options
  • Save incfly/7753a5e3b7e79a0576fc03190a986a02 to your computer and use it in GitHub Desktop.
Save incfly/7753a5e3b7e79a0576fc03190a986a02 to your computer and use it in GitHub Desktop.
Download ZIP
httpbin-tls-cert-extra-bytes.
Raw
httpbin-ingress.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: httpbin
---
apiVersion: v1
kind: Secret
metadata:
name: httpbin-credential
namespace: istio-system
stringData:
tls.crt: |
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIRAJoWnVWbpyYBftDHbNyqC9gwDQYJKoZIhvcNAQELBQAw
GjEYMBYGA1UEAxMPRXhhbXBsZSBSb290IENBMB4XDTIyMDMwODEzMTAwMFoXDTIz
MDMwODEzMTAwMFowGDEWMBQGA1UEAwwNKi5leGFtcGxlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKJSHjaozop1wiyBThajHilKE85RXSSMb7AA
1fj6ynL/17cxRSMFP38ovbqgPxGIgc+aKbomT2undbUjp6lY3g4PPBzgCiGbBppU
7WxUv04f2YUn7WqBCFdu9YkVamIjD4BS1LXoPE6ygnecG9J91pZvlApiSse7FrZa
k1qShTo/k6WNmv12SXX3dbIstkwEwkoX9Vqo3j5lHx245mUcBGU01soP8g5GbiwF
ZixZgOnoPgFBGxT1cgpnTFOZe0tAk2k0P6c4S3QsDUNHnx58w0ZoymGjTDiItosW
/TmjLdvXAArqMgi24fSq4zclnLbvtMfu67rBNDGpzO1PQ22YjIMCAwEAAaOBjDCB
iTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MB0GA1UdDgQWBBSlyKr4xjBmLJ6/pT4agg4Xju6osjAfBgNVHSMEGDAWgBSrCefh
8Ww2kapqhtSqFLeERQrefTAYBgNVHREEETAPgg0qLmV4YW1wbGUuY29tMA0GCSqG
SIb3DQEBCwUAA4IBAQApJwjIP+5+R81MUo5xpCEnxCPw1oABjqpJNuvQv+G/g8E8
TSzZCZk7kOWc+Fx0AN5XDTu6vMOpNr2Dl0IVYjX3iaFADM5O+fiyZdlXpv6gyJD1
eF/1JfqdYttv39Ymlre1gnc3kpC0xKI/uqWGNU6Ga8hpJpQeNHB9z73J3oQLkfQQ
hykQ0vLnj29K5J2aNnJ4qC1X7CpVi6zXVX2FwAujdsialVb5QH/4FidrfYrKJF6B
PZLAYxO0y6LcnJbcqRYQ0kwnMCHtKiJEJlV46d66fyRYBpKliSKzZG64iVVO1NG+
b12MORYKNUiAwKuwDDLXRHsezuR76dHgUPE0PGiW
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDAzCCAeugAwIBAgIQT1gvSbly0A9RHu8c/QTGgjANBgkqhkiG9w0BAQsFADAa
MRgwFgYDVQQDEw9FeGFtcGxlIFJvb3QgQ0EwHhcNMjIwMzA4MTI1MDQ2WhcNMzIw
MzA1MTI1MDQ2WjAaMRgwFgYDVQQDEw9FeGFtcGxlIFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyJR9Dl5a9c4Gn2ooThIqeQwUYeYGNVLSY
FEE/pOBheFld3F3p59fJtNKw8tguFa9CqGp6ac4UlU2biKyjA1Nisxtbbh4UnsXX
I6KYaM1iJTmsBIMTwU+GBW/pvYKwpHadPJr13D61XwLhFEa4+W1imsKZRa1trgJj
f5vwFdmOeCvUzLq7vMRDwG0+cYpSyZbcV4GlUaLDvY8YqKBVPjTxOXh7EuJy1z/Z
18pojhmp7fSUQgAD57wKdINkj4epic7Iy14ZbYWYk7p8ULIoyKDRdSlsMag4fGie
rXX+ak9wZIFZJVt3IlUTlInTpdYXh1QlG9GvHfJa09Mfu4MlsjNlAgMBAAGjRTBD
MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBSr
Cefh8Ww2kapqhtSqFLeERQrefTANBgkqhkiG9w0BAQsFAAOCAQEAAdAEXm+rD1/q
DzXLnAe1NZUz645Stgbr2pHcuOdRO+/7iL/TxrTTqqfU5r+o75VijL7JGW2yiwId
kZGg9LwntWoTnL4Xzx/1oui8pVnHJNf9MhZ/rz1lHR3UKNe7Vsd7Mkc5ZXuWdYC0
NYDuJs0lvUw11PiSYUPuolVVaqWTmygKMOR6Su+f3efxSDXxiexkPu5DPcZ+UqEo
C0cQUMCRzWjLLu+aep/Vtw4rz3ZO+R2yiGvQqgu4S7k/PoIVstHKNV6Rxp00QH6/
DFDi7vMrUbZrm4/5W20+ATLy8zNjqkSslxRfgSTsNO7ZFmUkB8CsmWOgf0DsyYCq
373vRI/hdQ==
-----END CERTIFICATE-----
junkLinesfoo
tls.key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAolIeNqjOinXCLIFOFqMeKUoTzlFdJIxvsADV+PrKcv/XtzFF
IwU/fyi9uqA/EYiBz5opuiZPa6d1tSOnqVjeDg88HOAKIZsGmlTtbFS/Th/ZhSft
aoEIV271iRVqYiMPgFLUteg8TrKCd5wb0n3Wlm+UCmJKx7sWtlqTWpKFOj+TpY2a
/XZJdfd1siy2TATCShf1WqjePmUfHbjmZRwEZTTWyg/yDkZuLAVmLFmA6eg+AUEb
FPVyCmdMU5l7S0CTaTQ/pzhLdCwNQ0efHnzDRmjKYaNMOIi2ixb9OaMt29cACuoy
CLbh9KrjNyWctu+0x+7rusE0ManM7U9DbZiMgwIDAQABAoIBAQCHtTAdcrR7fkiA
/PpUYrvsuUolzFCbJe6ar5g1OTfZPZ0UQ9URmmmj3mQBi8gu2HnvH2yTfUQZNUBr
2QtrwiikiIgxe/38aqfyj96QG6p1nps1gFQ2HvriXppZqdXvhnCHULkV/Luu7/+0
EIgSS7MEwvR6WgM7SWeLvd5Ecwt/ziI8SXKd5xIsC24y9h4C99199YVUu/zVT/6/
E89EvgJJl7efsKz0c8lxuZpMg/Q8dBriRArrqzPtF+OKBXJ0aR5bsKF2QYk6A5fM
ulXcIQ5TSTVsi6IAeumnlWE41K9HozmWEl9up7x4A7mQvi8eLQEAmtqXRO8ph6SX
mxB0LPABAoGBAMD9JxqYe/JD7ZSt8lHjUwSYKGJI3m/pLpxwdCVH9S/JeHRkGHOZ
qeecdwVQ50cAzOif8PwR1RdCMJh/bR8bS+83cb+kH0sd2aM5S927F07n1SDc5wHJ
e9aQMFnPyOGcTwLyO+qiDpgduzBylJ1mwg+Iu6QdF1vRmhi9ePShl++DAoGBANdR
l5VnXLfqGQGnn5G0p98CPxlR2ZlZOieN5Y+fibL4YsjHVZbgZ8IT5XyszpVCgz8l
4y2g1O2jRESCT7xjjryd74Qg/F9Vs4zpMXSCbMTl7HfkMXoIplZ+QDELyGS123wZ
jzE7MOOv/OKguOrY4wGLK9OfdbXrj4HOIiWcNV8BAoGBAJwpfQX5U3pzWwEPTGDU
6O1zzmHRgyTddFkkaeds9csIZQ8Rm/OW6TRAmNLVZ4A99pFaMt9V8q9SYQ5VNlCQ
fv6AR+wB+0yGSADbMTen17GCySRBfDAnAK1bmbRi/bMKD6lbp/4xyktu63TFktpX
NzrosqWW4LrsvZu9Xe3eAJrPAoGAdOteV4eIBmo85/QgptslaOhsYRBcC3QzKvVX
WVT1TdSot4PeSw5R6UYqkDe5+bzjTfAB224BEYVddaIZMCATiwJr5CCRSidcV0Dt
VOnZrFV5wWSNJUn7IO5vZvKR/3Xs2Ad9BOuyUYDn3hwOLaBWLClpRAHLxlxCUecg
DbI0HQECgYEAhjAzH2uKwqsNLcHUbW6vE0NIBwMxmL8kuWyMmVP8gifs23AVir1h
QOuyHlA42DDnClZFjEvM+WBtcrWIwdwWL98C+MqksA9BFWLl30csUWTFDX2fqpcn
1pIWpGO2JjoXVExRFu+bNUpNrbQeCxYv51g9u+BKiGPggeyPTMZdwIc=
-----END RSA PRIVATE KEY-----
---
apiVersion: v1
kind: Service
metadata:
labels:
app: httpbin
service: httpbin
name: httpbin
spec:
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
containers:
- image: docker.io/kennethreitz/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 80
serviceAccountName: httpbin
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: httpbin-gateway
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- httpbin.example.com
port:
name: http
number: 80
protocol: HTTP
- hosts:
- httpbin.example.com
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: httpbin-credential
mode: SIMPLE
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
spec:
gateways:
- httpbin-gateway
hosts:
- httpbin.example.com
http:
- match:
- uri:
prefix: /status
- uri:
prefix: /delay
route:
- destination:
host: httpbin
port:
number: 8000
@incfly
Copy link
Author

incfly commented Mar 8, 2022

Verify the traffic

export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
export TCP_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="tcp")].port}')
  curl -v -HHost:httpbin.example.com --resolve "httpbin.example.com:$SECURE_INGRESS_PORT:$INGRESS_HOST" \
    --cacert out/root_ca.crt "https://httpbin.example.com:$SECURE_INGRESS_PORT/status/418"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment