nmnellis/cat-resolv.sh Secret

## cat-resolv.sh
cat /etc/resolv.conf
nameserver 10.8.0.10
search default.svc.cluster.local svc.cluster.local cluster.local google.internal
options ndots:5

## clusters1.json
 {
   "name": "outbound|443||istio.io",
   "type": "STRICT_DNS",
   "connectTimeout": "10s",
   "loadAssignment": {
     "clusterName": "outbound|443||istio.io",
     "endpoints": [
       {
         "locality": {},
         "lbEndpoints": [
           {
             "endpoint": {
               "address": {
                 "socketAddress": {
                   "address": "istio.io",
                   "portValue": 443
                 }
               }
             },
             "loadBalancingWeight": 1
           }
         ],
         "loadBalancingWeight": 1
       }
     ]
   },
   "circuitBreakers": {
     "thresholds": [
       {
         "maxConnections": 4294967295,
         "maxPendingRequests": 4294967295,
         "maxRequests": 4294967295,
         "maxRetries": 4294967295
       }
     ]
   },
   "dnsRefreshRate": "5s",
   "respectDnsTtl": true,
   "dnsLookupFamily": "V4_ONLY",
   "metadata": {
     "filterMetadata": {
       "istio": {
         "default_original_port": 443,
         "services": [
           {
             "host": "istio.io",
             "name": "istio.io",
             "namespace": "default"
           }
         ]
       }
     }
   },
   "filters": [
     {
       "name": "istio.metadata_exchange",
       "typedConfig": {
         "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
         "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
         "value": {
           "protocol": "istio-peer-exchange"
         }
       }
     }
   ]
 },

## curl1.sh
curl -v https://istio.io/
*   Trying 240.240.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x555e7e38af50)
* Connected to istio.io (240.240.0.1) port 443 (#0)

## database-clusters.sh
istioctl pc clusters my-pod | grep database
database-1.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com     3306      -          outbound      STRICT_DNS
database-2.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com     3307      -          outbound      STRICT_DNS

## database-listener.sh
istioctl pc listeners my-pod | grep database
0.0.0.0     3306  ALL                                                     Cluster: outbound|3306||database-2.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com

## database-listeners2.sh
istioctl pc listeners my-pod | grep database
240.240.0.1 3306  ALL                                                     Cluster: outbound|3306||database-1.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com
240.240.0.2 3306  ALL                                                     Cluster: outbound|3306||database-2.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com

## db-service-entry1.yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
 name: db-1
spec:
 hosts:
 - database-1.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com
 ports:
 - number: 3306
   name: tcp
   protocol: TCP
 resolution: DNS

## db2-service-entry.yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
 name: db-2
spec:
 hosts:
 - database-2.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com
 ports:
 - number: 3306
   name: tcp
   protocol: TCP
 resolution: DNS

## istio-dns-dig.sh
dig istio.io

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> istio.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2732
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;istio.io.      IN  A

;; ANSWER SECTION:
istio.io.   30  IN  A 240.240.0.1

;; Query time: 0 msec
;; SERVER: 169.254.169.254#53(169.254.169.254)
;; WHEN: Mon Nov 23 17:

## istio-operator.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
 meshConfig:
   defaultConfig:
     proxyMetadata:
       ISTIO_META_DNS_CAPTURE: "true"

## listeners1.json
 {
   "name": "240.240.0.1_443",
   "address": {
     "socketAddress": {
       "address": "240.240.0.1",
       "portValue": 443
     }
   },
   "filterChains": [
     {
       "filters": [
         {
           "name": "envoy.filters.network.tcp_proxy",
           "typedConfig": {
             "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
             "statPrefix": "outbound|443||istio.io",
             "cluster": "outbound|443||istio.io",
           }
         }
       ]
     }
...

## service-entry1.yaml
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
 name: istio-io
spec:
 hosts:
 - istio.io
 location: MESH_EXTERNAL
 ports:
 - number: 443
   name: https
   protocol: TLS
 resolution: DNS

## vm-dig-istio.sh
dig istio.io

;; QUESTION SECTION:
;istio.io.            IN    A

;; ANSWER SECTION:
istio.io.        30    IN    A    240.240.0.1

;; SERVER: 10.8.0.10#53(10.8.0.10)

## vm-istio-dns.sh
curl my-vm.com
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
   <title>Apache2 Debian Default Page: It works</title>
   <style type="text/css" media="screen">
 * {
   margin: 0px 0px 0px 0px;
   padding: 0px 0px 0px 0px;
 }

 body, html {
   padding: 3px 3px 3px 3px;

   background-color: #D8DBE2;

   font-family: Verdana, sans-serif;
   font-size: 11pt;
   text-align: center;
 }
....

## vm-istioctl-install.sh
istioctl install --set values.pilot.env.PILOT_ENABLE_WORKLOAD_ENTRY_AUTOREGISTRATION=true

## vm-k8s-dns.sh
root@helloworld-v1-578dd69f69-fhz52:/opt/microservices# curl my-vm.vm.svc.cluster.local

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
...

## vm-k8s-dns.yaml
apiVersion: v1
kind: Service
metadata:
 labels:
   name: my-vm
 name: my-vm
 namespace: vm
spec:
 ports:
   - name: http
     port: 80
     targetPort: 80
 selector:
   app: myvmapi

## vm-service-entry.yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
 name: vm
spec:
 hosts:
 - my-vm.com
 ports:
 - number: 80
   name: http
   protocol: HTTP
 resolution: STATIC
 workloadSelector:
   labels:
     app: myvmapi

## vm-workload-entry.yaml
# kubectl get workloadentries -n vm -o yaml myvmapi-10.128.15.211
apiVersion: networking.istio.io/v1beta1
kind: WorkloadEntry
metadata:
 annotations:
   istio.io/autoRegistrationGroup: myvmapi
 creationTimestamp: "2020-11-23T17:55:46Z"
 generation: 2
 name: myvmapi-10.128.15.211
 namespace: vm
 resourceVersion: "3055325"
spec:
 address: 10.128.15.211
 labels:
   app: myvmapi
 serviceAccount: vm
	cat /etc/resolv.conf
	nameserver 10.8.0.10
	search default.svc.cluster.local svc.cluster.local cluster.local google.internal
	options ndots:5
	{
	"name": "outbound\|443\|\|istio.io",
	"type": "STRICT_DNS",
	"connectTimeout": "10s",
	"loadAssignment": {
	"clusterName": "outbound\|443\|\|istio.io",
	"endpoints": [
	{
	"locality": {},
	"lbEndpoints": [
	{
	"endpoint": {
	"address": {
	"socketAddress": {
	"address": "istio.io",
	"portValue": 443
	}
	}
	},
	"loadBalancingWeight": 1
	}
	],
	"loadBalancingWeight": 1
	}
	]
	},
	"circuitBreakers": {
	"thresholds": [
	{
	"maxConnections": 4294967295,
	"maxPendingRequests": 4294967295,
	"maxRequests": 4294967295,
	"maxRetries": 4294967295
	}
	]
	},
	"dnsRefreshRate": "5s",
	"respectDnsTtl": true,
	"dnsLookupFamily": "V4_ONLY",
	"metadata": {
	"filterMetadata": {
	"istio": {
	"default_original_port": 443,
	"services": [
	{
	"host": "istio.io",
	"name": "istio.io",
	"namespace": "default"
	}
	]
	}
	}
	},
	"filters": [
	{
	"name": "istio.metadata_exchange",
	"typedConfig": {
	"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
	"typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
	"value": {
	"protocol": "istio-peer-exchange"
	}
	}
	}
	]
	},
	curl -v https://istio.io/
	* Trying 240.240.0.1...
	* TCP_NODELAY set
	* Expire in 200 ms for 4 (transfer 0x555e7e38af50)
	* Connected to istio.io (240.240.0.1) port 443 (#0)
	istioctl pc clusters my-pod \| grep database
	database-1.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com 3306 - outbound STRICT_DNS
	database-2.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com 3307 - outbound STRICT_DNS
	istioctl pc listeners my-pod \| grep database
	0.0.0.0 3306 ALL Cluster: outbound\|3306\|\|database-2.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com
	istioctl pc listeners my-pod \| grep database
	240.240.0.1 3306 ALL Cluster: outbound\|3306\|\|database-1.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com
	240.240.0.2 3306 ALL Cluster: outbound\|3306\|\|database-2.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com
	apiVersion: networking.istio.io/v1alpha3
	kind: ServiceEntry
	metadata:
	name: db-1
	spec:
	hosts:
	- database-1.cwbnoj5bvq8z.eu-central-1.rds.amazonaws.com
	ports:
	- number: 3306
	name: tcp
	protocol: TCP
	resolution: DNS
	dig istio.io

	; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> istio.io
	;; global options: +cmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2732
	;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
	;; WARNING: recursion requested but not available

	;; QUESTION SECTION:
	;istio.io. IN A

	;; ANSWER SECTION:
	istio.io. 30 IN A 240.240.0.1

	;; Query time: 0 msec
	;; SERVER: 169.254.169.254#53(169.254.169.254)
	;; WHEN: Mon Nov 23 17:
	apiVersion: install.istio.io/v1alpha1
	kind: IstioOperator
	spec:
	meshConfig:
	defaultConfig:
	proxyMetadata:
	ISTIO_META_DNS_CAPTURE: "true"
	{
	"name": "240.240.0.1_443",
	"address": {
	"socketAddress": {
	"address": "240.240.0.1",
	"portValue": 443
	}
	},
	"filterChains": [
	{
	"filters": [
	{
	"name": "envoy.filters.network.tcp_proxy",
	"typedConfig": {
	"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
	"statPrefix": "outbound\|443\|\|istio.io",
	"cluster": "outbound\|443\|\|istio.io",
	}
	}
	]
	}
	...