Voravit voraviz

## httpbin-virtual-service-with-timeout.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
    - httpbin.org
  http:
  - route:
      - destination:

## httpbin-service-entry.yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: httpbin.org
spec:
  hosts:
  - httpbin.org
  ports:
  - number: 443
    name: https

## create-ca-csr-self-signed-1.sh
CN=great-partner.apps.acme.com
echo "Create Root CA and Private Key"
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=Acme Inc./CN=acme.com' \
-keyout certs/acme.com.key -out certs/acme.com.crt
echo "Create Certificate and Private Key for $CN"
openssl req -out certs/great-partner.csr -newkey rsa:2048 -nodes -keyout certs/great-partner.key -subj "/CN=${CN}/O=Great Department"
openssl x509 -req -days 365 -CA certs/acme.com.crt -CAkey certs/acme.com.key -set_serial 0 -in certs/great-partner.csr -out certs/great-partner.crt

## create-ca-csr-self-signed-2.sh
CN=bad-partner.apps.pirate.com
echo "Create Root CA and Private Key"
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=Pirate Inc./CN=pirate.com' \
-keyout certs/pirate.com.key -out certs/pirate.com.crt
echo "Create Certificate and Private Key for $CN"
openssl req -out certs/bad-partner.csr -newkey rsa:2048 -nodes -keyout certs/bad-partner.key -subj "/CN=${CN}/O=Bad Department"
openssl x509 -req -days 365 -CA certs/pirate.com.crt -CAkey certs/pirate.com.key -set_serial 0 -in certs/bad-partner.csr -out certs/bad-partner.crt

## create-replace-secret-with-trust-ca.sh
oc create secret generic frontend-credential \
--from-file=tls.key=certs/frontend.key \
--from-file=tls.crt=certs/frontend.crt \
--from-file=ca.crt=certs/trusted.crt \
-n control-plane --dry-run=client -o yaml \
| oc replace -n control-plane secret frontend-credential -f -

## replace-secrets-cert.sh
oc create secret generic frontend-credential \
--from-file=tls.key=certs/frontend.key \
--from-file=tls.crt=certs/frontend.crt \
--from-file=ca.crt=certs/acme.com.crt \
-n control-plane -o yaml --dry-run=client |
oc replace -n control-plane secret frontend-credential -f -

## create-secret-certs.sh
oc create secret generic frontend-credential \
--from-file=tls.key=certs/frontend.key \
--from-file=tls.crt=certs/frontend.crt \
-n control-plane

## create-ca-csr-self-signed.sh
#!/bin/bash
mkdir -p certs
SUBDOMAIN=$(oc whoami --show-console  | awk -F'apps.' '{print $2}')
CN=frontend.apps.$SUBDOMAIN
echo "Create Root CA and Private Key"
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=example Inc./CN=example.com' \
-keyout certs/example.com.key -out certs/example.com.crt
echo "Create Certificate and Private Key for $CN"
openssl req -out certs/frontend.csr -newkey rsa:2048 -nodes -keyout certs/frontend.key -subj "/CN=${CN}/O=Great Department"
openssl x509 -req -days 365 -CA certs/example.com.crt -CAkey certs/example.com.key -set_serial 0 -in certs/frontend.csr -out certs/frontend.crt

## istio-gateway-with-mtls.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: frontend-gateway
  namespace: control-plane
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:

## istio-gateway-with-tls.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: frontend-gateway
  namespace: control-plane
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
	apiVersion: networking.istio.io/v1alpha3
	kind: VirtualService
	metadata:
	name: httpbin
	spec:
	hosts:
	- httpbin.org
	http:
	- route:
	- destination:
	apiVersion: networking.istio.io/v1alpha3
	kind: ServiceEntry
	metadata:
	name: httpbin.org
	spec:
	hosts:
	- httpbin.org
	ports:
	- number: 443
	name: https
	CN=great-partner.apps.acme.com
	echo "Create Root CA and Private Key"
	openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=Acme Inc./CN=acme.com' \
	-keyout certs/acme.com.key -out certs/acme.com.crt
	echo "Create Certificate and Private Key for $CN"
	openssl req -out certs/great-partner.csr -newkey rsa:2048 -nodes -keyout certs/great-partner.key -subj "/CN=${CN}/O=Great Department"
	openssl x509 -req -days 365 -CA certs/acme.com.crt -CAkey certs/acme.com.key -set_serial 0 -in certs/great-partner.csr -out certs/great-partner.crt
	CN=bad-partner.apps.pirate.com
	echo "Create Root CA and Private Key"
	openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=Pirate Inc./CN=pirate.com' \
	-keyout certs/pirate.com.key -out certs/pirate.com.crt
	echo "Create Certificate and Private Key for $CN"
	openssl req -out certs/bad-partner.csr -newkey rsa:2048 -nodes -keyout certs/bad-partner.key -subj "/CN=${CN}/O=Bad Department"
	openssl x509 -req -days 365 -CA certs/pirate.com.crt -CAkey certs/pirate.com.key -set_serial 0 -in certs/bad-partner.csr -out certs/bad-partner.crt
	oc create secret generic frontend-credential \
	--from-file=tls.key=certs/frontend.key \
	--from-file=tls.crt=certs/frontend.crt \
	-n control-plane
	#!/bin/bash
	mkdir -p certs
	SUBDOMAIN=$(oc whoami --show-console \| awk -F'apps.' '{print $2}')
	CN=frontend.apps.$SUBDOMAIN
	echo "Create Root CA and Private Key"
	openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=example Inc./CN=example.com' \
	-keyout certs/example.com.key -out certs/example.com.crt
	echo "Create Certificate and Private Key for $CN"
	openssl req -out certs/frontend.csr -newkey rsa:2048 -nodes -keyout certs/frontend.key -subj "/CN=${CN}/O=Great Department"
	openssl x509 -req -days 365 -CA certs/example.com.crt -CAkey certs/example.com.key -set_serial 0 -in certs/frontend.csr -out certs/frontend.crt
	apiVersion: networking.istio.io/v1alpha3
	kind: Gateway
	metadata:
	name: frontend-gateway
	namespace: control-plane
	spec:
	selector:
	istio: ingressgateway # use istio default controller
	servers:
	- port: