1
# Examples from the doc and site, in namespace examples
2
# The 'egress' example conflicts, it's in separate namespace
5
# - 27018 (mongo) - with VIP
7
# - 80 - *.bar.com resolution:NONE example
9
# - 8000 - virtual entry backed by multiple DNS-based services
10
# - 8001 - unix domain socket
12
# - 1200 - the inbound service and
13
# - 21200 - the inbound container
15
apiVersion: networking.istio.io/v1alpha3
23
- seexamples/* # Doesn't work without this - should be default
27
apiVersion: networking.istio.io/v1alpha3
41
location: MESH_INTERNAL
50
apiVersion: networking.istio.io/v1alpha3
53
name: external-svc-mongocluster
57
- mymongodb.somedomain # not used
60
- 192.192.192.192/24 # VIPs
66
location: MESH_INTERNAL
73
apiVersion: networking.istio.io/v1alpha3
76
name: mtls-mongocluster
79
host: mymongodb.somedomain
83
# Envoy test runs in pilot/pkg/xds directory, but envoy process base dir is set to IstioSrc
84
clientCertificate: tests/testdata/certs/default/cert-chain.pem
85
privateKey: tests/testdata/certs/default/key.pem
86
caCertificates: tests/testdata/certs/default/root-cert.pem
87
# Not included in the example, added for testing
88
sni: v1.mymongodb.somedomain
90
- service.mongodb.somedomain
93
#The following example uses a combination of service entry and TLS
94
#routing in virtual service to demonstrate the use of SNI routing to
95
#forward unterminated TLS traffic from the application to external
96
#services via the sidecar. The sidecar inspects the SNI value in the
97
#ClientHello message to route to the appropriate external service.
99
apiVersion: networking.istio.io/v1alpha3
102
name: external-svc-https
103
namespace: seexamples
109
location: MESH_EXTERNAL
118
apiVersion: networking.istio.io/v1alpha3
122
namespace: seexamples
135
host: api.dropboxapi.com
142
host: www.googleapis.com
149
host: api.facebook.com
151
#The following example demonstrates the use of wildcards in the hosts for
152
#external services. If the connection has to be routed to the IP address
153
#requested by the application (i.e. application resolves DNS and attempts
154
#to connect to a specific IP), the discovery mode must be set to `NONE`.
155
apiVersion: networking.istio.io/v1alpha3
158
name: external-svc-wildcard-example
159
namespace: seexamples
163
location: MESH_EXTERNAL
171
# The following example demonstrates a service that is available via a
172
# Unix Domain Socket on the host of the client. The resolution must be
173
# set to STATIC to use unix address endpoints.
175
# Modified to use port 8001
176
apiVersion: networking.istio.io/v1alpha3
179
name: unix-domain-socket-example
180
namespace: seexamples
183
- "example.unix.local"
184
location: MESH_EXTERNAL
191
- address: unix:///var/run/example/socket
195
# For HTTP based services, it is possible to create a VirtualService
196
# backed by multiple DNS addressable endpoints. In such a scenario, the
197
# application can use the HTTP_PROXY environment variable to transparently
198
# reroute API calls for the VirtualService to a chosen backend. For
199
# example, the following configuration creates a non-existent external
200
# service called foo.bar.com backed by three domains: us.foo.bar.com:8080,
201
# uk.foo.bar.com:9080, and in.foo.bar.com:7080
203
# Modified to use port 8000
204
apiVersion: networking.istio.io/v1alpha3
207
name: external-svc-dns
208
namespace: seexamples
212
location: MESH_EXTERNAL
219
- address: us.foo.bar.com
221
# TODO: example uses 'https', which is rejected currently
223
- address: uk.foo.bar.com
226
- address: in.foo.bar.com