Zero Trust Networking with ServiceMesh
Cloning
git clone ...
git submodule init
git submodule update
Demo
- Cleanup and run the deployments without service mesh
./cleanup.sh ./run.sh
1a. Start k9s show all pods in project namepsaces
bash ./k9s.sh
Use this command in k8s to filter to the project namespaces:
bash /project
-
Open NetObserv to view the traffic. Try the link in the OCP application menu
-
Curl some test data
oc rsh test -n project0 curl -kvvv http://app-1.project2:8080
-
Navigate to kiali
-
Annotate the pods for servicemesh
./enable-istio.sh
-
Once the pods are redeployed, not that they now containe two containers instead of 1.
-
Start the traffic script again, view traffic in kiali. Note mTLS is enabled.
-
Try to curl from the test pod, note we can't get any data
curl -kvvv http://app-1.project2:8080 curl -kvvv https://app-1.project2:8080