[3] Advanced challenges

[3.1] Goals

  • mTLS Security
  • Advanced Tracing
  • Chaos Engineering

[3.2.0] mTLS travel-agency

# Enable mTLS in travel-agency
kubectl apply -f <(curl -L https://git.io/fjKnR)

# Delete mTLS in travel-agency
kubectl delete -f <(curl -L https://git.io/fjKnR)

Enable mutual TLS on travel-agency services.

[3.2.1] Check mTLS travel-agency

mTLS enabled in travel-agency

All services within namespace are TLS protected by Istio

[3.2.2] Mesh Policy

# Enable MeshPolicy
kubectl apply -f <(curl -L https://git.io/fjKnY)

# Disable mTLS for ingress
kubectl apply -f <(curl -L https://git.io/JeVtc)

# Delete MeshPolicy
kubectl delete -f <(curl -L https://git.io/fjKnY)

# Enable mTLS for ingress
kubectl delete -f <(curl -L https://git.io/JeVtc)

Apply mutual TLS in all namespaces

[3.2.3] Check Mesh Policy

mTLS enabled for whole cluster

All namespaces protected with mTLS

[3.3.0] Chaos Engineering

[3.3.1] Travel Agency v3

  • Get familiar with travel_agency.go
  • Create a travel-agency v3
  • Personalize delays
  • Use Kiali to compare with v1 and spot differences

[3.3.2] Travel Agency v4

  • Travels service always queries to: flights, hotels, cars, insurances
  • Modify example to allow random queries (i.e. some users may not need a car)
  • Check how scenario changes when a cars service is down

[3.4.0] Advanced Tracing

End of Workshop part [3]

Congratulations !

Back to Workshop Index