istio-integration/

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitee.com/mirrors/Speedle

README ¶

Speedle Istio Mixer Adapter for authorization

Prerequisite

To setup speedle istio adapter, a running Kubernetes cluster with istio is required.
Speedle services need to be deployed. Please see Deploy Speedle
Istio bookinfo sample installed.
The kubectl configuration is set so that kubectl can be used to manage the cluster.
A docker repository is required to push build result.
Istio Adapter Before you start

Build Instructions

copy set-env.sh.template to set-env.sh and edit it according to your environment.

. set-env.sh
make init init_istio
make build-grpc-adapter

Install Instructions

Install Speedle Adapter

The adapter/speedlegrpcadapter/operator_cfg.yaml.template file is configured to protect Istio bookinfo services. It can be editted "match" attribute according to services to be protected.

 match: destination.labels["app"] == "details" || destination.labels["app"] == "productpage" || destination.labels["app"] == "reviews" || destination.labels["app"] == "ratings"

To install Speedle Istio adapter:

make install-speedle-grpc-adapter

Install Speedle adapter in discover mode

By default, Speedle Istio adapter runs in normal authorization check mode. The Speedle Istio adapter can run in "discover" mode, in which all authorization requests will be allowed. The authorization requests will be collected at Speedle ADS. These requests can be retrieved. The application developers can use the collected requests to define policies.

export SPEEDLE_ADS_ENDPOINT="http://speedle-ads.speedle.svc.cluster.local:6734/authz-check/v1/discover"
# Or you can edit set-env.sh to use 'discover' instead of 'is-allowed' in SPEEDLE_ADS_ENDPOINT

make install-speedle-grpc-adapter

After Speedle Istio adapter is installed, you can run some tests against your application. Then you can use spctl command line tool to get collected requests and policies (for reference only):

# get discovered requests
spctl discover request --service-name=istio

# get discovered policies (for refernece only)
spctl discover policy --service-name=istio

Uninstall Speedle Adapter

To uninstall Speedle Istio adapter:

make uninstall-speedle-grpc-adapter

References

Directories ¶

Path	Synopsis
adapter
speedle
speedlegrpcadapter
speedlegrpcadapter/cmd

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL