K8 Istio little Deep Dive
▻https://hackernoon.com/k8-istio-deep-dive-c0773a204e82?source=rss----3a8144eabfe3---4
I’ve been playing a little bit with Istio mostly egress , but today i wanted to write about ingresses .Basically Istio ingresses are a number of proxies (envoy) that kind of talk to each other to deal with access , throttling and app routing in general.What is really interesting about the istio approach is the sidecar injection, imagine that you’re running a container execs nginx (port80 )SWhat istio does is “inject” a sidecar container , that runs on the same pod , that means , sharing the kernel network namespace with privileged mode and NET_ADMIN capabilities.That way , they guarantee full tracing of services for example or mutual tls for example.In very simple terms it looks like this:Istio workflowThis is much different than having a traditional nginx ingress , the nginx ingress speaks to a (...)
#linux #security #devops #kubernetes #docker