Details
-
Page
-
Resolution: Fixed
-
Major
-
None
-
None
-
6 - Kraken Cleanup, 7 - Til the Krack of dawn, 8 - FireKracker
-
1
Description
Suggested documentation example addition for the ISTIO page (Couchbase server only)
1. Using new adminConsoleServiceTemplate and setting type to ClusterIP
apiVersion: couchbase.com/v2
|
kind: CouchbaseCluster
|
metadata:
|
name: "couchbase" |
namespace: "couchbase" |
spec:
|
networking:
|
exposeAdminConsole: true |
adminConsoleServiceTemplate:
|
spec:
|
type: ClusterIP
|
2. Destination rule with stickiness (used user cookie, but could be any other cookie or 'useSourceIp')
apiVersion: 'networking.istio.io/v1alpha3' |
kind: DestinationRule
|
metadata:
|
name: "destination-rule-couchbase-ui" |
namespace: "couchbase" |
spec:
|
host: "couchbase-ui" |
trafficPolicy:
|
loadBalancer:
|
consistentHash:
|
httpCookie:
|
name: user
|
ttl: 0s
|
3. Set peer authentication to STRICT to enforce mTLS for entire namespace where the Couchbase cluster deployed
apiVersion: "security.istio.io/v1beta1" |
kind: "PeerAuthentication" |
metadata:
|
name: "peer-authentication-couchbase" |
namespace: "couchbase" |
spec:
|
mtls:
|
mode: STRICT
|
4. Virtualservice to pass the traffic to the couchbase-ui service
apiVersion: networking.istio.io/v1beta1
|
kind: VirtualService
|
metadata:
|
name: "virtual-service-couchbase-ui" |
namespace: "couchbase" |
spec:
|
hosts:
|
- "couchbase.example.com" |
gateways:
|
- istio-system/gateway
|
http:
|
- match:
|
- uri:
|
prefix: /
|
route:
|
- destination:
|
port:
|
number: 8091 |
host: "couchbase-ui" |