Complete the code to define a basic service mesh sidecar proxy container in a pod spec.
containers:
- name: app
image: myapp:latest
- name: sidecar-proxy
image: [1]The sidecar proxy container in a service mesh often uses the Istio proxy image istio/proxyv2:latest to handle traffic routing and security.
Complete the command to install Istio service mesh using the Istioctl CLI.
istioctl install --set profile=[1]The default profile installs the standard Istio service mesh with common features enabled.
Fix the error in the YAML snippet to enable automatic sidecar injection in the namespace.
apiVersion: v1
kind: Namespace
metadata:
name: my-namespace
labels:
[1]: "enabled"The label istio-injection: "enabled" tells Istio to automatically inject sidecar proxies into pods in this namespace.
Fill both blanks to create a service mesh policy that allows mutual TLS authentication.
apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default namespace: [1] spec: mtls: mode: [2]
The PeerAuthentication resource in the istio-system namespace with mode: strict enforces mutual TLS for all workloads.
Fill all three blanks to define a VirtualService routing HTTP traffic to a service.
apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: my-service spec: hosts: - [1] http: - route: - destination: host: [2] port: number: [3]
The hosts field uses the short service name with namespace my-service.default. The destination.host is the service name my-service. The port number 80 is the standard HTTP port.