Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

2.3.

2.3.1.
링크 복사

2.3.1.1.
링크 복사

2.3.1.2.
링크 복사

  • 중요

2.3.2.
링크 복사

주의

2.3.2.1.
링크 복사

2.3.3.
링크 복사

중요

Expand
표 2.3.
   

2.3.4.
링크 복사

2.3.4.1.
링크 복사

2.3.4.1.1.
링크 복사

2.3.4.1.2.
링크 복사

2.3.4.2.
링크 복사

2.3.4.2.1.
링크 복사

apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
spec:
  gateways:
    openshiftRoute:
      enabled: true
Copy to Clipboard Toggle word wrap
2.3.4.2.2.
링크 복사

2.3.4.3.
링크 복사

2.3.4.4.
링크 복사

2.3.4.5.
링크 복사

2.3.4.6.
링크 복사

An error occurred
admission webhook smcp.validation.maistra.io denied the request: [support for policy.type "Mixer" and policy.Mixer options have been removed in v2.1, please use another alternative, support for telemetry.type "Mixer" and telemetry.Mixer options have been removed in v2.1, please use another alternative]”
Copy to Clipboard Toggle word wrap 

apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
spec:
  policy:
    type: Istiod
  telemetry:
    type: Istiod
  version: v2.6
Copy to Clipboard Toggle word wrap

2.3.4.7.
링크 복사

  1. $ oc project istio-system
    Copy to Clipboard Toggle word wrap 

    1. $ oc get smcp -o yaml
      Copy to Clipboard Toggle word wrap
      작은 정보

  3. apiVersion: maistra.io/v2
kind: ServiceMeshControlPlane
metadata:
  name: basic
spec:
  version: v2.6
    Copy to Clipboard Toggle word wrap

2.3.4.8.
링크 복사

2.3.4.8.1.
링크 복사

    1. $ oc get smcp -o yaml
      Copy to Clipboard Toggle word wrap 

    4. $ oc get smcp.v1.maistra.io <smcp_name> > smcp-resource.yaml
#Edit the smcp-resource.yaml file.
$ oc replace -f smcp-resource.yaml
      Copy to Clipboard Toggle word wrap 

    5. $ oc patch smcp.v1.maistra.io <smcp_name> --type json --patch '[{"op": "replace","path":"/spec/path/to/bad/setting","value":"corrected-value"}]'
      Copy to Clipboard Toggle word wrap 

    6. $ oc edit smcp.v1.maistra.io <smcp_name>
      Copy to Clipboard Toggle word wrap 

  2. $ oc project istio-system
    Copy to Clipboard Toggle word wrap 

  3. $ oc get servicemeshcontrolplanes.v1.maistra.io <smcp_name> -o yaml > <smcp_name>.v1.yaml
    Copy to Clipboard Toggle word wrap 

  4. $ oc get smcp <smcp_name> -o yaml > <smcp_name>.v2.yaml
    Copy to Clipboard Toggle word wrap 

  5. $ oc new-project istio-system-upgrade
    Copy to Clipboard Toggle word wrap 

  8. $ oc create -n istio-system-upgrade -f <smcp_name>.v2.yaml
    Copy to Clipboard Toggle word wrap

2.3.4.8.2.
링크 복사

2.3.4.8.2.1.
링크 복사

2.3.4.8.2.2.
링크 복사

2.3.4.8.2.3.
링크 복사

2.3.4.8.2.4.
링크 복사

2.3.4.8.2.5.
링크 복사

spec:
  policy:
    type: Mixer
Copy to Clipboard Toggle word wrap 

spec:
  telemetry:
    type: Mixer
Copy to Clipboard Toggle word wrap

2.3.4.8.2.6.
링크 복사

2.3.4.8.2.6.1.
링크 복사

apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
  name: productpage-mTLS-disable
  namespace: <namespace>
spec:
  targets:
  - name: productpage
Copy to Clipboard Toggle word wrap 

apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: productpage-mTLS-disable
  namespace: <namespace>
spec:
  mtls:
    mode: DISABLE
  selector:
    matchLabels:
      # this should match the selector for the "productpage" service
      app: productpage
Copy to Clipboard Toggle word wrap 

apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
  name: productpage-mTLS-with-JWT
  namespace: <namespace>
spec:
  targets:
  - name: productpage
    ports:
    - number: 9000
  peers:
  - mtls:
  origins:
  - jwt:
      issuer: "https://securetoken.google.com"
      audiences:
      - "productpage"
      jwksUri: "https://www.googleapis.com/oauth2/v1/certs"
      jwtHeaders:
      - "x-goog-iap-jwt-assertion"
      triggerRules:
      - excludedPaths:
        - exact: /health_check
  principalBinding: USE_ORIGIN
Copy to Clipboard Toggle word wrap 

#require mtls for productpage:9000
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: productpage-mTLS-with-JWT
  namespace: <namespace>
spec:
  selector:
    matchLabels:
      # this should match the selector for the "productpage" service
      app: productpage
  portLevelMtls:
    9000:
      mode: STRICT
---
#JWT authentication for productpage
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
  name: productpage-mTLS-with-JWT
  namespace: <namespace>
spec:
  selector:
    matchLabels:
      # this should match the selector for the "productpage" service
      app: productpage
  jwtRules:
  - issuer: "https://securetoken.google.com"
    audiences:
    - "productpage"
    jwksUri: "https://www.googleapis.com/oauth2/v1/certs"
    fromHeaders:
    - name: "x-goog-iap-jwt-assertion"
---
#Require JWT token to access product page service from
#any client to all paths except /health_check
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: productpage-mTLS-with-JWT
  namespace: <namespace>
spec:
  action: ALLOW
  selector:
    matchLabels:
      # this should match the selector for the "productpage" service
      app: productpage
  rules:
  - to: # require JWT token to access all other paths
      - operation:
          notPaths:
          - /health_check
    from:
      - source:
          # if using principalBinding: USE_PEER in the Policy,
          # then use principals, e.g.
          # principals:
          # - “*”
          requestPrincipals:
          -*”
  - to: # no JWT token required to access health_check
      - operation:
          paths:
          - /health_check
Copy to Clipboard Toggle word wrap

2.3.4.8.3.
링크 복사

2.3.4.8.3.1.
링크 복사

2.3.4.8.3.2.
링크 복사

2.3.4.8.3.3.
링크 복사

spec:
  tracing:
    sampling: 100 # 1%
    type: Jaeger
Copy to Clipboard Toggle word wrap 

spec:
  addons:
    jaeger:
      name: jaeger
      install:
        storage:
          type: Memory # or Elasticsearch for production mode
          memory:
            maxTraces: 100000
          elasticsearch: # the following values only apply if storage:type:=Elasticsearch
            storage: # specific storageclass configuration for the Jaeger Elasticsearch (optional)
              size: "100G"
              storageClassName: "storageclass"
            nodeCount: 3
            redundancyPolicy: SingleRedundancy
  runtime:
    components:
      tracing.jaeger: {} # general Jaeger specific runtime configuration (optional)
      tracing.jaeger.elasticsearch: #runtime configuration for Jaeger Elasticsearch deployment (optional)
        container:
          resources:
            requests:
              memory: "1Gi"
              cpu: "500m"
            limits:
              memory: "1Gi"
Copy to Clipboard Toggle word wrap

2.3.4.8.3.4.
링크 복사

spec:
  addons:
    grafana:
      enabled: true
      install: {} # customize install
    kiali:
      enabled: true
      name: kiali
      install: {} # customize install
Copy to Clipboard Toggle word wrap

2.3.4.8.3.5.
링크 복사

Expand
   

2.3.4.8.4.
링크 복사

2.3.5.
링크 복사

2.3.5.1.
링크 복사

$ oc rollout restart <deployment>
Copy to Clipboard Toggle word wrap

맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat