多集群之间的istio流量管理

我有几个Kubernetes集群。 由于公司的安全问题,只应允许群集A中的A服务访问群集B中的B服务。您可以使用istio处理这种情况吗?</ p>

尽管可以 为了使用istio的虚拟服务中的标头信息控制流量,可以随时操纵http标头信息,这不满足安全性问题。</ p>
</ div>

展开原文

原文

I have several Kubernetes clusters. Due to the company's security issues, only A 'service in Cluster A should be allowed to access B' Service in Cluster B. Can you handle such a case with istio?

Although it is possible to control the traffic using the header information in istio's virtualservice, the http header information can be manipulated at any time, which does not satisfy the security issue.

1个回答



Istio具有单个控制平面或多个控制平面的不同联盟。 您可以在下面查看。 MTLS支持的跨网络通信,因此可以确保它不会被篡改。 </ p>

共享控制平面

https://istio.io/docs/setup/kubernetes/install/multicluster/shared-gateways/ </ p>

多个控制平面

< a href =“ https://istio.io/docs/setup/kubernetes/install/multicluster/gateways/” rel =“ nofollow noreferrer”> https://istio.io/docs/setup/kubernetes/install/multicluster/ 网关/ </ p>

这是相当新的内容,并且正在大量开发中,因此您可以尝试使用它们,也可以在通过网络连接时使用HTTPS通信。</ p>
</ DIV>

展开原文

原文

Istio has a different federation with a single control plane or multiple control plane. you can check out below. the communication across network supported by MTLS so you can be assured it can't have tampered.

Shared control plane
https://istio.io/docs/setup/kubernetes/install/multicluster/shared-gateways/

Multiple control planes
https://istio.io/docs/setup/kubernetes/install/multicluster/gateways/

This is pretty new and under heavy development, so you can try them or simply use HTTPS communication when connecting across the network.

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问