Istio1.6.4发布新特性与快速安装

编程

Istio 1.6.4已经发布,更新主要是安全方面。

  • 更新包括:

    • CVE-2020-12603: By sending a specially crafted packet, an attacker could cause Envoy to consume excessive amounts of memory when proxying HTTP/2 requests or responses.

      • CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    • CVE-2020-12605: An attacker could cause Envoy to consume excessive amounts of memory when processing specially crafted HTTP/1.1 packets.

      • CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    • CVE-2020-8663: An attacker could cause Envoy to exhaust file descriptors when accepting too many connections.

      • CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    • CVE-2020-12604: An attacker could cause increased memory usage when processing specially crafted packets.

      • CVSS Score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

下载:

wget https://github.com/istio/istio/releases/download/1.6.4/istio-1.6.4-linux-amd64.tar.gz

tar -vxf istio-1.6.4-linux-amd64.tar.gz

设置:

# Add to ~/.profile or .bash...

$ export PATH=$PWD/bin:$PATH

安装:

$ istioctl install--set profile=demo

部署示范程序:

$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

检查运行状态:

$ kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath="{.items[0].metadata.name}") -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"

<title>Simple Bookstore App</title>

发布服务到外部访问:

$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml

gateway.networking.istio.io/bookinfo-gateway created

virtualservice.networking.istio.io/bookinfo created

更多参考:

  • Istio 1.6.3 发布-新特性与快速安装

以上是 Istio1.6.4发布新特性与快速安装 的全部内容, 来源链接: utcz.com/z/518163.html

回到顶部