Istio1.6.4发布新特性与快速安装
Istio 1.6.4已经发布,更新主要是安全方面。
- 更新包括:
CVE-2020-12603: By sending a specially crafted packet, an attacker could cause Envoy to consume excessive amounts of memory when proxying HTTP/2 requests or responses.
- CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-12605: An attacker could cause Envoy to consume excessive amounts of memory when processing specially crafted HTTP/1.1 packets.
- CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-8663: An attacker could cause Envoy to exhaust file descriptors when accepting too many connections.
- CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-12604: An attacker could cause increased memory usage when processing specially crafted packets.
- CVSS Score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
下载:
wget https://github.com/istio/istio/releases/download/1.6.4/istio-1.6.4-linux-amd64.tar.gztar -vxf istio-1.6.4-linux-amd64.tar.gz
设置:
# Add to ~/.profile or .bash...$ export PATH=$PWD/bin:$PATH
安装:
$ istioctl install--set profile=demo
部署示范程序:
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
检查运行状态:
$ kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath="{.items[0].metadata.name}") -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"<title>Simple Bookstore App</title>
发布服务到外部访问:
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yamlgateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
更多参考:
- Istio 1.6.3 发布-新特性与快速安装
以上是 Istio1.6.4发布新特性与快速安装 的全部内容, 来源链接: utcz.com/z/518163.html