Traffic Management 40%

README.md

@@ -1,16 +1,19 @@
 # Istio Certified Associate (ICA)
 
-Istio Certified Associate exam preparation repository
+Istio Certified Associate exam preparation repository.
+
+This repository is created to help me and anyone interested to prepare the Istio Certified Associate (ICA) exam. 
 
 https://training.linuxfoundation.org/blog/istio-certified-associate-ica/
 https://training.linuxfoundation.org/certification/istio-certified-associate-ica/
 
-## Domains & Competencies: Practice exercices
+## Domains & Competencies: [Preparation Exam Material]
 
 * [Istio Installation, Upgrade & Configuration 7%](./1_istio_installation_upgrade_configuration/README.md)
 * [Traffic Management 40%](./2_traffic_management/README.md)
 * [Resilience and Fault Injection 20%](./3_resilience_and_fault_injection/README.md)
 * [Securing Workloads 20%](./4_securing_workloads/README.md)
+* [Advanced Scenarios 13%](./5_advanced_scenarios/README.md)
 
 ## Pre-Requirements
 
@@ -56,5 +59,9 @@ $ ./istio-1.18.2/bin/istioctl version -s --remote=false
 * [Istio 0 to 60 workshop: Exercices](https://tetratelabs.github.io/istio-0to60)
 * [Mesh week](https://github.com/solo-io/mesh-week)
 * [Mesh week: How to prepare for Istio Certified associate exam (ICA)](https://learncloudnative.com/blog/2023-10-10-meshweek)
+* [Mesh week: Mock Istio Certified Associate Exam](https://docs.google.com/forms/d/e/1FAIpQLSfD4BLLQfdUwnIyiTBSGC_OzmSbiyrIlNp5Am61fTOhRbfiLw/viewform)
 * [Istio Security Problems](https://istio.io/latest/docs/ops/common-problems/security-issues/)
 * [Istio Security Best Practices](https://istio.io/latest/docs/ops/best-practices/security/)
+* [Life of a packet through Istio by Matt Turner](https://www.youtube.com/watch?v=cB611FtjHcQ)
+* [Matt Turner - Life of a Packet through Istio III - WTF is SRE 2023](https://www.youtube.com/watch?v=qsTK4o189_I)
+* [Killercoda Istio ICA](https://github.com/killercoda/scenarios-ica)

mock_exam/1.yaml

@@ -0,0 +1,23 @@
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+spec:
+  profile: minimal
+  components:
+    pilot:
+      k8s:
+        resources:
+          requests:
+            cpu: 750m
+            memory: 4096Mi
+    ingressGateways:
+    - name: payments-ingress
+      enabled: true
+      namespace: payments
+    - name: frontend-ingress
+      enabled: true
+      namespace: frontend
+    egressGateways:
+    - name: cluster-egress
+      enabled: true
+      namespace: egress
+

mock_exam/2.yaml

@@ -0,0 +1,38 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: my-ingress
+spec:
+  selector:
+    app: my-ingressgateway # No specified
+  servers:
+  - port:
+      number: 80
+      name: http2
+      protocol: HTTP2
+    hosts:
+    - "*"
+
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: payments
+spec:
+  hosts:
+  - mycompany.com
+  gateways:
+  - my-ingress
+  http:
+  - name: "payments"
+    match:
+    - uri:
+        prefix: "/payments"
+    route:
+    - destination:
+        host: payments.default.svc.cluster.local
+
+  - name: "frontend"
+    route:
+    - destination:
+        host: frontend.default.svc.cluster.local

mock_exam/3.yaml

@@ -0,0 +1,29 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+spec:
+  hosts:
+  - orders
+  http:
+  - route:
+    - destination:
+        host: orders
+        subset: v1
+      weight: 30
+    - destination:
+        host: orders
+        subset: v2
+      weight: 70
+---
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: orders
+spec:
+  host: orders
+  subsets:
+  - name: orders-v1
+    labels:
+      version: v1
+  - name: orders-v2
+    labels:
+      version: v2

mock_exam/4.yaml

@@ -0,0 +1,34 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+spec:
+  hosts:
+  - backend
+  http:
+  - fault:
+      delay:
+        fixedDelay: 5s
+        percentage:
+          value: 100
+    match:
+    - uri:
+        prefix: "/delay"
+    route:
+    - destination:
+        host: backend.default.svc.cluster.local
+
+  - fault:
+      abort:
+        httpStatus: 403
+        percentage:
+          value: 100
+    match:
+    - uri:
+        prefix: "/fault"
+    route:
+    - destination:
+        host: backend.default.svc.cluster.local
+
+  - route:
+    - destination:
+        host: backend.default.svc.cluster.local
+

mock_exam/5.yaml

@@ -0,0 +1,14 @@
+apiVersion: security.istio.io/v1beta1
+kind: PeerAuthentication
+metadata:
+  name: default
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      mtls: strict
+  mtls:
+    mode: STRICT
+  portLevelMtls:
+    9000:
+      mode: DISABLE

mock_exam/6.yaml

@@ -0,0 +1,20 @@
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  namespace: default
+  name: customers
+spec:
+  selector:
+    matchLabels:
+      app: customers
+  action: ALLOW
+  rules:
+  - from:
+    - source:
+        principals:
+        - "cluster.local/ns/default/sa/payments"
+        - "cluster.local/ns/default/sa/orders"
+  - to:
+    - operation:
+        methods: ["GET"]
+        paths: ["/api"]

mock_exam/7.yaml

@@ -0,0 +1,7 @@
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  namespace: payments
+  name: payments
+spec:
+  {}

mock_exam/README.md

@@ -0,0 +1,4 @@
+# Mock exam - Mesh Week
+
+https://docs.google.com/forms/d/e/1FAIpQLSfD4BLLQfdUwnIyiTBSGC_OzmSbiyrIlNp5Am61fTOhRbfiLw/viewform
+