Deploy notebook pod into different namespace (collin-brown), egress gateway into system namespace (cloud-main-system), and add network policies to allow communication between the two namespaces.
- Deploy manifests folder
kubectl apply -f manifests-different-namespace/ --recursive - Open a shell into the
test-employee-notebookpod in namespacecollin-brown - Run
curl -svL -o /dev/null -D - https://edition.cnn.com/politics
Tear down example with kubectl delete -f manifests-cloud-main/ --recursive
The purpose of this section is to document the setup for this standalone example in a working state. A number of changes will be made, so the diagrams below will be updated accordingly (TODO: link issue with proposed changes).
Note that I split these diagrams into two parts to reduce clutter. The first diagram illustrates how the various components are deployed and configured, while the second diagram shows the routing that takes place with the Istio egress gateway and how the various istio components fit together.
The diagram below outlines the various Kubernetes components that are involved with deploying the Egress gateway.
The diagram below shows the routing logic that takes place with the egress gateway.
- istio traffic management concepts - explains destination rules and virtual services
Footnotes
-
Istio icons provided by Istio Media Resources ↩
-
Jupyterlab icon from wikimedia-commons ↩
