From a16b2ff12bafca4afbfdce533ab633aac8451ae3 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 3 Dec 2024 18:49:16 +0000 Subject: [PATCH 1/6] docs: add istio docs --- docs/manifest.json | 5 +++++ docs/tutorials/istio.md | 28 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 docs/tutorials/istio.md diff --git a/docs/manifest.json b/docs/manifest.json index 14a9a7f5c6279..e66296f3e7d10 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -696,6 +696,11 @@ "description": "Integrate Coder with JFrog Artifactory", "path": "./admin/integrations/jfrog-artifactory.md" }, + { + "title": "Istio Integration", + "description": "Integrate Coder with an Istio Service Mesh", + "path": "./admin/integrations/istio.md" + }, { "title": "Island Secure Browser Integration", "description": "Integrate Coder with Island's Secure Browser", diff --git a/docs/tutorials/istio.md b/docs/tutorials/istio.md new file mode 100644 index 0000000000000..ac51dcbbc73b4 --- /dev/null +++ b/docs/tutorials/istio.md @@ -0,0 +1,28 @@ +# Configure Istio Service Mesh + +Integrating Istio's service mesh with Coder's Ingress enables powerful traffic management, security, and observability capabilities. By placing Coder's workspace traffic behind Istio's intelligent proxy layer, you can implement access controls, encrypt service-to-service communication, and gain visibility into your workspace network patterns. This guide walks through the process of configuring Istio alongside Coder's existing ingress controller, ensuring that developer workspaces remain accessible while benefiting from Istio's comprehensive service mesh features. + +Before proceeding, ensure you have a running Kubernetes cluster with both Coder and Istio installed, and that you have administrative access to configure both systems. Once you have access to your Coder cluster, apply the following manifest: + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: tailscale-behind-istio-ingress + namespace: istio-system +spec: + configPatches: + - applyTo: NETWORK_FILTER + match: + listener: + filterChain: + filter: + name: envoy.filters.network.http_connection_manager + patch: + operation: MERGE + value: + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + upgrade_configs: + - upgrade_type: derp +``` From d1f8f0baceb2540bc484bb46fdb70d082aee491e Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 10 Dec 2024 13:47:45 +0000 Subject: [PATCH 2/6] add feedback --- docs/tutorials/istio.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/tutorials/istio.md b/docs/tutorials/istio.md index ac51dcbbc73b4..7d8a4e41d3033 100644 --- a/docs/tutorials/istio.md +++ b/docs/tutorials/istio.md @@ -1,8 +1,8 @@ # Configure Istio Service Mesh -Integrating Istio's service mesh with Coder's Ingress enables powerful traffic management, security, and observability capabilities. By placing Coder's workspace traffic behind Istio's intelligent proxy layer, you can implement access controls, encrypt service-to-service communication, and gain visibility into your workspace network patterns. This guide walks through the process of configuring Istio alongside Coder's existing ingress controller, ensuring that developer workspaces remain accessible while benefiting from Istio's comprehensive service mesh features. +Use Istio service mesh for your Coder workspace traffic to implement access controls, encrypt service-to-service communication, and gain visibility into your workspace network patterns. This guide walks through the required steps to configure the Istio service mesh for use with Coder. -Before proceeding, ensure you have a running Kubernetes cluster with both Coder and Istio installed, and that you have administrative access to configure both systems. Once you have access to your Coder cluster, apply the following manifest: +While Istio is platform-independent, this guide assumes you are leveraging Kubernetes. Ensure you have a running Kubernetes cluster with both Coder and Istio installed, and that you have administrative access to configure both systems. Once you have access to your Coder cluster, apply the following manifest: ```yaml apiVersion: networking.istio.io/v1alpha3 From 070137c2f4fcb30c40b324f945f5b8529679ac44 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 10 Dec 2024 13:49:00 +0000 Subject: [PATCH 3/6] add feedback 2 --- docs/tutorials/istio.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/istio.md b/docs/tutorials/istio.md index 7d8a4e41d3033..7662b7604b04a 100644 --- a/docs/tutorials/istio.md +++ b/docs/tutorials/istio.md @@ -1,4 +1,4 @@ -# Configure Istio Service Mesh +# Integrate Coder with Istio Use Istio service mesh for your Coder workspace traffic to implement access controls, encrypt service-to-service communication, and gain visibility into your workspace network patterns. This guide walks through the required steps to configure the Istio service mesh for use with Coder. From 172988abefb1814c3b730734c6f9cbf4137bc679 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 10 Dec 2024 14:15:08 +0000 Subject: [PATCH 4/6] make fmt --- docs/manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manifest.json b/docs/manifest.json index e66296f3e7d10..10ced9fe74dc1 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -698,7 +698,7 @@ }, { "title": "Istio Integration", - "description": "Integrate Coder with an Istio Service Mesh", + "description": "Integrate Coder with Istio", "path": "./admin/integrations/istio.md" }, { From d0a3d87ac71ff6dfb56c8f03d14b811b38a947cb Mon Sep 17 00:00:00 2001 From: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> Date: Tue, 10 Dec 2024 19:02:33 +0000 Subject: [PATCH 5/6] make{gen,fmt} --- docs/tutorials/istio.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/tutorials/istio.md b/docs/tutorials/istio.md index 7662b7604b04a..3132052e32767 100644 --- a/docs/tutorials/istio.md +++ b/docs/tutorials/istio.md @@ -1,8 +1,15 @@ # Integrate Coder with Istio -Use Istio service mesh for your Coder workspace traffic to implement access controls, encrypt service-to-service communication, and gain visibility into your workspace network patterns. This guide walks through the required steps to configure the Istio service mesh for use with Coder. +Use Istio service mesh for your Coder workspace traffic to implement access +controls, encrypt service-to-service communication, and gain visibility into +your workspace network patterns. This guide walks through the required steps to +configure the Istio service mesh for use with Coder. -While Istio is platform-independent, this guide assumes you are leveraging Kubernetes. Ensure you have a running Kubernetes cluster with both Coder and Istio installed, and that you have administrative access to configure both systems. Once you have access to your Coder cluster, apply the following manifest: +While Istio is platform-independent, this guide assumes you are leveraging +Kubernetes. Ensure you have a running Kubernetes cluster with both Coder and +Istio installed, and that you have administrative access to configure both +systems. Once you have access to your Coder cluster, apply the following +manifest: ```yaml apiVersion: networking.istio.io/v1alpha3 From 8534aa31e431e7e679aad7f08894559a45baf265 Mon Sep 17 00:00:00 2001 From: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> Date: Wed, 11 Dec 2024 17:44:58 +0000 Subject: [PATCH 6/6] move istio doc --- docs/{tutorials => admin/integrations}/istio.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/{tutorials => admin/integrations}/istio.md (100%) diff --git a/docs/tutorials/istio.md b/docs/admin/integrations/istio.md similarity index 100% rename from docs/tutorials/istio.md rename to docs/admin/integrations/istio.md