Task 15: Configure Sidecar for Egress in Lime Namespace

Step 1: Switch to Correct Context

kubectl config use-context cluster3-admin@cluster3

Step 2: Create Sidecar Resource

kubectl apply -f - <<'EOF'
apiVersion: networking.istio.io/v1
kind: Sidecar
metadata:
  name: default
  namespace: lime
spec:
  outboundTrafficPolicy:
    mode: REGISTRY_ONLY
  egress:
  - hosts:
    - "./*"
    - "olive/*"
    - "istio-system/*"
EOF

Step 3: Verify Configuration

# Check Sidecar resource
kubectl get sidecar -n lime
kubectl describe sidecar default -n lime

# Verify egress hosts configuration
kubectl get sidecar default -n lime -o jsonpath='{.spec.egress[*].hosts}'

Testing

# Test egress to olive namespace (allowed by Sidecar)
kubectl exec -n lime sleep-lime -- curl -sS http://olive-echo.olive.svc.cluster.local
# Expected: Success

# Test egress to istio-system namespace (allowed by Sidecar)
kubectl exec -n lime sleep-lime -- curl -sS http://istiod.istio-system.svc.cluster.local:15014/version
# Expected: Success

# Verify Sidecar configuration
kubectl get sidecar default -n lime -o yaml

# Check that egress is restricted - test access to namespace not in egress list
kubectl exec -n lime sleep-lime -- curl -sS http://echo-pearl.pearl.svc.cluster.local --max-time 5
# Expected: Connection timeout or error (pearl namespace not in allowed egress list)
# With outboundTrafficPolicy: REGISTRY_ONLY, only services in egress hosts are accessible

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Task 15: Configure Sidecar for Egress in Lime Namespace

Step 1: Switch to Correct Context

Step 2: Create Sidecar Resource

Step 3: Verify Configuration

Testing

FilesExpand file tree

15.MD

Latest commit

History

15.MD

File metadata and controls

Task 15: Configure Sidecar for Egress in Lime Namespace

Step 1: Switch to Correct Context

Step 2: Create Sidecar Resource

Step 3: Verify Configuration

Testing