Digital Certificate and SSL


1. cryptographic algorithms, 
1.1 Conventional cryptography (symmetric key)
1.2 Public Key cryptography 
2. message digest functions, = one-way hash
3. digital signatures
Encrypt 1. digest 2. seq number 3. etc. using private key

Certificate
DER is based on BER. Digital certificate is converted to binary format using DER. Then Base64 convert + add prefix BEGIN + add suffix END = PEM format.

Cipher suite
1. Key Exchange Method : RSA, DH. with / without signature
2. Cipher for data transfer
2.1 No encryption
2.2 Steam cipher
2.3 Block cipher
3. Message Digest for creating MAC.
3.1 no digest
3.2 MD5
3.3 SHA

SSL Record Protocol between TCP and HTTP layers
1. Input from HTTP goes to RPU (Record Protocol Unit)
2. Compress input
3. add MAC
4. encrypt
5. output as TCP payload

TCPdump inside docker


For TCPDump 1
=============

k get pod productpage-v1-8554d58bff-rz25r -o json | grep containerID

docker exec ff8e6d1a169bc225ad1e357b54445e9055423189b900176bcc6cdd393f9cd83d /bin/bash -c 'cat /sys/class/net/eth0/iflink'

ip link | grep ^47

tcpdump -i

For TCPDump 2
=============

add

- name: tcpdump
   image: corfr/tcpdump
   command:
     - /bin/sleep
     - infinity
 
k get pod productpage-v1-8554d58bff-rz25r -o json | grep containerID

docker exec 867662a10a0324059b71d3be9765069b900eca4f2f5f29fdb2e7b7792fcfc726 tcpdump -s 0 -n -w /tmp/container.pcap

docker cp 867662a10a0324059b71d3be9765069b900eca4f2f5f29fdb2e7b7792fcfc726:/tmp/container.pcap .

Istio Practical - 1


Installation

Istio version istio-1.3.0-rc.1 at path Downloads/istio-1.3.0-rc.1
Helm version helm-v2.14.3

sudo apt-get install socat

kubectl create serviceaccount tiller --namespace kube-system

kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

helm init --wait --service-account tiller

kubectl create namespace istio-system

helm repo add istio.io https://storage.googleapis.com/istio-release/releases/1.2.5/charts/

helm repo update

helm template Downloads/istio-1.3.0-rc.1/install/kubernetes/helm/istio-init --name istio-init --namespace istio-system | kubectl apply -f -

helm install --wait --name istio --namespace istio-system Downloads/istio-1.3.0-rc.1/install/kubernetes/helm/istio \
  --set gateways.istio-ingressgateway.type=NodePort \
  --set gateways.istio-egressgateway.type=NodePort \
  --set grafana.enabled=true \
  --set kiali.enabled=true \
  --set kiali.dashboard.grafanaURL=http://localhost:3000 \
  --set kiali.dashboard.jaegerURL=http://localhost:16686 \
  --set servicegraph.enabled=true \
  --set telemetry-gateway.grafanaEnabled=true \
  --set telemetry-gateway.prometheusEnabled=true \
  --set tracing.enabled=true \
  --set sidecarInjectorWebhook.enabled=true \
  --set global.mtls.enabled=false

K8s Interfaces



Istio HandsOn