Istio 1.6.4已经发布,更新主要是安全方面。
- 更新包括:
-
CVE-2020-12603: By sending a specially crafted packet, an attacker could cause Envoy to consume excessive amounts of memory when proxying HTTP/2 requests or responses.
- CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
CVE-2020-12605: An attacker could cause Envoy to consume excessive amounts of memory when processing specially crafted HTTP/1.1 packets.
- CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
CVE-2020-8663: An attacker could cause Envoy to exhaust file descriptors when accepting too many connections.
- CVSS Score: 7.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
CVE-2020-12604: An attacker could cause increased memory usage when processing specially crafted packets.
- CVSS Score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
-
下载:
wget https://github.com/istio/istio/releases/download/1.6.4/istio-1.6.4-linux-amd64.tar.gz
tar -vxf istio-1.6.4-linux-amd64.tar.gz设置:
# Add to ~/.profile or .bash...
$ export PATH=$PWD/bin:$PATH安装:
$ istioctl install --set profile=demo部署示范程序:
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml检查运行状态:
$ kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
发布服务到外部访问:
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created
更多参考:
