Create Istio resources

To create new Istio resources for your service mesh, navigate to MENU > ISTIO RESOURCES, click CREATE NEW, and select an Istio resource from the listed Type in the resource selector.

Create new resources Create new resources

Resource selector Resource selector

Depending on your selection, a YAML editor with a pre-populated resource template is displayed. Here, you can customize the YAML and validate the correctness of the syntax and content before creating the custom resource. For resource-specific details on creating the different resources, see the respective section on this page.

Authorization policy

Using the Authorization policy, you can add access control on workloads in the mesh. This policy supports CUSTOM, DENY, and ALLOW actions for access control. For more information, see the Istio documentation.

  1. To create an Authorization policy in your service mesh, select the Authorization policy from the resource selector. An editor with the pre-populated template for the Authorization policy custom resource is displayed.

    Authorization policy YAML editor Authorization policy YAML editor

  2. To choose a particular resource template in the Authorization policy, click on the Template dropdown.

    Authorization policy template dropdown Authorization policy template dropdown

  3. Edit the selected template. To validate the resource’s correctness, click Validate Validate Validate icon.

  4. To create and apply the Authorization policy, click Create.

Destination rule

Destination rule defines policies to configure:

  • load balancing
  • connection pool size from sidecar
  • outlier detection
  • load balancing with subset and sticky sessions

To learn more about how to create the destination rules for in-mesh traffic, see Circuit Breaking.

  1. To create a Destination rule in your service mesh, select the Destination rule from the resource selector. An editor with the pre-populated template for the Destination rule custom resource is displayed.

    Destination rule YAML editor Destination rule YAML editor

  2. To choose a particular resource template in the Destination rule, click on the Template dropdown.

    Destination rule template dropdown Destination rule template dropdown

  3. Edit the selected template. To validate the resource correctness, click Validate Validate Validate icon.

  4. To create and apply the Destination rule, click Create.

Gateway

The Gateway resource describes the port configuration of the gateway deployment that operates at the edge of the mesh and receives incoming or outgoing HTTP/TCP connections. The specification describes a set of ports that should be exposed, the type of protocol to use, TLS configuration – if any – of the exposed ports, and so on.

  1. To create a Gateway resource in your service mesh, select Gateway from the resource selector. An editor with the pre-populated template for the Gateway resource is displayed.

    Gateway YAML editor Gateway YAML editor

  2. To choose a particular resource template in Gateway, click on the Template dropdown.

    Gateway policy template dropdown Gateway policy template dropdown

  3. Edit the selected template. To validate the resource’s correctness, click Validate Validate Validate icon.

  4. To create and apply the Gateway resource, click Create.

Mesh gateway

Service Mesh Manager provides a custom resource called IstioMeshGateway. It uses a separate controller to reconcile gateways allowing you to use multiple gateways in multiple namespaces. That way, you can also control who can manage gateways, without having permissions to modify other parts of the Istio mesh configuration. To learn more about mesh gateway in Calisti see Gateways.

  1. To create a Mesh gateway in your service mesh, select Mesh gateway from the resource selector. An editor with the pre-populated template for the Mesh gateway is displayed.

    Mesh gateway YAML editor Mesh gateway YAML editor

    Note: For more information refer Create ingress and Create egress gateways documentation

  2. To choose a particular resource template in the Mesh gateway, click the Template dropdown.

    Mesh gateway template dropdown Mesh gateway template dropdown

  3. Edit the selected template. To validate the resource correctness, click the Validate Validate Validate icon.

  4. To create and apply the Mesh gateway, click Create.

Peer authentication

Peer authentication determines if and how the traffic is routed to the sidecar.

  1. To create a Peer authentication in your service mesh, select Peer authentication from the resource selector. An editor with the pre-populated template for the Peer authentication is displayed.

    Peer authentication YAML editor Peer authentication YAML editor

  2. To choose a particular resource template in Peer authentication, click on the Template dropdown.

    Peer authentication template dropdown Peer authentication template dropdown

  3. Edit the selected template. To validate the resource’s correctness, click the Validate Validate Validate icon.

  4. To create and apply the Peer authentication resource, click Create.

Virtual services

The VirtualService resource defines a set of traffic routing rules to apply when a host is addressed. Each routing rule defines matching criteria for the traffic of a specific protocol. If the traffic matches a routing rule, then it is sent to a named destination service defined in the registry.

  1. To create a Virtual service in your service mesh, select Virtual services from the resource selector. An editor with the pre-populated template for the Virtual services is displayed.

    Virtual services YAML editor Virtual services YAML editor

  2. To choose a particular resource template in Virtual service, click on the Template dropdown.

    Virtual services template dropdown Virtual services template dropdown

  3. Edit the selected template. To validate the resource’s correctness, click the Validate Validate Validate icon.

  4. To apply the Virtual services, click Create.