This module is used to send traffic to akto from envoy proxy in an istio setup
The lua-rdkafka module is referenced from here: https://github.com/qiuyifan/luardkafka
- We need some dependencies inside the istio-proxy container to run akto traffic collector. To create the container clone this repo and run the following commands.
docker build . -t <your-docker-id>:istio-proxy
docker push <your-docker-id>:istio-proxy- Istio allows us to use custom istio-proxy containers for any pod. We will add the container we created to the pod from which we want to send data to akto. For more information on custom istio-proxy you can check the official docs. You also need to add the You can add the istio-proxy container as follows:
...
spec:
serviceAccountName: echo-server
containers:
- name: echo-server
image: coastaldemigod/echo-server:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
# do not change the name of the container, it is used by istio to identify the istio-proxy sidecars.
- name: istio-proxy
image: <your-docker-id>/istio-proxy:latest
env:
- name: AKTO_KAFKA_IP
# you will find this on your akto dashboard after you've deployed the traffic processing stack using akto.
value: "<AKTO_NLB_IP>:9092"
volumes:
- name: tmp
emptyDir: {}
...- After modifying the configuration, apply it in your kubernetes cluster.
kubectl apply -f <your-deployment-file>- Now we will add the envoy filter to the istio-proxy containers. For more information on custom envoy filters you can check the official docs. To add that run the following command. You can modify the "match" conditions in the file according to your deployment.
Note: You can configure the filter according to your needs, and modify the kafka-ip and akto traffic read limit.
kubectl apply -f akto-envoy-filter.yamlTo delete :
kubectl delete -f akto-envoy-filter.yaml