---
# Istio Traffic Policy для управления трафиком
# Автор: Сергей Антропов
# Сайт: https://devops.org.ru

# mesh-wide mTLS STRICT
apiVersion: security.istio.io/v1
kind: PeerAuthentication
metadata:
  name: default
  namespace: istio-system
spec:
  mtls:
    mode: STRICT

---
# Пример строгой политики для bookinfo (pool + outlier)
apiVersion: networking.istio.io/v1
kind: DestinationRule
metadata:
  name: productpage-policy
  namespace: bookinfo
spec:
  host: productpage.bookinfo.svc.cluster.local
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
    connectionPool:
      tcp:
        maxConnections: 100
      http:
        http1MaxPendingRequests: 1000
        maxRequestsPerConnection: 100
    outlierDetection:
      consecutive5xx: 5
      interval: 5s
      baseEjectionTime: 30s
      maxEjectionPercent: 50

---
apiVersion: networking.istio.io/v1
kind: DestinationRule
metadata:
  name: reviews-policy
  namespace: bookinfo
spec:
  host: reviews.bookinfo.svc.cluster.local
  subsets:
  - name: v1
    labels: { version: v1 }
  - name: v2
    labels: { version: v2 }
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
    connectionPool:
      tcp:
        maxConnections: 100
      http:
        http1MaxPendingRequests: 1000
        maxRequestsPerConnection: 100
    outlierDetection:
      consecutive5xx: 3
      interval: 5s
      baseEjectionTime: 30s
      maxEjectionPercent: 50