Start minikube with addons - minikube start --addons ingress,ingress-dns
Bootstrap services with Tilt:
$ cat Tiltfile
ip=str(local('minikube ip')).strip()
tld='{}.nip.io'.format(ip)
# Crudely patch host names to use TLD.
Matt Goodall atomatt
atomatt
/ kind-create-cluster-localhost-ingress.sh
Last active
December 8, 2023 15:45
kind cluster with ingress bound to 127.0.0.1 (or your preferred address)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -eu | |
| # Use INGRESS_LISTEN_ADDRESS to override the bind address, e.g. if you need to | |
| # put ingress on a different network because something else has 127.0.0.1 | |
| # | |
| # $ sudo ip addr add 10.10.10.10/32 dev lo | |
| # $ INGRESS_LISTEN_ADDRESS=10.10.10.10 kind-create-cluster-localhost-ingress.sh | |
| ingress_listen_address="${INGRESS_LISTEN_ADDRESS:-127.0.0.1}" |
atomatt
/ benthos.yaml
Last active
January 1, 2024 11:23
Benthos example - 3 sftp servers with duplicated content, at least once delivery for each file found
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input: | |
| broker: | |
| inputs: | |
| - sftp: | |
| address: sftp1:22 | |
| credentials: | |
| username: u | |
| password: p | |
| paths: | |
| - /inbox/*.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: kafka | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: kafka | |
| template: | |
| metadata: |
Quick and dirty example of protecting a service with an authenticating nginx proxy and HTTP basic auth. The proxy passes the identity of the caller to the upstream. Key rotation is (sort-of) supported.
The easiest way to play is in a local minikube with ingress, minikube start --addons ingress,ingress-dns, and Tilt to inject the development domain (via nip.io).
Overview:
- Ingress is via the auth proxy. The auth proxy forwards to the real service.
- Users are in a htpasswd file in a ConfigMap.
- Adding new credentials is easy, e.g.
htpasswd -nbB alice p. bcrypt should mean they're safe enough but it could be stored in a vault easily enough. - Adding a "$identity/$n" prefix means credentials can be rotated without changing the caller's identity.
atomatt
/ Kong auth proxy for Kubernetes service.md
Last active
September 6, 2021 14:27
Kong auth proxy for Kubernetes service
A HTTP API, purely to demo. Normally, it would not be accessible inside the cluster (remove the type: NodePort).
apiVersion: apps/v1
kind: Deployment
metadata:
name: http-api
spec:
selector:
matchLabels:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM alpine as protoc | |
| RUN apk add unzip | |
| ADD https://github.com/protocolbuffers/protobuf/releases/download/v3.14.0/protoc-3.14.0-linux-x86_64.zip / | |
| WORKDIR /protoc | |
| RUN unzip /protoc-3.14.0-linux-x86_64.zip | |
| FROM golang:1.15.6 as protoc-go | |
| RUN \ | |
| export GO111MODULE=on && \ |
atomatt
/ docker-proxy.sh
Created
December 3, 2020 10:47
TCP proxy from host to service port in a docker container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -eu | |
| network="${1:?network is required}" | |
| service_name="${2:?service name is required}" | |
| service_port="${3:?service port is required}" | |
| host_port="${4:-${service_port}}" | |
| docker run --rm \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Preact Demo</title> | |
| <style> | |
| a { | |
| text-decoration: underline; | |
| cursor: pointer; | |
| } | |
| </style> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Bring up a cluster ... | |
| $ sudo kubeadm init | |
| # Copy config across for your user ... | |
| mkdir -p $HOME/.kube | |
| sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config | |
| sudo chown $(id -u):$(id -g) $HOME/.kube/config | |
| # "Taint" the master node so you can use it as a node ... | |
| $ kubectl taint nodes --all node-role.kubernetes.io/master- |
NewerOlder