Skip to content

Instantly share code, notes, and snippets.

@cscetbon

cscetbon/aspen-mesh-cni-testing.yaml

Created September 24, 2019 13:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cscetbon/d67c5b0746e968756728f3bd7e44232e to your computer and use it in GitHub Desktop.
Save cscetbon/d67c5b0746e968756728f3bd7e44232e to your computer and use it in GitHub Desktop.
Download ZIP
CassKop Istio Tests
Raw
aspen-mesh-cni-testing.yaml
apiVersion: "authentication.istio.io/v1alpha1"
kind: "MeshPolicy"
metadata:
name: "default"
spec:
peers:
- mtls: {}
# ---
# apiVersion: "authentication.istio.io/v1alpha1"
# kind: "Policy"
# metadata:
# name: "default"
# namespace: "cassandra-e2e"
# spec:
# peers:
# - mtls: {}
# ---
apiVersion: "networking.istio.io/v1alpha3"
kind: "DestinationRule"
metadata:
name: "default"
namespace: "cassandra-e2e"
spec:
# host: "*.cassandra-e2e.svc.cluster.local"
host: "*.local"
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
---
apiVersion: v1
kind: Service
metadata:
labels:
app: cassandra
namespace: cassandra-e2e
name: cassandra
spec:
clusterIP: None
ports:
- name: tcp-client
port: 9042
- name: tcp-intra-node
port: 7000
- name: tcp-tls-intra-node
port: 7001
- name: tcp-jmx
port: 7199
selector:
app: cassandra
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: cassandra-e2e
name: cassandra
labels:
app: cassandra
spec:
serviceName: cassandra
replicas: 2
selector:
matchLabels:
app: cassandra
template:
metadata:
labels:
app: cassandra
# annotations:
# sidecar.istio.io/controlPlaneAuthPolicy: DISABLE
# sidecar.istio.io/controlPlaneAuthPolicy: NONE
# sidecar.istio.io/controlPlaneAuthPolicy: MUTUAL_TLS
spec:
terminationGracePeriodSeconds: 1800
containers:
- name: cassandra
image: orangeopensource/cassandra-image:3.11.4-8u212-0.3.1-cqlsh
# image: cscetbon/cassandra-image:3.11.4-8u212-0.3.1
# command:
# - /sbin/dumb-init
# - /bin/bash
# - -c
# # NODES OK, LOCAL/REMOTE JMX OK
# - sed -e 's/^\(CASSANDRA_LISTEN_ADDRESS\)=.*/\1=127.0.0.1/' /run.sh > /tmp/run.sh && cat /tmp/run.sh > /run.sh && /run.sh
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
name: native
resources:
limits:
cpu: "1"
memory: 768Mi
requests:
cpu: "1"
memory: 768Mi
securityContext:
capabilities:
add:
- IPC_LOCK
livenessProbe:
exec:
command:
- /bin/bash
- -c
- nodetool status
failureThreshold: 3
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 20
readinessProbe:
exec:
command:
- /bin/bash
- -c
- /ready-probe.sh
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
env:
- name: MAX_HEAP_SIZE
value: 192M
- name: CASSANDRA_SEEDS
value: cassandra-0.cassandra.cassandra-e2e.svc.cluster.local
- name: CASSANDRA_CLUSTER_NAME
value: K8Demo
- name: CASSANDRA_DC
value: DC1-K8Demo
- name: CASSANDRA_RACK
value: Rack1-K8Demo
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
Raw
aspen-mesh-testing-ok.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: cassandra
namespace: cassandra-e2e
name: cassandra
spec:
clusterIP: None
ports:
- name: tcp-client
port: 9042
- name: tcp-intra-node
port: 7000
- name: tcp-tls-intra-node
port: 7001
- name: tcp-jmx
port: 7199
selector:
app: cassandra
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: cassandra-e2e
name: cassandra
labels:
app: cassandra
spec:
serviceName: cassandra
replicas: 2
selector:
matchLabels:
app: cassandra
template:
metadata:
labels:
app: cassandra
spec:
terminationGracePeriodSeconds: 1800
containers:
- name: pod-ip-access
securityContext:
runAsUser: 0
capabilities:
add:
- NET_ADMIN
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: IPTABLE_CMD
value: iptables -t nat -I ISTIO_OUTPUT -d $(POD_IP) -j RETURN
image: cscetbon/alpine-dumb-init-iptables
# image: istio/proxyv2:1.1.7
command:
- /usr/bin/dumb-init
- /bin/sh
- -c
- iptables -t nat -C ISTIO_OUTPUT -d ${POD_IP} -j RETURN && sleep 1000d || iptables -t nat -I ISTIO_OUTPUT -d ${POD_IP} -j RETURN
# - trap 'exit 0' 15; iptables -t nat -C ISTIO_OUTPUT -d ${POD_IP} -j RETURN && sleep 1000d || iptables -t nat -I ISTIO_OUTPUT -d ${POD_IP} -j RETURN
# - trap 'exit 0' SIGKILL SIGALRM SIGTERM; $(echo ${IPTABLE_CMD}|sed -e 's/I /C /') && exec sleep 1000d || $(${IPTABLE_CMD})
- name: cassandra
# image: gcr.io/google-samples/cassandra:v14
# command:
# - /usr/bin/dumb-init
# - /bin/bash
# - -c
# - sed -i 's/^CASSANDRA_LISTEN_ADDRESS=.*/CASSANDRA_LISTEN_ADDRESS=\"127.0.0.1\"/' /run.sh && /run.sh
# image: cscetbon/cassandra-image:listen-localhost
image: cscetbon/cassandra-image:3.11.4-8u212-0.3.1
command:
- /sbin/dumb-init
- /bin/bash
- -c
# NODES OK, LOCAL/REMOTE JMX OK
- sed -e 's/^\(CASSANDRA_LISTEN_ADDRESS\)=.*/\1=127.0.0.1/' /run.sh|sponge /run.sh /etc/cassandra/cassandra-env.sh && /run.sh
# - sed -i -e 's/# \(.*public name\)/\1/' -e "s/.public name./0.0.0.0/" /etc/cassandra/cassandra-env.sh && /run.sh
# - sed -i -e 's/# \(.*public name\)/\1/' -e "s/.public name./$POD_IP/" /etc/cassandra/cassandra-env.sh && /run.sh
# Can't listen on a wildcard :(
# - sed -e 's/^\(CASSANDRA_LISTEN_ADDRESS\)=.*/\1=0.0.0.0/' /run.sh|sponge /run.sh && /run.sh
# with iptables, NODES NOK, LOCAL/REMOTE JMX OK
# without iptables, NODES NOK, LOCAL/REMOTE JMX NOK
# - /run.sh # JMX listens on 0.0.0.0:7199
# NODES OK, LOCAL JMX OK, REMOTE JMX NOK
# - sed -e 's/^\(CASSANDRA_LISTEN_ADDRESS\)=.*/\1=127.0.0.1/' -e 's/\(LOCAL_JMX\)=no/\1=yes/' /run.sh|sponge /run.sh /etc/cassandra/cassandra-env.sh && /run.sh
# NODES NOK BUT REMOTE/LOCAL JMX OK - /run.sh
# - sed -i -e 's/# \(.*public name\)/\1/' -e "s/.public name./$POD_IP/" /etc/cassandra/cassandra-env.sh && /run.sh
# TEST 1
# - sed -e 's/^\\(CASSANDRA_LISTEN_ADDRESS\\)=.*/\\1=127.0.0.1/' /run.sh|sponge /run.sh && sed -e 's/# \\(.*public name\\)/\\1/' -e "s/.public name./$POD_IP/" /etc/cassandra/cassandra-env.sh && /run.sh
# NODES OK, LOCAL JMX OK, REMOTE JMX NOK
# - sed -e 's/^\(CASSANDRA_LISTEN_ADDRESS\)=.*/\1=127.0.0.1/' -e 's/\(LOCAL_JMX\)=no/\1=yes/' /run.sh|sponge /run.sh && sed -i -e 's/# \(.*public name\)/\1/' -e "s/.public name./$POD_IP/" /etc/cassandra/cassandra-env.sh && /run.sh
# image: orangeopensource/cassandra-image:3.11.4-8u212-0.3.1
imagePullPolicy: Always
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
resources:
limits:
cpu: "1"
memory: 768Mi
requests:
cpu: "1"
memory: 768Mi
securityContext:
capabilities:
add:
- IPC_LOCK
livenessProbe:
exec:
command:
- /bin/bash
- -c
- nodetool status
failureThreshold: 3
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 20
readinessProbe:
exec:
command:
- /bin/bash
- -c
- /ready-probe.sh
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
env:
- name: MAX_HEAP_SIZE
value: 192M
- name: CASSANDRA_SEEDS
value: cassandra-0.cassandra.cassandra-e2e.svc.cluster.local
- name: CASSANDRA_CLUSTER_NAME
value: K8Demo
- name: CASSANDRA_DC
value: DC1-K8Demo
- name: CASSANDRA_RACK
value: Rack1-K8Demo
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
Raw
aspen-mesh-testing.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: cassandra
namespace: cassandra-e2e
name: cassandra
spec:
clusterIP: None
ports:
- name: tcp-client
port: 9042
- name: tcp-intra-node
port: 7000
- name: tcp-tls-intra-node
port: 7001
- name: tcp-jmx
port: 7199
selector:sss
app: cassandradddddddd
---
apiVersion: apps/v1s
kind: StatefulSet
metadata:
namespace: cassandra-e2e
name: cassandra
labels:
app: cassandra
spec:
serviceName: cassandra
replicas: 2
selector:
matchLabels:
app: cassandra
template:
metadata:
labels:
app: cassandra
spec:
terminationGracePeriodSeconds: 1800
containers:
- name: pod-ip-access
securityContext:
runAsUser: 0
capabilities:
add:
- NET_ADMIN
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: IPTABLE_CMD
value: iptables -t nat -I ISTIO_OUTPUT -d $(POD_IP) -j RETURN
image: cscetbon/alpine-dumb-init-iptables
command:
- /usr/bin/dumb-init
- /bin/sh
- -c
- iptables -t nat -C ISTIO_OUTPUT -d ${POD_IP} -j RETURN && sleep 1000d || iptables -t nat -I ISTIO_OUTPUT -d ${POD_IP} -j RETURN
- name: cassandra
image: cscetbon/cassandra-image:3.11.4-8u212-0.3.1
command:
- /sbin/dumb-init
- /bin/bash
- -c
- sed -e 's/^\(CASSANDRA_LISTEN_ADDRESS\)=.*/\1=127.0.0.1/' /run.sh|sponge /run.sh /etc/cassandra/cassandra-env.sh && /run.sh
imagePullPolicy: Always
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
resources:
limits:
cpu: "1"
memory: 768Mi
requests:
cpu: "1"
memory: 768Mi
securityContext:
capabilities:
add:
- IPC_LOCK
livenessProbe:
exec:
command:
- /bin/bash
- -c
- nodetool status
failureThreshold: 3
initialDelaySeconds: 120
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 20
readinessProbe:
exec:
command:
- /bin/bash
- -c
- /ready-probe.sh
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
env:
- name: MAX_HEAP_SIZE
value: 192M
- name: CASSANDRA_SEEDS
value: cassandra-0.cassandra.cassandra-e2e.svc.cluster.local
- name: CASSANDRA_CLUSTER_NAME
value: K8Demo
- name: CASSANDRA_DC
value: DC1-K8Demo
- name: CASSANDRA_RACK
value: Rack1-K8Demo
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
Raw
aspen-mesh.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: cassandra
namespace: cassandra-e2e
name: cassandra
spec:
clusterIP: None
ports:
- name: tcp-client
port: 9042
- name: tcp-intra-node
port: 7000
- name: tcp-tls-intra-node
port: 7001
- name: tcp-jmx
port: 7199
selector:
app: cassandra
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: cassandra-e2e
name: cassandra
labels:
app: cassandra
spec:
serviceName: cassandra
replicas: 2
selector:
matchLabels:
app: cassandra
template:
metadata:
labels:
app: cassandra
spec:
terminationGracePeriodSeconds: 1800
containers:
- name: cassandra
image: gcr.io/google-samples/cassandra:v14
command:
- /usr/bin/dumb-init
- /bin/bash
- -c
# - sed -i 's/^CASSANDRA_LISTEN_ADDRESS=.*/CASSANDRA_LISTEN_ADDRESS="127.0.0.1"/' /run.sh && /run.sh
- /run.sh
imagePullPolicy: Always
ports:
- containerPort: 7000
name: intra-node
- containerPort: 7001
name: tls-intra-node
- containerPort: 7199
name: jmx
- containerPort: 9042
resources:
limits:
cpu: "1"
memory: 768Mi
requests:
cpu: "1"
memory: 768Mi
securityContext:
capabilities:
add:
- IPC_LOCK
env:
- name: MAX_HEAP_SIZE
value: 192M
- name: CASSANDRA_SEEDS
value: "cassandra-0.cassandra.cassandra-e2e.svc.cluster.local"
- name: CASSANDRA_CLUSTER_NAME
value: "K8Demo"
- name: CASSANDRA_DC
value: "DC1-K8Demo"
- name: CASSANDRA_RACK
value: "Rack1-K8Demo"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment