fdeantoni
/ spiffe-envoy.yaml
Last active
June 23, 2023 09:00
A simple gist on how to setup an envoy proxy fronting a simple echo server with mTLS enabled. The envoy proxy is connected to a spire agent providing it the certificates.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| admin: | |
| address: | |
| socket_address: { address: 0.0.0.0, port_value: 9901 } | |
| node: | |
| id: default | |
| cluster: echo | |
| static_resources: |
fdeantoni
/ ca-certificate.sh
Created
December 2, 2021 01:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ansible -i hosts nodes -b -m copy -a "src=certs/registry.crt dest=/usr/local/share/ca-certificates/registry.crt" | |
| ansible -i hosts nodes -b -m shell -a "update-ca-certificates" |
fdeantoni
/ activate-redis-cluster.sh
Created
November 24, 2021 08:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Find ClusterIPs of Redis nodes | |
| export REDIS_NODES=$(kubectl get pods -l app=redis-cluster -n redis -o json | jq -r '.items | map(.status.podIP) | join(":6379 ")'):6379 | |
| # Activate the Redis cluster | |
| kubectl exec -it redis-cluster-0 -n redis -- redis-cli --cluster create --cluster-replicas 1 ${REDIS_NODES} | |
| # Check if all went well | |
| for x in $(seq 0 5); do echo "redis-cluster-$x"; kubectl exec redis-cluster-$x -n redis -- redis-cli role; echo; done |
fdeantoni
/ redis-sts.yaml
Created
November 24, 2021 07:55
Redis Cluster stateful set for Kubernetes deployment.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: StatefulSet | |
| metadata: | |
| name: redis-cluster | |
| namespace: redis | |
| spec: | |
| serviceName: redis-cluster | |
| replicas: 6 | |
| selector: | |
| matchLabels: |
fdeantoni
/ redis-config-map.yaml
Last active
November 24, 2021 08:20
Kubernetes ConfigMap for Redis cluster deployment.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: redis-cluster | |
| namespace: redis | |
| data: | |
| update-node.sh: | | |
| #!/bin/sh | |
| REDIS_NODES="/data/nodes.conf" | |
| sed -i -e "/myself/ s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/${POD_IP}/" ${REDIS_NODES} |
fdeantoni
/ prometheus-config-map.yaml
Created
October 18, 2021 03:33
Prometheus config map for Kubernetes deployment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: prometheus-server-conf | |
| labels: | |
| name: prometheus-server-conf | |
| namespace: monitoring | |
| data: | |
| prometheus.yml: |- | |
| global: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use std::net::SocketAddr; | |
| use std::str::FromStr; | |
| use futures::StreamExt; | |
| use tokio::task; | |
| use tokio::sync::mpsc; | |
| use tokio_stream::wrappers::UnboundedReceiverStream; | |
| use uuid::Uuid; | |
| use warp::*; |
fdeantoni
/ validate_4.rs
Created
June 4, 2021 05:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ... | |
| impl Validator { | |
| // ... | |
| pub async fn is_valid(&self, key: String) -> bool { | |
| let result: bool = self | |
| .contract | |
| .query("isValid", (key.clone(),), None, Options::default(), None) |
fdeantoni
/ validate_3.rs
Created
June 4, 2021 05:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ... | |
| impl Validator { | |
| pub fn new() -> Self { | |
| let infura_project = | |
| std::env::var("INFURA_PROJECT").expect("Please set the INFURA_PROJECT env variable"); | |
| let network_url = format!("https://kovan.infura.io/v3/{}", infura_project); | |
| let vault_address = { | |
| let string = |
fdeantoni
/ validate_2.rs
Created
June 4, 2021 05:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use web3::{ | |
| contract::{Contract, Options}, | |
| transports::Http, | |
| types::H160, | |
| }; | |
| #[derive(Clone)] | |
| pub struct Validator { | |
| contract: Contract<Http>, | |
| } |
NewerOlder