Skip to content

Instantly share code, notes, and snippets.

View howardjohn's full-sized avatar

John Howard howardjohn

531 followers · 0 following
  • Solo.io
  • Sunnyvale, CA
View GitHub Profile
@howardjohn
howardjohn / slow-connections.go
Last active May 3, 2024 19:16
Go program that shows every N connections are dramatically slower
package main
import (
"flag"
"net"
"time"
"log"
)
@howardjohn
howardjohn / tls-proxy.go
Created September 11, 2023 18:55
Trivial TLS proxy. Do not use, its neither tested nor secure.
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"flag"
syscall "golang.org/x/sys/unix"
@howardjohn
howardjohn / otel-trace.sh
Created July 11, 2023 14:44
Example of three different ways to use otel tracing in bash. See https://blog.howardjohn.info/posts/shell-tracing/
#!/bin/bash
# Usage: tracing::init [endpoint; default localhost:4317]
function tracing::init() {
export OTEL_EXPORTER_OTLP_ENDPOINT="${1:-${OTEL_EXPORTER_OTLP_ENDPOINT:-localhost:4317}}"
}
# Usage: tracing::auto::init [endpoint; default localhost:4317]
function tracing::auto::init() {
tracing::init
@howardjohn
howardjohn / otel-auto-trace.sh
Created July 8, 2023 00:04
A terrible terrible hack to automatically trace shell function exeuction
#!/bin/bash
export OTEL_EXPORTER_OTLP_ENDPOINT=localhost:4317
function gen-uid() {
tr -dc 'a-f0-9' < /dev/urandom | head -c$1
}
trace=`gen-uid 32`
spans=()
starts=()
@howardjohn
howardjohn / perfetto-upload.sh
Created July 7, 2023 21:36
A CLI to upload a trace to perfetto. There must be a better way, but... here it is.
#!/bin/bash
t="$(mktemp -d)"
cp "${1:?file to trace}" "$t/trace"
cat <<'EOF' > "$t/index.html"
<!doctype html>
<html lang="en-us">
<link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">
<body>
@howardjohn
howardjohn / README.md
Last active January 12, 2023 15:52
Policies with multiple service accounts

This script analyzes AuthorizationPolicies in a cluster and checks whether there are Selector based policies that span multiple service accounts. This info may help guide future API decisions.

Example output:

$ curl -sL https://gist.githubusercontent.com/howardjohn/ae20c608bebfb79e701009ee8f83b57b/raw/8af7a83dff4ed000b18858cc96527b6c1f688ed8/find-cross-service-account-policies | sh
Policy echo/echo/ns1 has selects service accounts 'alpha,beta,', but doesn't fully select 'alpha,'
Policy echo/echo/ns1 has 2 Service accounts: 'alpha beta,
Policy echo/echo/policy has selects service accounts 'waypoint,', but doesn't fully select 'waypoint,'
Root Policy istio-system/ns1 has 2 Service accounts: alpha beta
@howardjohn
howardjohn / README.md
Last active September 14, 2022 17:06

Demo of experimental Gateway API for Mesh

Concrete example:

$ kubectl apply -f demo-install.yaml
$ kubectl apply -f demo.yaml
$ kubectl exec deployment/shell -- curl -s echo/{0..10} | grep Hostname=
Hostname=echo-v1-f9bc8b978-jwvvx
Hostname=echo-v2-6b54fc5c67-jltt2
@howardjohn
howardjohn / run.sh
Created February 10, 2022 17:55
Consumer vs producer
# This script checks which virtual services are creating in producer namespaces (eg defining a VirtualService for a Service I own) vs in consumer namespce (defining a VirtualService for a Service in another namespace).
# Raw results
kubectl get vs -A -ojson | jq '.items[] | {match: (.spec.hosts[] | select(. | contains(".svc.cluster.local")) | split(".")[1]), ns: .metadata.namespace}' -c
# Just get the counts
kubectl get vs -A -ojson | jq '[.items[] | {match: (.spec.hosts[] | select(. | contains(".svc.cluster.local")) | split(".")[1]), ns: .metadata.namespace}] | group_by(.match == .ns)| map(length) | "Consumer: " + (.[0] | tostring) + "\nProducer: " + (.[1] | tostring)' -r
@howardjohn
howardjohn / go-compile-without-link
Created June 2, 2021 22:04
Compile all go tests, quickly, without running them
@howardjohn
howardjohn / README.md
Created February 24, 2021 18:23
Multinetwork statefulsets

Multicluster statefulset

alpha.yaml: install in cluster "alpha" beta.yaml: install in cluster "beta"

Results:

Same network

  • echo-alpha.default: sort of works, but load balancing is broken (istio/istio#31064)