This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import "fmt" | |
type Config struct { | |
name string | |
} | |
type translator func(arg ...interface{}) *Config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: security.istio.io/v1beta1 | |
kind: AuthorizationPolicy | |
metadata: | |
namespace: istio-system | |
name: deny-protect-all | |
spec: | |
action: DENY | |
rules: | |
- from: | |
- source: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cat ./server.json| jq -r '.dynamicActiveSecrets[0].secret.tlsCertificate.certificateChain.inlineBytes' | base64 --decode > output.pem | |
awk 'BEGIN {counter=0;} /BEGIN CERT/{if(counter==0)counter++} { print > "tt-" counter ".pem"}' < output.pem | |
# I am not good at AWK, in theory we just need to split the output to two parts, one the top one (workload cert), and the rest. | |
# that's below we concate all rest to a single ca file. | |
cat ./proxy-cert-2.pem ./proxy-cert-3.pem ./proxy-cert-4.pem >> ca-chain.pem | |
openssl verify -CAfile ./ca-chain.pem ./proxy-cert-1.pem | |
# output as below | |
./proxy-cert-1.pem: OK |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"configs": [ | |
{ | |
"@type": "type.googleapis.com/envoy.admin.v3.BootstrapConfigDump", | |
"bootstrap": { | |
"node": { | |
"id": "sidecar~10.10.0.108~echo-v1-96d97bcdb-9grmf.echo-7-26482~echo-7-26482.svc.cluster.local", | |
"cluster": "echo.echo-7-26482", | |
"metadata": { | |
"sidecar.istio.io/userVolume": "[\n {\"name\": \"authz-certs\", \"configMap\":{\"name\":\"authz-ca-certs\"}},\n {\"name\": \"authz-client-cred\", \"secret\":{\"secretName\":\"authz-client-cred\"}},\n {\"name\": \"shady-authz-client-cred\", \"secret\":{\"secretName\":\"shady-authz-client-cred\"}}\n ]", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: networking.istio.io/v1beta1 | |
kind: ServiceEntry | |
metadata: | |
name: nginx-se | |
spec: | |
hosts: | |
- "my-nginx.bar.svc.cluster.local" | |
ports: | |
- number: 443 | |
name: http |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://unix.stackexchange.com/questions/25122/how-to-use-regex-with-awk-for-string-replacement | |
# second answer. | |
awk 'match($0, /VIR.*/) { $0 = "HERE=\"$(cd \"...\")" } 1 { print } ' ./input.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"configs": [ | |
{ | |
"@type": "type.googleapis.com/envoy.admin.v3.BootstrapConfigDump", | |
"bootstrap": { | |
"node": { | |
"id": "router~10.40.1.10~istio-egressgateway-bdfc78ff9-lqr25.istio-system~istio-system.svc.cluster.local", | |
"cluster": "istio-egressgateway", | |
"metadata": { | |
"NAMESPACE": "istio-system", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: "security.istio.io/v1beta1" | |
kind: "AuthorizationPolicy" | |
metadata: | |
name: "authz" | |
namespace: default | |
spec: | |
selector: | |
matchLabels: | |
app: httpbin | |
rules: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import urllib.request | |
# url = | |
# 'https://storage.googleapis.com/istio-prow/logs/integ-distroless-k8s-tests_istio_postsubmit/1418/build-log.txt'submit/1418/build-log.txt' | |
def download_url(run: int, suite='integ-distroless-k8s-tests_istio_postsubmit'): | |
return f'https://storage.googleapis.com/istio-prow/logs/{suite}/{run}/build-log.txt' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"bootstrap": { | |
"node": { | |
"id": "sidecar~10.1.0.245~elasticsearch-logging-0.kubeprod~kubeprod.svc.cluster.local", | |
"cluster": "elasticsearch.kubeprod", | |
"metadata": { | |
"CLUSTER_ID": "Kubernetes", | |
"CONFIG_NAMESPACE": "kubeprod", | |
"EXCHANGE_KEYS": "NAME,NAMESPACE,INSTANCE_IPS,LABELS,OWNER,PLATFORM_METADATA,WORKLOAD_NAME,CANONICAL_TELEMETRY_SERVICE,MESH_ID,SERVICE_ACCOUNT", | |
"INSTANCE_IPS": "10.1.0.245", |