Mandar U Jog mandarjog
mandarjog
/ gist:c75fbebc5c16dc3c4a8daa90d4153ff9
Created
November 6, 2019 21:26
Updating Pilot variables with GKE-add-on
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Updating pilot envvars is not possible with istio-on-gke add-on because of the reconciliation loop. | |
| The following steps can update pilot environment variables. | |
| 1. Create a config map with the delegation script | |
| kubectl -n istio-system apply -f https://gist.githubusercontent.com/mandarjog/c5fd7201e0d0618d562d0b18cbeebfd8/raw/ae52fb362a5578530e38fe01ee3e40fa2f4b9a8c/istio-pilot-config-map.yaml | |
| The script unsets PILOT_DISABLE_XDS_MARSHALING_TO_ANY env var. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: script | |
| data: | |
| run.sh: | | |
| #!/bin/bash | |
| set -ex | |
| WD=$(dirname $0) | |
| WD=$(cd $WD;pwd) |
mandarjog
/ v2_xds_stackdriver.yaml
Last active
November 1, 2019 15:22
telemetrv2 sidecar xds config (INBOUND)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Note that listener.trafficDirection should match "stackdriver_${traffic_direction}" | |
| # https://github.com/envoyproxy/envoy-wasm/blob/master/api/envoy/config/wasm/v2/wasm.proto | |
| # INBOUND | |
| filters: | |
| - name: envoy.http_connection_manager | |
| typed_config: | |
| '@type': type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager | |
| forward_client_cert_details: APPEND_FORWARD | |
| generate_request_id: true | |
| http_filters: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source: twoPodTest/templates/als.yaml | |
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: accesslog-grpc | |
| name: accesslog-grpc | |
| spec: | |
| selector: | |
| matchLabels: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [2019-06-11 04:01:16.200][196][debug][filter] [src/envoy/http/mixer/filter.cc:162] Called Mixer::Filter : check complete OK | |
| [2019-06-11 04:01:16.200][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:833] [C2165][S12105457795138984540] decode headers called: filter=0x5145770 status=0 | |
| [2019-06-11 04:01:16.200][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:833] [C2165][S12105457795138984540] decode headers called: filter=0x538d270 status=0 | |
| [2019-06-11 04:01:16.200][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:833] [C2165][S12105457795138984540] decode headers called: filter=0x5266c30 status=0 | |
| [2019-06-11 04:01:16.200][196][debug][router] [external/envoy/source/common/router/router.cc:332] [C2165][S12105457795138984540] cluster 'outbound|8080||fortioclient.twopods.svc.cluster.local' match for URL '/lgraph2' | |
| [2019-06-11 04:01:16.200][196][debug][router] [external/envoy/source/common/router/router.cc:393] [C2165][S12105457795138984540 |
mandarjog
/ GCLB with istio-on-gke-1.1.3
Created
June 4, 2019 17:20
GCLB Istio-addon 1.1.3 NodePort gateway
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Istio 1.1.3 Istio-add-on does not support a NodePort option for gateway. | |
| We therefore clone the istio-ingressgateway as istio-ingressgateway-private | |
| 1. Clone istio-ingressgateway service | |
| a. Modify name | |
| b. Remove all unnecessary config | |
| %> kubectl -n istio-system get svc istio-ingressgateway -o yaml | sed -e 's/istio-ingressgateway/istio-ingressgateway-private/g' -e '/clusterIP/d' -e '/nodePort/d' -e '/targetPort/d' -e 's/type: LoadBalancer/type: NodePort/g' -e '/addonmanager.kubernetes.io/d' -e '/kubernetes.io\/cluster-service/d' > private-svc.yaml | |
| 2. Clone istio-ingressgateway deployment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "svc01-0.local:80", | |
| "domains": [ | |
| "svc01-0.local", | |
| "svc01-0.local:80" | |
| ], | |
| "routes": [ | |
| { | |
| "match": { | |
| "prefix": "/" |
mandarjog
/ istio-ingressgateway-config.json
Last active
March 25, 2019 19:15
istio ingress large config example
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "configs": [ | |
| { | |
| "@type": "type.googleapis.com/envoy.admin.v2alpha.BootstrapConfigDump", | |
| "bootstrap": { | |
| "node": { | |
| "id": "router~10.16.42.131~istio-ingressgateway-6db44bd95b-5hrbj.istio-system~istio-system.svc.cluster.local", | |
| "cluster": "istio-ingressgateway", | |
| "metadata": { | |
| "POD_NAME": "istio-ingressgateway-6db44bd95b-5hrbj", |
mandarjog
/ gist:d83e8e1f2dc8cf8a085dd4c291c81034
Created
March 22, 2019 05:27
Espn actively redirecting to non https site
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ``` | |
| $ curl -v https://www.espn.com | |
| * Rebuilt URL to: https://www.espn.com/ | |
| * Trying 52.33.100.133... | |
| * TCP_NODELAY set | |
| * Connected to www.espn.com (52.33.100.133) port 443 (#0) | |
| * ALPN, offering h2 | |
| * ALPN, offering http/1.1 | |
| * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH |
mandarjog
/ wrk2 output format
Last active
February 22, 2019 18:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mjog@devinstance:/mnt/disks/sdb/go/src/istio.io/tools/perf/servicegraph/templates$ wrk -c 1000 -t 30 -d 120 -R 5000 -U http://fortioserver.v11.perf.qualistio.org/echo?size=1024 | |
| Running 2m test @ http://fortioserver.v11.perf.qualistio.org/echo?size=1024 | |
| 30 threads and 1000 connections | |
| Thread calibration: mean lat.: 3.271ms, rate sampling interval: 10ms | |
| Thread calibration: mean lat.: 3.320ms, rate sampling interval: 10ms | |
| Thread calibration: mean lat.: 3.414ms, rate sampling interval: 10ms | |
| Thread calibration: mean lat.: 3.272ms, rate sampling interval: 10ms | |
| Thread calibration: mean lat.: 3.276ms, rate sampling interval: 10ms | |
| Thread calibration: mean lat.: 3.168ms, rate sampling interval: 10ms | |
| Thread calibration: mean lat.: 3.198ms, rate sampling interval: 10ms |