Paul Weil pweil-

## haproxy.conf
os_http_be.map and os_sni_passthrough.map are both just empty files

## gist:0817e7d37ea8daab6d2f

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                pweil-
                / gist:0817e7d37ea8daab6d2f
            
            
              Last active
              June 8, 2022 03:15
            
              
                Testing Sticky Sessions
              
          
    Overview


Sticky sessions are provided in two ways, cookies and stick-tables
Routes that run with an http mode backend (unsecure, edge, and reencrypt) utilize cookies
Routes that run with a tcp mode backend utilize stick-tables
Sticky sessions are implementation specific to a router.  We have implemented them in the HAProxy template router.

Testing Cookie Based Sticky Sessions


## gist:e7b156476c6171f04140370708f0cd56
###
# Create mirror repo following disconnected instructions
###

# create dir
mkdir -p ~/registry1/{auth,certs,data}

# create cert
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ~/registry1/certs/domain.key -x509 -days 365 -out ~/registry1/certs/domain.crt

## gist:7cf2f394f687f7805d164957e699bff0
[pweil@paperweight metering-operator]$ podman ps
CONTAINER ID  IMAGE                                                 COMMAND               CREATED      STATUS          PORTS                     NAMES
b011e03c9613  registry.redhat.io/redhat/redhat-operator-index:v4.6  registry serve -d...  5 hours ago  Up 5 hours ago  0.0.0.0:50051->50051/tcp  relaxed_brattain


[pweil@paperweight metering-operator]$ grpcurl -plaintext localhost:50051 api.Registry/ListPackages
{
  "name": "amq-streams"
}

## foo_test.go
package e2e

import (
	"context"
	deploy "github.com/kube-reporting/metering-operator/pkg/deploy"
	"github.com/kube-reporting/metering-operator/test/deployframework"
	v1 "k8s.io/api/core/v1"
	"k8s.io/api/storage/v1beta1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"testing"

## types.go
package e2e

import (
	"github.com/kube-reporting/metering-operator/test/deployframework"
	"github.com/kube-reporting/metering-operator/test/reportingframework"
	"testing"
)

type PreInstallFunc func(ctx *deployframework.DeployerCtx) error

## gist:f96a837344810fa82af3406cb6a57fae
[pweil@pweil-fedora oc]$ ./oc image mirror -a /tmp/pull-secret.json --dir=~/mirror-file file://openshift/release:4.3.3* ${LOCAL_REGISTRY}/ocp-4.3
E0305 15:10:05.065456   10090 config.go:236] while trying to parse blob "{\n  \"auths\": {\n      \"localhost:5000\": {\n        \"auth\": \"dXNlcjpwYXNz\",\n        \"email\": \"foo@bar.com\"\n      }\n  },\n}\n": invalid character '}' looking for beginning of object key string
error: unable to load --registry-config: invalid character '}' looking for beginning of object key string


[pweil@pweil-fedora oc]$ ./oc image mirror -a /tmp/pull-secret.json --dir=~/mirror-file file://openshift/release:4.3.3* ${LOCAL_REGISTRY}/ocp-4.3
E0305 15:10:25.159586   10112 config.go:236] while trying to parse blob "      \"localhost:5000\": {\n        \"auth\": \"dXNlcjpwYXNz\",\n        \"email\": \"foo@bar.com\"\n      }\n": invalid character ':' after top-level value
error: unable to load --registry-config: invalid character ':' after top-level value

[pweil@pweil-fedora oc]$ ./

## 1. version
[pweil@pweil-fedora openshift-azure]$ oc version
oc v4.0.0-alpha.0+02f888e-285
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://pweilosa.eastus.cloudapp.azure.com
openshift v3.11.43
kubernetes v1.11.0+d4cacc0

## gist:e42f60e6993db7175236330d5003940d
Error from server (Forbidden): clusterrolebindings.authorization.openshift.io "dedicated-project-admin-0" is forbidden: attempt to grant extra privileges: [
PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["create"]}
PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["delete"]}
PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["get"]}
PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["list"]}
PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["patch"]}
PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["update"]}
PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["watch"]}
PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["create"]}
PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["delete"]}

## gist:2995c6bf838437be9fd5e3fce7ee2ce4
apiVersion: apps/v1
kind: Deployment
metadata:
  name: namespace-rolebindings
  namespace: openshift-infra
spec:
  replicas: 1
  selector:
    matchLabels:
      app: namespace-rolebindings
	###
	# Create mirror repo following disconnected instructions
	###

	# create dir
	mkdir -p ~/registry1/{auth,certs,data}

	# create cert
	openssl req -newkey rsa:4096 -nodes -sha256 -keyout ~/registry1/certs/domain.key -x509 -days 365 -out ~/registry1/certs/domain.crt
	[pweil@paperweight metering-operator]$ podman ps
	CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
	b011e03c9613 registry.redhat.io/redhat/redhat-operator-index:v4.6 registry serve -d... 5 hours ago Up 5 hours ago 0.0.0.0:50051->50051/tcp relaxed_brattain


	[pweil@paperweight metering-operator]$ grpcurl -plaintext localhost:50051 api.Registry/ListPackages
	{
	"name": "amq-streams"
	}
	package e2e

	import (
	"context"
	deploy "github.com/kube-reporting/metering-operator/pkg/deploy"
	"github.com/kube-reporting/metering-operator/test/deployframework"
	v1 "k8s.io/api/core/v1"
	"k8s.io/api/storage/v1beta1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"testing"
	[pweil@pweil-fedora oc]$ ./oc image mirror -a /tmp/pull-secret.json --dir=~/mirror-file file://openshift/release:4.3.3* ${LOCAL_REGISTRY}/ocp-4.3
	E0305 15:10:05.065456 10090 config.go:236] while trying to parse blob "{\n \"auths\": {\n \"localhost:5000\": {\n \"auth\": \"dXNlcjpwYXNz\",\n \"email\": \"foo@bar.com\"\n }\n },\n}\n": invalid character '}' looking for beginning of object key string
	error: unable to load --registry-config: invalid character '}' looking for beginning of object key string


	[pweil@pweil-fedora oc]$ ./oc image mirror -a /tmp/pull-secret.json --dir=~/mirror-file file://openshift/release:4.3.3* ${LOCAL_REGISTRY}/ocp-4.3
	E0305 15:10:25.159586 10112 config.go:236] while trying to parse blob " \"localhost:5000\": {\n \"auth\": \"dXNlcjpwYXNz\",\n \"email\": \"foo@bar.com\"\n }\n": invalid character ':' after top-level value
	error: unable to load --registry-config: invalid character ':' after top-level value

	[pweil@pweil-fedora oc]$ ./
	[pweil@pweil-fedora openshift-azure]$ oc version
	oc v4.0.0-alpha.0+02f888e-285
	kubernetes v1.11.0+d4cacc0
	features: Basic-Auth GSSAPI Kerberos SPNEGO

	Server https://pweilosa.eastus.cloudapp.azure.com
	openshift v3.11.43
	kubernetes v1.11.0+d4cacc0
	Error from server (Forbidden): clusterrolebindings.authorization.openshift.io "dedicated-project-admin-0" is forbidden: attempt to grant extra privileges: [
	PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["create"]}
	PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["delete"]}
	PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["get"]}
	PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["list"]}
	PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["patch"]}
	PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["update"]}
	PolicyRule{APIGroups:[""], Resources:["limitranges"], Verbs:["watch"]}
	PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["create"]}
	PolicyRule{APIGroups:[""], Resources:["resourcequotas"], Verbs:["delete"]}
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: namespace-rolebindings
	namespace: openshift-infra
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: namespace-rolebindings