Skip to content

Instantly share code, notes, and snippets.

View shpwrck's full-sized avatar
🌎

Jason Skrzypek shpwrck

🌎
39 followers · 141 following
View GitHub Profile
@shpwrck
shpwrck / extauth.yaml
Created July 24, 2023 15:53
Path Based Regex with Gloo Platform
---
apiVersion: networking.gloo.solo.io/v2
kind: VirtualDestination
metadata:
name: ext-auth-service
namespace: gloo-mesh-addons
spec:
ports:
- number: 8083
protocol: GRPC
@shpwrck
shpwrck / README.md
Last active June 9, 2023 16:35
Label Based Auth

Requirements

Provide a mechanism to enforce network security across clusters where membership is defined through the use of labels.

Components

Pre-Installed Components

  • Gloo Platform Control Plane Cluster, Gloo Agent Cluster A,B
    • Istio Deployment on Cluster A,B
  • Shared Trust (Root Trust Policy)
@shpwrck
shpwrck / setup.sh
Last active May 25, 2023 15:52
RKE2 with Cilium
#!/bin/bash
# LOAD ENV
cat >> /root/.bashrc << EOF
# RKE2 CONFIG
export PATH=$PATH:/var/lib/rancher/rke2/bin
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
EOF
@shpwrck
shpwrck / README.md
Last active March 27, 2023 20:14
Gloo & WebSockets

I used vi/websocat, but v0.10.0 because v0.11.0 didn't seem to work. Once I deployed the k8s-resources.yaml and the gloo-resources.yaml ... I:

  • Ran websocat ws://<<gateway_ip>> from within the websocat container
  • Passed in some values
  • Cancelled
  • Checked the logs for connection information.

Otherwise you can leverage piesocket. *You'll have to run the extension because "browsers don't support ws).

@shpwrck
shpwrck / test
Created December 12, 2022 17:42
test
# Name allows overriding the release name. Generally this should not be set
name: ""
# revision declares which revision this gateway is a part of
revision: "1-14-4"
replicaCount: 1
#kind: Deployment
rbac:
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
# when using http://gateway-api.org/.
enabled: true
@shpwrck
shpwrck / Values for EASTWEST
Created November 29, 2022 17:42
# Name allows overriding the release name. Generally this should not be set
name: ""
# revision declares which revision this gateway is a part of
revision: "1-14-4"
replicaCount: 1
#kind: Deployment
rbac:
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
# when using http://gateway-api.org/.
enabled: true
@shpwrck
shpwrck / 00-README.md
Last active October 12, 2022 12:18
Scale Testing Resources

My tests and test files

Content:

  • scale-test.sh
  • glooResources.yaml
  • appResources.yaml

Notes:

  • hardcoded cluster names (mgmt,worker-1,worker-2)
  • replicas set to 0 by default
@shpwrck
shpwrck / Production-Istio-1-14-X.md
Last active September 29, 2022 15:15

Config required to scale and secure Istio for production

*note: working document, may not apply to all installations/architectures

Cert Management

Manage Certificates with Cert-Manager

Benefit:

@shpwrck
shpwrck / FailoverPriorityReadme.md
Last active November 22, 2022 14:14

Demonstration of Failover Priority with Istio Multicluster

Sample Environment

  • Four Clusters: {alvin,simon,theodore,dave}
  • Ingress Gateway
  • East-West Gateway
  • Istiod
  • Istio Echo Application
@shpwrck
shpwrck / DATADOG-README.md
Last active September 19, 2022 13:58

Datadog & Gloo Mesh Options

Option 1 - Leverage Envoy/Istio Integrations

Explanation

Datadog offers integrations at a lower price point, but with preselected metrics and dashboards.

Sample Configs