testing ACM agent deployment on private GitHub repo
- set up private GitHub repo
- create a GitHUB PAT
- verify using correct kube context
A Mattson theemadnes
theemadnes
/ gist:40764eaaf4bc2a1fbaaf543f4253867c
Created
October 29, 2025 05:33
no session affinity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ python whereami_client.py 10.128.0.33:80 --count 10 | |
| Attempting to connect to gRPC server at: 10.128.0.33:80 | |
| ===== Request 1 of 10 ===== | |
| Calling Whereami.GetPayload()... | |
| --- gRPC Request Headers --- | |
| client-name: whereami-python-cli | |
| client-version: 1.0.0 | |
| request-id: 1 |
theemadnes
/ gist:de983103a6a69394cbe5a8e28b5af0a3
Created
October 29, 2025 05:31
with session affinity enabled, even without including the generated cookie
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ python whereami_client.py 10.128.0.33:80 --count 10 | |
| Attempting to connect to gRPC server at: 10.128.0.33:80 | |
| ===== Request 1 of 10 ===== | |
| Calling Whereami.GetPayload()... | |
| --- gRPC Request Headers --- | |
| client-name: whereami-python-cli | |
| client-version: 1.0.0 | |
| request-id: 1 |
theemadnes
/ README.md
Created
March 12, 2024 19:19
ACM Config Sync w/ GitHub PAT for authentication
theemadnes
/ gist:4d39d188bb7f008e19cfe9b94b18df1f
Last active
February 1, 2024 06:28
example of adding a new pre-shared cert to an existing cert map w/ a managed cert
$ gcloud certificate-manager maps list
NAME ENDPOINTS DESCRIPTION CREATE_TIME
mcg-cert-map 35.227.220.160:443 2023-12-13 05:34:53 +00:00
# with an existing certificate & entry
$ gcloud certificate-manager certificates list
NAME SUBJECT_ALTERNATIVE_NAMES DESCRIPTION SCOPE EXPIRE_TIME CREATE_TIME UPDATE_TIME
mcg-cert frontend.endpoints.e2m-private-test-01.cloud.goog 2024-03-12 05:34:47 +00:00 2023-12-13 05:34:45 +00:00 2023-12-13 05:34:45 +00:00
theemadnes
/ gist:eb8567325f5c36df052285ce139746c1
Created
March 9, 2022 19:49
istio-ingressgateway-svc.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### i just did an install of Istio demo profile so this is more open than it should be re: ports, but the annotations are the important bit | |
| ### i also reference a backend-config (as described in https://cloud.google.com/architecture/exposing-service-mesh-apps-through-gke-ingress#apply_backend_service_settings) | |
| ### *but* because you've already got the LB created you may have to manually create the health check to /healthz/ready on 15021 | |
| ### note the /neg annotation - i've named mine `https-443` | |
| ### my gateway resource looks almost identical to https://cloud.google.com/architecture/exposing-service-mesh-apps-through-gke-ingress#configure_the_ingress_gateway_for_external_load_balancing | |
| ### except for my istio setup the namespace is `istio-system` and the selector is `app: istio-ingressgateway` | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| annotations: |
theemadnes
/ gist:286e6746c1df7fc0e7a7e94c6ac6eb28
Last active
January 28, 2022 15:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| this environment is 2 x clusters across 2 regions (`us-west2` and `us-central1`) with MCI in front of it with HTTPS using managed certificates | |
| i'm using a demo app i wrote called whereami hosted at https://github.com/GoogleCloudPlatform/kubernetes-engine-samples/tree/main/whereami | |
| x-cluster service discovery is enabled and i have not turned on locality load balancing, so you can see the negative impact of not using LLB from a latency perspecive | |
| test by curling the two hostnames, `frontend-1.endpoints.mci-asm-mcp.cloud.goog` and `frontend-2.endpoints.mci-asm-mcp.cloud.goog`, which are both on the same MCI resource | |
| ``` | |
| $ curl https://frontend-2.endpoints.mci-asm-mcp.cloud.goog/ | |
| { | |
| "backend_result": { | |
| "cluster_name": "gke-us-central1", | |
| "host_header": "whereami-backend-2.backend-2.svc.cluster.local", |
theemadnes
/ gist:8ebc12c4f383abc8d5af858469df13c1
Created
July 21, 2021 04:48
edge-to-mesh multi-cluster using MCI API with HTTP/2 for app-protocols
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl get mcs -n istio-system -o yaml | |
| apiVersion: v1 | |
| items: | |
| - apiVersion: networking.gke.io/v1 | |
| kind: MultiClusterService | |
| metadata: | |
| annotations: | |
| beta.cloud.google.com/backend-config: '{"ports": {"443":"gke-ingress-config"}}' | |
| kubectl.kubernetes.io/last-applied-configuration: | | |
| {"apiVersion":"networking.gke.io/v1beta1","kind":"MultiClusterService","metadata":{"annotations":{"beta.cloud.google.com/backend-config":"{\"ports\": {\"443\":\"gke-ingress-config\"}}","networking.gke.io/app-protocols":"{\"http2\":\"HTTP2\"}"},"name":"istio-ingressgateway-multicluster-svc-1","namespace":"istio-system"},"spec":{"clusters":[{"link":"us-central1/mci-us-central1-01"},{"link":"us-east1/mci-us-east1-01"}],"template":{"spec":{"ports":[{"name":"http2","port":443,"protocol":"TCP","targetPort":8443}],"selector":{"app":"istio-ingressgateway"}}}}} |
theemadnes
/ gist:9ad0bfa17a9d9adcf738953f1bae012c
Created
July 21, 2021 04:38
edge-to-mesh single-cluster using Ingress API with HTTP/2 for app-protocols
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl get svc -n istio-system istio-ingressgateway -o yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| annotations: | |
| cloud.google.com/app-protocols: '{"https":"HTTP2"}' | |
| cloud.google.com/backend-config: '{"default": "ingress-backendconfig"}' | |
| cloud.google.com/neg: '{"ingress": true}' | |
| cloud.google.com/neg-status: '{"network_endpoint_groups":{"443":"k8s1-61a1ca57-istio-system-istio-ingressgateway-443-f5dc8e1b"},"zones":["us-west1-a"]}' | |
| kubectl.kubernetes.io/last-applied-configuration: | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: install.istio.io/v1alpha1 | |
| kind: IstioOperator | |
| spec: | |
| values: | |
| gateways: | |
| istio-ingressgateway: | |
| type: ClusterIP |
theemadnes
/ gist:dcba727f909612ce507cc1f9f0f4874c
Created
March 1, 2021 21:08
HPA spec - get labels via
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| command to list labels: | |
| `kubectl get --raw "/apis/external.metrics.k8s.io/v1beta1/namespaces/default/istio.io|service|server|request_count" | jq` | |
| --- | |
| apiVersion: autoscaling/v2beta2 | |
| kind: HorizontalPodAutoscaler | |
| metadata: | |
| name: whereami-hpa | |
| spec: | |
| scaleTargetRef: | |
| apiVersion: apps/v1 |
NewerOlder