Skip to content

Instantly share code, notes, and snippets.

View theemadnes's full-sized avatar

A Mattson theemadnes

32 followers · 26 following
View GitHub Profile
@theemadnes
theemadnes / csv_to_dict.py
Created August 21, 2017 04:18
Dome9 key-value nested CSV to Python dict
# this function decomposes the funky key-value nested CSV event message Dome9 uses for regular alerts
def csv_to_dict(event_message):
regex = r"\[[A-Za-z0-9\s\-_,:/()|\.@=]*\]"
# capture all nested kv in []
nested_msg = re.findall(regex, event_message)
# remove all nested kv in
msg_pruned = re.sub(regex, '', event_message)
# clip [] from nested message
@theemadnes
theemadnes / ds.yaml
Created August 19, 2019 03:41
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: kube-system
labels:
k8s-app: fluentd-gcp
name: fluentd-gcp-v2.0
spec:
selector:
matchLabels:
@theemadnes
theemadnes / gist:28b177c953bedf63b6ed1d5a3c396da8
Created September 28, 2020 14:28
hey -> get-time - 20 concurrent workers, 100000 requests
# no limit - no HPA
kubectl apply -f k8s_deployment-alex-no-limit.yaml
./hey_linux_amd64 -c 20 -n 100000 http://X.X.X.X/get-time
Summary:
Total: 10.1857 secs
Slowest: 0.0477 secs
Fastest: 0.0008 secs
@theemadnes
theemadnes / gist:dcba727f909612ce507cc1f9f0f4874c
Created March 1, 2021 21:08
HPA spec - get labels via
command to list labels:
`kubectl get --raw "/apis/external.metrics.k8s.io/v1beta1/namespaces/default/istio.io|service|server|request_count" | jq`
---
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: whereami-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
@theemadnes
theemadnes / gist:edcc371b2710230fcc00e2ffd7f46a0f
Created March 5, 2021 19:40
ClusterIp
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
values:
gateways:
istio-ingressgateway:
type: ClusterIP
@theemadnes
theemadnes / gist:9ad0bfa17a9d9adcf738953f1bae012c
Created July 21, 2021 04:38
edge-to-mesh single-cluster using Ingress API with HTTP/2 for app-protocols
$ kubectl get svc -n istio-system istio-ingressgateway -o yaml
apiVersion: v1
kind: Service
metadata:
annotations:
cloud.google.com/app-protocols: '{"https":"HTTP2"}'
cloud.google.com/backend-config: '{"default": "ingress-backendconfig"}'
cloud.google.com/neg: '{"ingress": true}'
cloud.google.com/neg-status: '{"network_endpoint_groups":{"443":"k8s1-61a1ca57-istio-system-istio-ingressgateway-443-f5dc8e1b"},"zones":["us-west1-a"]}'
kubectl.kubernetes.io/last-applied-configuration: |
@theemadnes
theemadnes / gist:8ebc12c4f383abc8d5af858469df13c1
Created July 21, 2021 04:48
edge-to-mesh multi-cluster using MCI API with HTTP/2 for app-protocols
$ kubectl get mcs -n istio-system -o yaml
apiVersion: v1
items:
- apiVersion: networking.gke.io/v1
kind: MultiClusterService
metadata:
annotations:
beta.cloud.google.com/backend-config: '{"ports": {"443":"gke-ingress-config"}}'
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.gke.io/v1beta1","kind":"MultiClusterService","metadata":{"annotations":{"beta.cloud.google.com/backend-config":"{\"ports\": {\"443\":\"gke-ingress-config\"}}","networking.gke.io/app-protocols":"{\"http2\":\"HTTP2\"}"},"name":"istio-ingressgateway-multicluster-svc-1","namespace":"istio-system"},"spec":{"clusters":[{"link":"us-central1/mci-us-central1-01"},{"link":"us-east1/mci-us-east1-01"}],"template":{"spec":{"ports":[{"name":"http2","port":443,"protocol":"TCP","targetPort":8443}],"selector":{"app":"istio-ingressgateway"}}}}}
@theemadnes
theemadnes / gist:286e6746c1df7fc0e7a7e94c6ac6eb28
Last active January 28, 2022 15:43
this environment is 2 x clusters across 2 regions (`us-west2` and `us-central1`) with MCI in front of it with HTTPS using managed certificates
i'm using a demo app i wrote called whereami hosted at https://github.com/GoogleCloudPlatform/kubernetes-engine-samples/tree/main/whereami
x-cluster service discovery is enabled and i have not turned on locality load balancing, so you can see the negative impact of not using LLB from a latency perspecive
test by curling the two hostnames, `frontend-1.endpoints.mci-asm-mcp.cloud.goog` and `frontend-2.endpoints.mci-asm-mcp.cloud.goog`, which are both on the same MCI resource
```
$ curl https://frontend-2.endpoints.mci-asm-mcp.cloud.goog/
{
"backend_result": {
"cluster_name": "gke-us-central1",
"host_header": "whereami-backend-2.backend-2.svc.cluster.local",
@theemadnes
theemadnes / gist:eb8567325f5c36df052285ce139746c1
Created March 9, 2022 19:49
istio-ingressgateway-svc.yaml
### i just did an install of Istio demo profile so this is more open than it should be re: ports, but the annotations are the important bit
### i also reference a backend-config (as described in https://cloud.google.com/architecture/exposing-service-mesh-apps-through-gke-ingress#apply_backend_service_settings)
### *but* because you've already got the LB created you may have to manually create the health check to /healthz/ready on 15021
### note the /neg annotation - i've named mine `https-443`
### my gateway resource looks almost identical to https://cloud.google.com/architecture/exposing-service-mesh-apps-through-gke-ingress#configure_the_ingress_gateway_for_external_load_balancing
### except for my istio setup the namespace is `istio-system` and the selector is `app: istio-ingressgateway`
apiVersion: v1
kind: Service
metadata:
annotations:
@theemadnes
theemadnes / gist:4d39d188bb7f008e19cfe9b94b18df1f
Last active February 1, 2024 06:28
example of adding a new pre-shared cert to an existing cert map w/ a managed cert

have an existing cert map

$ gcloud certificate-manager maps list
NAME          ENDPOINTS           DESCRIPTION  CREATE_TIME
mcg-cert-map  35.227.220.160:443               2023-12-13 05:34:53 +00:00

# with an existing certificate & entry
$ gcloud certificate-manager certificates list
NAME      SUBJECT_ALTERNATIVE_NAMES                          DESCRIPTION  SCOPE  EXPIRE_TIME                 CREATE_TIME                 UPDATE_TIME
mcg-cert  frontend.endpoints.e2m-private-test-01.cloud.goog                      2024-03-12 05:34:47 +00:00  2023-12-13 05:34:45 +00:00  2023-12-13 05:34:45 +00:00