#
bleggett
/ Example istio build cmds
Created
March 10, 2025 15:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| # Copyright Istio Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # |
bleggett
/ gist:ca527c334d0e76322f28b26d7085d934
Created
March 1, 2023 23:28
LimaVM arm64 fedora with fast ops
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This example requires Lima v0.7.0 or later. | |
| images: | |
| - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/37/Cloud/aarch64/images/Fedora-Cloud-Base-37-1.7.aarch64.qcow2" | |
| arch: "aarch64" | |
| digest: "sha256:cc8b0f49bc60875a16eef65ad13e0e86ba502ba3585cc51146f11f4182a628c0" | |
| mounts: | |
| - location: "~/Source" | |
| writable: true | |
| - location: "/tmp/lima" | |
| writable: true |
bleggett
/ spire-extended-destrule.txt
Created
February 2, 2023 17:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO destination rules need to be created for any SPIFFE IDs that don't follow the | |
| # format that Istio expects (ns/NAMESPACE/sa/TARGET_POD_SVC_ACCOUNT) | |
| # because ATM Istio defaults to clientside SAN checks that assume that SPIFFE ID format | |
| # and this is not currently configurable. | |
| # | |
| # https://github.com/istio/istio/issues/43105 | |
| # | |
| # Additionally, since DestinationRules override Istio's "default automTLS" settings, we need `mode: ISTIO_MUTUAL` | |
| # in each DestRule to tell Istio that even though we have a custom destination config, we still want mTLS. | |
| --- |
bleggett
/ *doom:scratch*.txt
Created
February 2, 2023 17:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO destination rules need to be created for any SPIFFE IDs that don't follow the | |
| # format that Istio expects (ns/NAMESPACE/sa/TARGET_POD_SVC_ACCOUNT) | |
| # because ATM Istio defaults to clientside SAN checks that assume that SPIFFE ID format | |
| # and this is not currently configurable. | |
| # | |
| # https://github.com/istio/istio/issues/43105 | |
| # | |
| # Additionally, since DestinationRules override Istio's "default automTLS" settings, we need `mode: ISTIO_MUTUAL` | |
| # in each DestRule to tell Istio that even though we have a custom destination config, we still want mTLS. | |
| --- |
bleggett
/ spire-extended-destrule.txt
Created
February 2, 2023 16:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO destination rules need to be created for any SPIFFE IDs that don't follow the | |
| # format that Istio expects (ns/NAMESPACE/sa/TARGET_POD_SVC_ACCOUNT) | |
| # because ATM Istio defaults to clientside SAN checks that assume that SPIFFE ID format | |
| # and this is not currently configurable | |
| # | |
| # Additionally, since DestinationRules override Istio's "default automTLS" settings, we need `mode: ISTIO_MUTUAL` | |
| # in each DestRule to tell Istio that even though we have a custom destination config, we still want mTLS. | |
| {{- range .Values.spireIdentities }} | |
| --- | |
| apiVersion: networking.istio.io/v1beta1 |
bleggett
/ spire-extended-destrule.txt
Created
February 2, 2023 16:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO destination rules need to be created for any SPIFFE IDs that don't follow the | |
| # format that Istio expects (ns/NAMESPACE/sa/TARGET_POD_SVC_ACCOUNT) | |
| # because ATM Istio defaults to clientside SAN checks that assume that SPIFFE ID format | |
| # and this is not currently configurable - however this should be resolved soonish. | |
| # https://github.com/istio/istio/issues/28712 | |
| # | |
| # Additionally, since DestinationRules override Istio's "default automTLS" settings, we need `mode: ISTIO_MUTUAL` | |
| # in each DestRule to tell Istio that even though we have a custom destination config, we still want mTLS. | |
| {{- range .Values.spireIdentities }} | |
| --- |
bleggett
/ *doom:scratch*.txt
Created
February 2, 2023 16:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO destination rules need to be created for any SPIFFE IDs that don't follow the | |
| # format that Istio expects (ns/NAMESPACE/sa/TARGET_POD_SVC_ACCOUNT) | |
| # because ATM Istio defaults to clientside SAN checks that assume that SPIFFE ID format | |
| # and this is not currently configurable - however this should be resolved soonish. | |
| # https://github.com/istio/istio/issues/28712 | |
| # | |
| # Additionally, since DestinationRules override Istio's "default automTLS" settings, we need `mode: ISTIO_MUTUAL` | |
| # in each DestRule to tell Istio that even though we have a custom destination config, we still want mTLS. | |
| {{- range .Values.spireIdentities }} | |
| --- |
bleggett
/ istio-destinationrule-hax.org
Created
February 2, 2023 16:27
bleggett
/ istio-env.sh
Created
January 30, 2023 20:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| su-exec root apt-get update && su-exec root apt-get install -y cmake-data | |
| export DOCKER_SOCKET_MOUNT="-v /var/run/docker.sock.raw:/var/run/docker.sock" | |
| export BUILD_ZTUNNEL=1 | |
| export BUILD_ZTUNNEL_REPO="$(pwd)/ztunnel" | |
| export TAG=bm-ambienttest | |
| export HUB=docker.io/bmleggett | |
| export IMAGE_VERSION=master-7b5c2064d06c417cc34d4ed760fd65134055c301 | |
| export DOCKER_ARCHITECTURES=linux/arm64 |
bleggett
/ gist:7dd1e05d9c9f9063744e02a55489ca65
Created
January 20, 2023 22:35
Istio DR rule SAN override
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO destination rules need to be created for any SPIFFE IDs that don't follow the | |
| # format that Istio expects (ns/NAMESPACE/sa/TARGET_POD_SVC_ACCOUNT) | |
| # because ATM Istio defaults to clientside SAN checks that assume that SPIFFE ID format | |
| # and this is not currently configurable - however this should be resolved soonish. | |
| # https://github.com/istio/istio/issues/28712 | |
| # | |
| # Additionally, since DestinationRules override Istio's "default automTLS" settings, we need `mode: ISTIO_MUTUAL` | |
| # in each DestRule to tell Istio that even though we have a custom destination config, we still want mTLS. | |
| {{- range .Values.spireIdentities }} | |
| --- |
NewerOlder