Skip to content

Instantly share code, notes, and snippets.

View danehans's full-sized avatar

Daneyon Hansen danehans

70 followers · 26 following
View GitHub Profile
@danehans
danehans / README.md
Last active March 21, 2018 20:24
danehans_content_index
@danehans
danehans / README.md
Last active March 21, 2018 18:05
Fortio Training 3_20_2018

Fortio Introduction

Fortio is a load testing tool that consists of:

  • A server
  • A client
  • A GUI
  • A load testing library

Fortio runs a specified number of queries per second (qps), records a histogram of execution time and calculates percentiles. It can run for a set duration, for a fixed number of calls, or until interrupted.

Fortio Server

@danehans
danehans / istio_pilot_pprof_ingress.md
Last active February 19, 2018 19:04
istio pilot pprof

Introduction

Istio Pilot provides pprof http endpoints for profiling the application. The --profile flag is used to enable Pilot's pprof http endpoints. This flag is enabled by default.

Prerequisites

  • You must have a functioning Istio mesh running on a Kubernetes cluster.

  • Go tools must be installed on your client.

Create the Ingress resource.

Create an Ingress for the Istio Pilot service. Note: Ingress resources require an Ingress Controller.

@danehans
danehans / fortio_ui_testing_listen_addr.MD
Last active February 6, 2018 23:29
fortio_listen_addr_testing

Run the fortio container, specifying a host:port pair for -http-port:

$ sudo docker run -d --net host danehans/fortio:listen_addr server -http-port 10.138.0.2:8080
d490e515f3bd34b52b1a67b8870f6d99637573a6b30eee9fc10c32a61c9b2d3a

$ sudo docker ps
CONTAINER ID        IMAGE                         COMMAND                  CREATED             STATUS              PORTS               NAMES
d490e515f3bd        danehans/fortio:listen_addr   "/usr/local/bin/fort…"   8 seconds ago       Up 6 seconds                            musing_almeida
@danehans
danehans / sec_gw_ingress.yaml
Created February 1, 2018 17:57
istio sni ingress example
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: secure-gateway
annotations:
kubernetes.io/ingress.class: "istio"
spec:
tls:
# TLS configuration. Currently the Ingress only supports a single TLS port, 443.
# If multiple members of this list specify different hosts, they will be multiplexed
@danehans
danehans / istio_load_test_guide.MD
Last active February 25, 2022 20:00
Istio Load Testing User Guide

Istio Load Testing User Guide

This guide provides step-by-step instructions for using the setup_perf_cluster.sh load testing script. The script deploys a GKE cluster, an Istio mesh, a GCE VM and runs Fortio on the VM and within the mesh. Fortio is used to perform load testing.

Clone Istio

$ git clone https://github.com/istio/istio.git && cd istio
@danehans
danehans / istio_gke.MD
Last active August 15, 2018 17:39
istio on gke steps

Install kubectl

https://kubernetes.io/docs/tasks/tools/install-kubectl/

Note: You can also use gcloud component install kubelet

Create the cluster with aplha features

gcloud container clusters create istio --num-nodes=1 --machine-type=n1-standard-4 --no-enable-legacy-authorization --enable-kubernetes-alpha

Get your kubectl credentials

gcloud container clusters get-credentials istio

@danehans
danehans / ISTIO_SECURE_INGRESS_NOTES.MD
Last active December 20, 2017 18:49
istio tls ingress
  1. Generate TLS assets (openssl):
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=foo.bar.com"
  1. Create a secret object that uses the TLS assets. Note: The name must be istio-ingress-certs:
$ kubectl create -n istio-system secret tls istio-ingress-certs --key /tmp/tls.key --cert /tmp/tls.crt
@danehans
danehans / envoy.log
Last active December 14, 2017 19:09
istio basic access control example
// You have to set logging level to debug in envoy:
// kubectl exec -it reviews-v3-77dfb9f77d-v7sj9 -c istio-proxy /bin/bash
// curl http://127.0.0.1:15000/logging?level=debug
// kubectl logs reviews-v3-77dfb9f77d-v7sj9 -c istio-proxy > proxy.log
[2017-12-14 18:37:32.488][2177][info][main] external/envoy/source/server/connection_handler_impl.cc:129] [C44] new connection
[2017-12-14 18:37:32.489][2177][debug][http] external/envoy/source/common/http/conn_manager_impl.cc:181] [C44] new stream
[2017-12-14 18:37:32.489][2177][debug][http] src/envoy/mixer/http_filter.cc:324] Called Mixer::Instance : Instance
[2017-12-14 18:37:32.489][2177][debug][http] src/envoy/mixer/http_filter.cc:383] Called Mixer::Instance : setDecoderFilterCallbacks
[2017-12-14 18:37:32.489][2177][debug][http] external/envoy/source/common/http/conn_manager_impl.cc:439] [C44][S6253685066161528132] request headers complete (end_stream=true):
[2017-12-14 18:37:32.489][2177][debug][http] external/envoy/source/common/http/conn_manager_impl.cc:444]
@danehans
danehans / clusters
Last active November 29, 2017 01:35
istio_ingress_walk
# curl http://127.0.0.1:15000/clusters
<SNIP>
out.4bdc5a0e59af7107a7189467360a720381024b5c::default_priority::max_connections::1024
out.4bdc5a0e59af7107a7189467360a720381024b5c::default_priority::max_pending_requests::1024
out.4bdc5a0e59af7107a7189467360a720381024b5c::default_priority::max_requests::1024
out.4bdc5a0e59af7107a7189467360a720381024b5c::default_priority::max_retries::3
out.4bdc5a0e59af7107a7189467360a720381024b5c::high_priority::max_connections::1024
out.4bdc5a0e59af7107a7189467360a720381024b5c::high_priority::max_pending_requests::1024
out.4bdc5a0e59af7107a7189467360a720381024b5c::high_priority::max_requests::1024
out.4bdc5a0e59af7107a7189467360a720381024b5c::high_priority::max_retries::3