Jianfei Hu incfly
incfly
/ ssh-gcp-from-china.config
Created
December 16, 2021 09:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Windows config. | |
| Host <inst-name> | |
| HostName <ip> | |
| User fly | |
| IdentityFile C:\Users\hujia\.ssh\google_compute_engine | |
| # In windows, Clash proxy runs in localhost, use nmap for access. https://nmap.org/download.html | |
| ProxyCommand C:\workspace\programs\Nmap\ncat.exe --proxy-type socks5 --proxy 127.0.0.1:7890 %h %p | |
| # Linux config. | |
| Host loomer-jp | |
| HostName 34.84.98.136 |
incfly
/ envoy-filter.yaml
Last active
February 6, 2023 20:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.istio.io/v1alpha3 | |
| kind: EnvoyFilter | |
| metadata: | |
| name: lua | |
| spec: | |
| workloadSelector: | |
| labels: | |
| app: httpbin | |
| configPatches: | |
| - applyTo: HTTP_FILTER |
incfly
/ func-conve.go
Created
December 9, 2021 04:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import "fmt" | |
| type Config struct { | |
| name string | |
| } | |
| type translator func(arg ...interface{}) *Config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: security.istio.io/v1beta1 | |
| kind: AuthorizationPolicy | |
| metadata: | |
| namespace: istio-system | |
| name: deny-protect-all | |
| spec: | |
| action: DENY | |
| rules: | |
| - from: | |
| - source: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat ./server.json| jq -r '.dynamicActiveSecrets[0].secret.tlsCertificate.certificateChain.inlineBytes' | base64 --decode > output.pem | |
| awk 'BEGIN {counter=0;} /BEGIN CERT/{if(counter==0)counter++} { print > "tt-" counter ".pem"}' < output.pem | |
| # I am not good at AWK, in theory we just need to split the output to two parts, one the top one (workload cert), and the rest. | |
| # that's below we concate all rest to a single ca file. | |
| cat ./proxy-cert-2.pem ./proxy-cert-3.pem ./proxy-cert-4.pem >> ca-chain.pem | |
| openssl verify -CAfile ./ca-chain.pem ./proxy-cert-1.pem | |
| # output as below | |
| ./proxy-cert-1.pem: OK |
incfly
/ config-dump-before.json
Created
September 3, 2021 01:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "configs": [ | |
| { | |
| "@type": "type.googleapis.com/envoy.admin.v3.BootstrapConfigDump", | |
| "bootstrap": { | |
| "node": { | |
| "id": "sidecar~10.10.0.108~echo-v1-96d97bcdb-9grmf.echo-7-26482~echo-7-26482.svc.cluster.local", | |
| "cluster": "echo.echo-7-26482", | |
| "metadata": { | |
| "sidecar.istio.io/userVolume": "[\n {\"name\": \"authz-certs\", \"configMap\":{\"name\":\"authz-ca-certs\"}},\n {\"name\": \"authz-client-cred\", \"secret\":{\"secretName\":\"authz-client-cred\"}},\n {\"name\": \"shady-authz-client-cred\", \"secret\":{\"secretName\":\"shady-authz-client-cred\"}}\n ]", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.istio.io/v1beta1 | |
| kind: ServiceEntry | |
| metadata: | |
| name: nginx-se | |
| spec: | |
| hosts: | |
| - "my-nginx.bar.svc.cluster.local" | |
| ports: | |
| - number: 443 | |
| name: http |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://unix.stackexchange.com/questions/25122/how-to-use-regex-with-awk-for-string-replacement | |
| # second answer. | |
| awk 'match($0, /VIR.*/) { $0 = "HERE=\"$(cd \"...\")" } 1 { print } ' ./input.sh |
incfly
/ sleep-auto.json
Created
July 9, 2020 20:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "configs": [ | |
| { | |
| "@type": "type.googleapis.com/envoy.admin.v3.BootstrapConfigDump", | |
| "bootstrap": { | |
| "node": { | |
| "id": "router~10.40.1.10~istio-egressgateway-bdfc78ff9-lqr25.istio-system~istio-system.svc.cluster.local", | |
| "cluster": "istio-egressgateway", | |
| "metadata": { | |
| "NAMESPACE": "istio-system", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: "security.istio.io/v1beta1" | |
| kind: "AuthorizationPolicy" | |
| metadata: | |
| name: "authz" | |
| namespace: default | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: httpbin | |
| rules: |