Skip to content

Instantly share code, notes, and snippets.

View rosenhouse's full-sized avatar

Gabe Rosenhouse rosenhouse

71 followers · 6 following
View GitHub Profile
@rosenhouse
rosenhouse / original envoy 2920.md
Created March 28, 2018 19:05

summary

Given I've configured Envoy with LDS serving a TCP proxy listener on some port When the LDS is updated to remove that listener Then I expect all subsequent TCP connections to that port should be refused

steps to reproduce

write a bootstrap.yaml like

---
@rosenhouse
rosenhouse / envoy_fr.md
Last active March 28, 2018 19:03 — forked from jvshahid/envoy_fr.md
Envoy feature request

TITLE: Feature request: Would like a way to refuse subsequent TCP connections while allowing current connections enough time to drain

summary

This feature request was originally opened as envoyproxy/envoy#2920, but was too specific about the implementation. This issue updates the title and content to clarify the goals and be flexible about the implementation.

Given I've configured Envoy with LDS serving a TCP proxy listener on some port and there are connections in flight I would like a way to refuse subsequent TCP connections to that port while allowing current established connections to drain

@rosenhouse
rosenhouse / setup.md
Last active February 18, 2018 23:26 — forked from angelachin/setup.md
Exploring Istio on Minikube

install required tools

brew install kubectl

brew cask reinstall minikube

note the reinstall so that you get the latest version

@rosenhouse
rosenhouse / istio-integration.Vagrantfile.rb
Last active December 16, 2017 03:10
Running Istio integration tests in a Vagrant image
# Vagrantfile for running Istio Pilot integration tests
#
# based on https://github.com/istio/istio/blob/master/.circleci/config.yml
#
# To use:
# - save this file as Vagrantfile in an otherwise empty directory
# - clone istio into a local gopath
# - update the synced_folder config line below with that path
# - vagrant up
#
@rosenhouse
rosenhouse / istio-lds-example.json
Created November 29, 2017 05:54
{
"listeners": [
{
"address": "tcp://0.0.0.0:15001",
"name": "virtual",
"filters": [],
"bind_to_port": true,
"use_original_dst": true
},
{
@rosenhouse
rosenhouse / .vimrc.local
Last active September 29, 2017 05:05
envoy hacking
let g:clang_library_path='/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/libclang.dylib'
@rosenhouse
rosenhouse / pilot-bbs.md
Last active September 14, 2017 23:38

Istio Pilot, serving Cloud Foundry app instance data pulled from the Diego BBS, without k8s...

prereqs:

  • cf-deployment on a local bosh-lite
  • don't forget to sudo route add -net "10.244.0.0/16" "192.168.50.6"
  • fork of pilot, checked out and buildable w/ bazel

Get some certs

certsDir="$HOME/workspace/deployments/lite/bbs-certs"
@rosenhouse
rosenhouse / diego-instance-identity.yml
Created June 2, 2017 02:50
cf-deployment opsfile for diego instance identity
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/executor?/instance_identity_ca_cert
value: "((diego_instance_identity_ca.ca))"
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/executor?/instance_identity_key
value: "((diego_instance_identity_ca.private_key))"
- type: replace
path: /variables/-
@rosenhouse
rosenhouse / pick-a-port.go
Created May 26, 2017 16:31
package testsupport
import (
"sync"
"github.com/onsi/ginkgo/config"
)
var (
lastPortUsed int
@rosenhouse
rosenhouse / iptables-restore.md
Last active October 27, 2016 08:10
iptables-restore is better

Performance with iptables-restore is significantly better than the performance of iptables. For set sizes of 10k and 50k rules:

root@ubuntu-xenial:/home/ubuntu# iptables -F
root@ubuntu-xenial:/home/ubuntu# time (./restore-bulk-set 10000 | iptables-restore --noflush)
real  0m0.419s
user  0m0.232s
sys   0m0.180s