rvennam / gloo-mesh-test.sh

Last active May 12, 2022 20:06

	kubectl config use-context $CLUSTER1
	kubectl create ns gloo-mesh-test
	kubectl label ns gloo-mesh-test istio-injection=enabled

	cat <<EOF \| oc -n gloo-mesh-test create -f -
	apiVersion: "k8s.cni.cncf.io/v1"
	kind: NetworkAttachmentDefinition
	metadata:
	name: istio-cni
	EOF

rvennam / Istio-Solo-FIPS.md

Created February 3, 2022 19:57

Solo.io Istio FIPS Verification

Download Istio 1.11.5 CLI:

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.11.5 sh -

Install Solo Istio 1.11.5 FIPS:

cd ~/istio-1.11.5/bin

rvennam / gloo-mesh-envoy-config.md

Created September 14, 2021 03:32

istioctl proxy-config routes productpage-v1-5c4b548f6c-sfpq7 --name 9080 -o json
[
  {
    "name": "9080",
    "virtualHosts": [
      {
        "name": "reviews.default.svc.cluster.local:9080",
        "domains": [
          "reviews.default.svc.cluster.local",

rvennam / GlooMeshCreateCerts.md

Created June 9, 2021 15:28

Create a CA root cert

openssl req -new -newkey rsa:4096 -x509 -sha256 \
        -days 3650 -nodes -out relay-root.crt -keyout relay-root.key \
        -subj "/CN=enterprise-networking-ca" \
        -addext "extendedKeyUsage = clientAuth, serverAuth"

Create a server cert

rvennam / GlooMeshExternalCertsInstall.md

Last active June 9, 2021 18:23

Install Gloo Mesh using External Certs

MGMT CLUSTER

kubectl config use-context mgmt
kubectl create namespace gloo-mesh

Create the root, server and signing secrets

rvennam / openshift_route_certs.sh

Last active June 29, 2023 13:19

	RELAY_ROOT_CERT_NAME=relay-root
	RELAY_SERVER_CERT_NAME=relay-server-tls
	RELAY_SIGNING_CERT_NAME=relay-tls-signing
	MGMT_CONTEXT=mgmt
	REMOTE_CONTEXT=cluster1

	echo "creating root cert ..."

	openssl req -new -newkey rsa:4096 -x509 -sha256 \
	-days 3650 -nodes -out ${RELAY_ROOT_CERT_NAME}.crt -keyout ${RELAY_ROOT_CERT_NAME}.key \

rvennam / custom-gateways-upgrade-test.sh

Created February 3, 2021 15:30

	# Start clean
	istioctl x uninstall --purge -y
	sleep 20s
	kubectl delete namespace custom-gateways
	sleep 30s

	# Download Istio 1.8.2
	curl -L https://istio.io/downloadIstio \| ISTIO_VERSION=1.8.2 sh -
	cd istio-1.8.2

rvennam / managed-istio-iop-1.7.yaml

Created September 10, 2020 11:51

	apiVersion: install.istio.io/v1alpha1
	kind: IstioOperator
	metadata:
	annotations:
	armada-service: addon-istio
	kubectl.kubernetes.io/last-applied-configuration: \|
	{"apiVersion":"install.istio.io/v1alpha1","kind":"IstioOperator","metadata":{"annotations":{"armada-service":"addon-istio","version":"1.7.0_2772"},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile"},"name":"managed-istio","namespace":"ibm-operators"},"spec":{"addonComponents":{"grafana":{"enabled":false},"kiali":{"enabled":false},"prometheus":{"enabled":false},"tracing":{"enabled":false}},"components":{"egressGateways":[{"enabled":true,"k8s":{"hpaSpec":{"minReplicas":2},"overlays":[{"kind":"Deployment","name":"istio-egressgateway","patches":[{"path":"spec.template.spec.containers.[name:istio-proxy].lifecycle","value":{"preStop":{"exec":{"command":["sleep","25"]}}}},{"path":"spec.template.spec.affinity","value":{"nodeAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"preference":{"matchExpressions":[{"key":"dedicated",

rvennam / managed-istio-iop-1.6.yaml

Created August 10, 2020 11:40

	apiVersion: install.istio.io/v1alpha1
	kind: IstioOperator
	metadata:
	annotations:
	armada-service: addon-istio
	kubectl.kubernetes.io/last-applied-configuration: \|
	{"apiVersion":"install.istio.io/v1alpha1","kind":"IstioOperator","metadata":{"annotations":{"armada-service":"addon-istio","version":"1.6.0_2547"},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile"},"name":"managed-istio","namespace":"ibm-operators"},"spec":{"addonComponents":{"grafana":{"enabled":true},"kiali":{"enabled":true},"prometheus":{"enabled":true},"tracing":{"enabled":true}},"components":{"egressGateways":[{"enabled":true,"k8s":{"overlays":[{"kind":"Deployment","name":"istio-egressgateway","patches":[{"path":"spec.template.spec.containers.[name:istio-proxy].lifecycle","value":{"preStop":{"exec":{"command":["sleep","25"]}}}},{"path":"spec.template.spec.affinity","value":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"I

rvennam / managedistio-istiooperator.yaml

Created June 17, 2020 19:07

	apiVersion: v1
	items:
	- apiVersion: install.istio.io/v1alpha1
	kind: IstioOperator
	metadata:
	annotations:
	armada-service: addon-istio
	kubectl.kubernetes.io/last-applied-configuration: \|
	{"apiVersion":"install.istio.io/v1alpha1","kind":"IstioOperator","metadata":{"annotations":{"armada-service":"addon-istio","version":"1.5.0_2107"},"labels":{"addonmanager.kubernetes.io/mode":"Reconcile"},"name":"managed-istio","namespace":"ibm-operators"},"spec":{"addonComponents":{"grafana":{"enabled":true},"kiali":{"enabled":true},"prometheus":{"enabled":true},"tracing":{"enabled":true}},"components":{"egressGateways":[{"enabled":true,"k8s":{"overlays":[{"kind":"Deployment","name":"istio-egressgateway","patches":[{"path":"spec.template.spec.containers.[name:istio-proxy].lifecycle","value":{"preStop":{"exec":{"command":["sleep","25"]}}}}]}]},"name":"istio-egressgateway"}],"ingressGateways":[{"enabled":true,"k8s":{"overlays":[{"kind":"Deployment","name":"istio-ingressgateway","patches":[{"path":"spec

Ram Vennam rvennam