Skip to content

Instantly share code, notes, and snippets.

View shpwrck's full-sized avatar
😀

Jason Skrzypek shpwrck

😀
49 followers · 168 following
View GitHub Profile
@shpwrck
shpwrck / STEPS.MD
Last active June 26, 2025 14:34
Control Plane Migration OCP-Virt

Steps

  1. Identify ETCD Master
etcdctl endpoint status -w table
  1. Shutdown non leader node and wait for node to report "Not Ready" and API Server to stabilize
  2. Update Quorum Guard and wait for API Server to stabilize (control plane components should redeploy)
oc patch etcd/cluster --type=merge \
@shpwrck
shpwrck / node-version
Last active June 27, 2024 21:01
#!/bin/bash
while true; do
cat /etc/machine-config-daemon/currentconfig | jq -c '.metadata.annotations' | awk --field-separator ",|{|}|:|\"" '{print $9"="$12}' > /etc/kubernetes/node-feature-discovery/features.d/node-version;
sleep 1;
done
@shpwrck
shpwrck / extauth.yaml
Created July 24, 2023 15:53
Path Based Regex with Gloo Platform
---
apiVersion: networking.gloo.solo.io/v2
kind: VirtualDestination
metadata:
name: ext-auth-service
namespace: gloo-mesh-addons
spec:
ports:
- number: 8083
protocol: GRPC
@shpwrck
shpwrck / README.md
Last active June 9, 2023 16:35
Label Based Auth

Requirements

Provide a mechanism to enforce network security across clusters where membership is defined through the use of labels.

Components

Pre-Installed Components

  • Gloo Platform Control Plane Cluster, Gloo Agent Cluster A,B
    • Istio Deployment on Cluster A,B
  • Shared Trust (Root Trust Policy)
@shpwrck
shpwrck / setup.sh
Last active May 25, 2023 15:52
RKE2 with Cilium
#!/bin/bash
# LOAD ENV
cat >> /root/.bashrc << EOF
# RKE2 CONFIG
export PATH=$PATH:/var/lib/rancher/rke2/bin
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
EOF
@shpwrck
shpwrck / README.md
Last active March 27, 2023 20:14
Gloo & WebSockets

I used vi/websocat, but v0.10.0 because v0.11.0 didn't seem to work. Once I deployed the k8s-resources.yaml and the gloo-resources.yaml ... I:

  • Ran websocat ws://<<gateway_ip>> from within the websocat container
  • Passed in some values
  • Cancelled
  • Checked the logs for connection information.

Otherwise you can leverage piesocket. *You'll have to run the extension because "browsers don't support ws).

@shpwrck
shpwrck / test
Created December 12, 2022 17:42
test
# Name allows overriding the release name. Generally this should not be set
name: ""
# revision declares which revision this gateway is a part of
revision: "1-14-4"
replicaCount: 1
#kind: Deployment
rbac:
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
# when using http://gateway-api.org/.
enabled: true
@shpwrck
shpwrck / Values for EASTWEST
Created November 29, 2022 17:42
# Name allows overriding the release name. Generally this should not be set
name: ""
# revision declares which revision this gateway is a part of
revision: "1-14-4"
replicaCount: 1
#kind: Deployment
rbac:
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
# when using http://gateway-api.org/.
enabled: true
@shpwrck
shpwrck / 00-README.md
Last active October 12, 2022 12:18
Scale Testing Resources

My tests and test files

Content:

  • scale-test.sh
  • glooResources.yaml
  • appResources.yaml

Notes:

  • hardcoded cluster names (mgmt,worker-1,worker-2)
  • replicas set to 0 by default
@shpwrck
shpwrck / Production-Istio-1-14-X.md
Last active September 29, 2022 15:15

Config required to scale and secure Istio for production

*note: working document, may not apply to all installations/architectures

Cert Management

Manage Certificates with Cert-Manager

Benefit: