Provide a mechanism to enforce network security across clusters where membership is defined through the use of labels.
- Gloo Platform Control Plane Cluster, Gloo Agent Cluster A,B
- Istio Deployment on Cluster A,B
- Shared Trust (Root Trust Policy)
shpwrck
/ node-version
Last active
June 27, 2024 21:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while true; do | |
| cat /etc/machine-config-daemon/currentconfig | jq -c '.metadata.annotations' | awk --field-separator ",|{|}|:|\"" '{print $9"="$12}' > /etc/kubernetes/node-feature-discovery/features.d/node-version; | |
| sleep 1; | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: networking.gloo.solo.io/v2 | |
| kind: VirtualDestination | |
| metadata: | |
| name: ext-auth-service | |
| namespace: gloo-mesh-addons | |
| spec: | |
| ports: | |
| - number: 8083 | |
| protocol: GRPC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # LOAD ENV | |
| cat >> /root/.bashrc << EOF | |
| # RKE2 CONFIG | |
| export PATH=$PATH:/var/lib/rancher/rke2/bin | |
| export KUBECONFIG=/etc/rancher/rke2/rke2.yaml | |
| EOF |
I used vi/websocat, but v0.10.0 because v0.11.0 didn't seem to work. Once I deployed the k8s-resources.yaml and the gloo-resources.yaml ... I:
- Ran
websocat ws://<<gateway_ip>>from within the websocat container - Passed in some values
- Cancelled
- Checked the logs for connection information.
Otherwise you can leverage piesocket. *You'll have to run the extension because "browsers don't support ws).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Name allows overriding the release name. Generally this should not be set | |
| name: "" | |
| # revision declares which revision this gateway is a part of | |
| revision: "1-14-4" | |
| replicaCount: 1 | |
| #kind: Deployment | |
| rbac: | |
| # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed | |
| # when using http://gateway-api.org/. | |
| enabled: true |
shpwrck
/ Values for EASTWEST
Created
November 29, 2022 17:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Name allows overriding the release name. Generally this should not be set | |
| name: "" | |
| # revision declares which revision this gateway is a part of | |
| revision: "1-14-4" | |
| replicaCount: 1 | |
| #kind: Deployment | |
| rbac: | |
| # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed | |
| # when using http://gateway-api.org/. | |
| enabled: true |
shpwrck
/ Production-Istio-1-14-X.md
Last active
September 29, 2022 15:15
shpwrck
/ FailoverPriorityReadme.md
Last active
November 22, 2022 14:14
NewerOlder