Skip to content

Instantly share code, notes, and snippets.

View shpwrck's full-sized avatar
✳️

Jason Skrzypek shpwrck

✳️
58 followers · 212 following
View GitHub Profile
@shpwrck
shpwrck / report.md
Last active June 4, 2026 19:21
Istio

Istio Multi-Cluster Scale Test — Clean Pass Report

Date: 2026-06-04 Istio: v1.28.5 · Kubernetes: v1.34.6 (all spokes) · Harness: a4b8a18 Topology: 1 hub (rosa-001, no mesh) + 10 mesh spokes (rosa-002 … rosa-011), multi-primary / multi-network. rosa-002 is the source/primary; mesh size N = rosa-002 plus N−1 remotes. istiod: pinned 3 replicas/spoke (autoscaleEnabled=false), no istiod HPA. CPU request 250m (O5 fix), mem req 2Gi / limit 8Gi.

Status: 4 of 5 suites complete and clean. The 5th (churn-dataplane) is re-running on a harness fix (see §6); partial results through mesh-size 3 are clean. This report will be finalized when that sweep completes.

@shpwrck
shpwrck / Workshop.md
Last active December 9, 2025 17:09

OpenShift 102: Helm, Advanced Deployment Techniques, Istio, and Prometheus

Hands-On Workshop Agenda

Workshop Overview

Duration: Full Day

@shpwrck
shpwrck / STEPS.MD
Last active June 26, 2025 14:34
Control Plane Migration OCP-Virt

Steps

  1. Identify ETCD Master
etcdctl endpoint status -w table
  1. Shutdown non leader node and wait for node to report "Not Ready" and API Server to stabilize
  2. Update Quorum Guard and wait for API Server to stabilize (control plane components should redeploy)
oc patch etcd/cluster --type=merge \
@shpwrck
shpwrck / node-version
Last active June 27, 2024 21:01
#!/bin/bash
while true; do
cat /etc/machine-config-daemon/currentconfig | jq -c '.metadata.annotations' | awk --field-separator ",|{|}|:|\"" '{print $9"="$12}' > /etc/kubernetes/node-feature-discovery/features.d/node-version;
sleep 1;
done
@shpwrck
shpwrck / extauth.yaml
Created July 24, 2023 15:53
Path Based Regex with Gloo Platform
---
apiVersion: networking.gloo.solo.io/v2
kind: VirtualDestination
metadata:
name: ext-auth-service
namespace: gloo-mesh-addons
spec:
ports:
- number: 8083
protocol: GRPC
@shpwrck
shpwrck / README.md
Last active June 9, 2023 16:35
Label Based Auth

Requirements

Provide a mechanism to enforce network security across clusters where membership is defined through the use of labels.

Components

Pre-Installed Components

  • Gloo Platform Control Plane Cluster, Gloo Agent Cluster A,B
    • Istio Deployment on Cluster A,B
  • Shared Trust (Root Trust Policy)
@shpwrck
shpwrck / setup.sh
Last active May 25, 2023 15:52
RKE2 with Cilium
#!/bin/bash
# LOAD ENV
cat >> /root/.bashrc << EOF
# RKE2 CONFIG
export PATH=$PATH:/var/lib/rancher/rke2/bin
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
EOF
@shpwrck
shpwrck / README.md
Last active March 27, 2023 20:14
Gloo & WebSockets

I used vi/websocat, but v0.10.0 because v0.11.0 didn't seem to work. Once I deployed the k8s-resources.yaml and the gloo-resources.yaml ... I:

  • Ran websocat ws://<<gateway_ip>> from within the websocat container
  • Passed in some values
  • Cancelled
  • Checked the logs for connection information.

Otherwise you can leverage piesocket. *You'll have to run the extension because "browsers don't support ws).

@shpwrck
shpwrck / test
Created December 12, 2022 17:42
test
# Name allows overriding the release name. Generally this should not be set
name: ""
# revision declares which revision this gateway is a part of
revision: "1-14-4"
replicaCount: 1
#kind: Deployment
rbac:
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
# when using http://gateway-api.org/.
enabled: true
@shpwrck
shpwrck / Values for EASTWEST
Created November 29, 2022 17:42
# Name allows overriding the release name. Generally this should not be set
name: ""
# revision declares which revision this gateway is a part of
revision: "1-14-4"
replicaCount: 1
#kind: Deployment
rbac:
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
# when using http://gateway-api.org/.
enabled: true