Skip to content

Instantly share code, notes, and snippets.

View shpwrck's full-sized avatar
👓

Jason Skrzypek shpwrck

👓
56 followers · 190 following
View GitHub Profile
@shpwrck
shpwrck / envoy-basic.yaml
Last active June 6, 2022 19:10
EnvoyConfig
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
@shpwrck
shpwrck / istio-echo.yaml
Last active September 27, 2022 13:17
##################################################################################################
# Echo Frontend
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
app: frontend
service: frontend
@shpwrck
shpwrck / DATADOG-README.md
Last active September 19, 2022 13:58

Datadog & Gloo Mesh Options

Option 1 - Leverage Envoy/Istio Integrations

Explanation

Datadog offers integrations at a lower price point, but with preselected metrics and dashboards.

Sample Configs

@shpwrck
shpwrck / FailoverPriorityReadme.md
Last active November 22, 2022 14:14

Demonstration of Failover Priority with Istio Multicluster

Sample Environment

  • Four Clusters: {alvin,simon,theodore,dave}
  • Ingress Gateway
  • East-West Gateway
  • Istiod
  • Istio Echo Application
@shpwrck
shpwrck / Production-Istio-1-14-X.md
Last active September 29, 2022 15:15

Config required to scale and secure Istio for production

*note: working document, may not apply to all installations/architectures

Cert Management

Manage Certificates with Cert-Manager

Benefit:

@shpwrck
shpwrck / 00-README.md
Last active October 12, 2022 12:18
Scale Testing Resources

My tests and test files

Content:

  • scale-test.sh
  • glooResources.yaml
  • appResources.yaml

Notes:

  • hardcoded cluster names (mgmt,worker-1,worker-2)
  • replicas set to 0 by default
@shpwrck
shpwrck / Values for EASTWEST
Created November 29, 2022 17:42
# Name allows overriding the release name. Generally this should not be set
name: ""
# revision declares which revision this gateway is a part of
revision: "1-14-4"
replicaCount: 1
#kind: Deployment
rbac:
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
# when using http://gateway-api.org/.
enabled: true
@shpwrck
shpwrck / test
Created December 12, 2022 17:42
test
# Name allows overriding the release name. Generally this should not be set
name: ""
# revision declares which revision this gateway is a part of
revision: "1-14-4"
replicaCount: 1
#kind: Deployment
rbac:
# If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed
# when using http://gateway-api.org/.
enabled: true
@shpwrck
shpwrck / README.md
Last active March 27, 2023 20:14
Gloo & WebSockets

I used vi/websocat, but v0.10.0 because v0.11.0 didn't seem to work. Once I deployed the k8s-resources.yaml and the gloo-resources.yaml ... I:

  • Ran websocat ws://<<gateway_ip>> from within the websocat container
  • Passed in some values
  • Cancelled
  • Checked the logs for connection information.

Otherwise you can leverage piesocket. *You'll have to run the extension because "browsers don't support ws).

@shpwrck
shpwrck / setup.sh
Last active May 25, 2023 15:52
RKE2 with Cilium
#!/bin/bash
# LOAD ENV
cat >> /root/.bashrc << EOF
# RKE2 CONFIG
export PATH=$PATH:/var/lib/rancher/rke2/bin
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
EOF