At this point, I am #selfhosting:
- my blog (k3d+#istio+hugo)
- my vpn/adblocker (tailscale + #adguardhome on #rpi4 running #nixos)
- my music collection (navidrome on rpi4)
- local #llm (mix of vps, local vm, still experimenting here)
I also have an #oss smartwatch that I patched here and there, and were selfhosting my #mastodon instance for a few weeks.
I really enjoy the fact I can customize all this to my liking and having this kind of #privacy
#selfhosting #Istio #AdGuardHome #rpi4 #nixos #llm #oss #mastodon #privacy
Yay new Istio version!
https://istio.io/latest/news/releases/1.18.x/announcing-1.18.2/
#Istio #kubernetes #envoyproxy
Wow, my #Loki #Istio dashboard based on access logs blew up at some point. It has over 18k downloads: https://grafana.com/grafana/dashboards/14876-grafana-loki-dashboard-for-istio-service-mesh/
Hmm Istio reached the CNFC graduated status, for me Istio reached memory leaks all day long...
in the process of learning with exposing the Flux webhook as HTTPS so GitLab can pick it up, the certs for TLS with Istio have to be in the same namespace as Istio, which is a bit different of an architecture that I'm used to. I've been using it without noticing in my Knative setup since it transparently takes care of that with the net-istio provider.
So, what you can see on the screenshot from last night is that I have a custom telemetry EnvoyFilter that my pipeline applies by default after each upgrade.
The issue is that #Istio 1.17 started to decommission the stats-filters, and switched to a native implementation.
1.18 doesn't include these filters at all anymore, but since I had the filter applied it wanted to create #WASM filters, and that's not possible anymore.
I removed this filter, and the CPU/MEM spikes disappeared.
Usually, nothing exciting happens when I upgrade #Istio nowadays, but it might be different this time.
π΄ We're live in 30 mins with Idit Levine of Solo.io. We have a lot on the agenda: Istio, Ambient Mesh, Envoy, Zero-Trust Security, Cilium, eBPF, Multi-Cloud. See you there. @nirmal #kubernetes #istio #servicemesh
https://www.youtube.com/watch?v=SCbYYEhCU_4
#kubernetes #Istio #servicemesh
inspired by this gist
https://gist.github.com/dangovorenefekt/b187b30e59ed1b827515cdbc833bc1bf
I made an EnvoyFilter to reject certain bots from visiting sites hosted on my infra
https://gitlab.com/islive.xyz/infra/-/blob/05db5aa822b12318ef43d7df454eb11d0d76024d/clusters/syd1/istio-system/reject-bot-useragents.yaml
#Istio #envoyproxy #kubernetes #fluxcd
It's hot outside, but you know what's even hotter? The #CloudNative meetup taking place at the Google office in #Stockholm this evening. I'll be talking about how to translate "real" policy, like the upcoming #EUCS framework into #PolicyAsCode using #OpenPolicyAgent and #Rego. Also, my buddy Abdel to present on ambient service mesh and #Istio. Good times!
#cloudnative #stockholm #eucs #PolicyAsCode #OpenPolicyAgent #Rego #Istio #CloudNativeNordics #cncf #devops #devsecops #code
Configuring Istio using the Kubernetes Gateway API https://www.danielstechblog.io/configuring-istio-using-the-kubernetes-gateway-api/ #Istio #Azure #AKS #Kubernetes #k8s
#Istio #azure #aks #kubernetes #k8s
Come and say hi, if youβre at #kubecon this week! I will be at the solo.io booth, and would be happy to talk about #istio, #ebpf, #observability, and #coffee.
#kubecon #Istio #ebpf #observability #coffee
Another prominent leader departs a big IT employer to take a new role at Solo.io. #Istio #servicemesh #Google #AmbientMesh https://www.techtarget.com/searchitoperations/news/365534492/Istio-service-mesh-doyen-departs-Google-touts-Ambient-Mesh
#Istio #servicemesh #google #AmbientMesh
So istio keys off of the name of the service port, cool, cool... And apparently tcp vs http handling fixes some thing due to.... Different header rewriting? Exciting!
Any #servicemesh folks using #istio please share some tips on how to atleast master the basic components of it, it's like a big ? In my head
ADA Logics conducted a security audit of Istio and found no critical issues; the highlight of the report was the discovery of a vulnerability in the Go programming language. All 11 security issues reported were fixed, demonstrating that Istio is a well-maintained and secure project. https://www.cncf.io/blog/2023/01/30/istio-publishes-results-of-2022-security-audit/ #Istio #GoProgramming #SecurityAudit
#Istio #goprogramming #securityaudit
Ok, if Istio mTLS is supposed to be transparent, how the heck am I getting TLS handshake errors?
So because I enjoy pain, I am installing Istio on my homelab. Partly so I can learn it enough to talk about at work, and partly because Kiali will make a totally sic graph out of it all.
It is certainly an educational exercise.
All sorts of shit seems to break when I enable istio then restart pods. TLS errors abound, and some probes fail, not sure why just yet ...