mitzen

After you have enable mesh in the cluster, the next thing to do is to deploy your application. But before that, you need to ensure your namespace has been annotated correctly using the following commands kubectl label namespace test1 istio-injection=enabled --overwrite kubectl annotate --overwrite namespace test1 mesh.cloud.google.com/proxy='{"managed":"true"}' This contrasts with the traditional Istio setup, where sidecar injection is controlled by istio-injection=enabled. This provides seamless proxy upgrades. 

You can use the following command to get more details of your gke cluster mesh: gcloud container fleet mesh describe --project FLEET_PROJECT_ID Possible values are  TRAFFIC_DIRECTOR : Google Cloud's core infrastructure acts as the control plane for Cloud Service Mesh. ISTIOD : A managed instance of istiod functions as the Cloud Service Mesh control plane. 

 When setting up istio separately on a GKE autopilot cluster and not making use of gke managed service, so you can installed it but won't be able to get istio side car to run when you deploy your application.  Then you will get some error such as if you look the log explorer :-  " 'istio-init' not allowed; Autopilot only allows the capabilities: 'AUDIT_WRITE,CHOWN,DAC_OVERRIDE,FOWNER,FSETID,KILL,MKNOD,NET_BIND_SERVICE,NET_RAW,SETFCAP,SETGID,SETPCAP,SETUID,SYS_CHROOT,SYS_PTRACE'."]} " This is by design. But you can override it by running the following command and that would get your pod to be running in an istio injected namespace.  gcloud container clusters update $CLUSTER_NAME --workload-policies=allow-net-admin As you can see here, after running the gcloud command above, we are able to see the pod and sidecar running.

You can use the following command to set the region  gcloud config set compute/zone us-central1-a

  This is a good starter app that supports many different ORM and implementations such as graphql. Check it out. https://github.com/ljlm0402/ typescript-express-starter

While creating either vpc or cloud nat gateway is not really a thing, but it can be confusing when you trying to wonder where is the public ip associated with it?  It is allocated automatically. all you need to do is  - create custom vpc say mytest-vpc - create cloud nat gateway  - then place vm instance in the subnet and you can see your public ip address appearing  This is my custom vpc network. And then placing the VM in the subnet  When you ssh into that box, you will notice there's a public ip address appearing.   

We can configure the VM to use cloud NAT router instead of its public external ip. First we have to create a cloud NAT router.  Let's create our cloud NAT and cloud router first. In this configuration we will be attaching it to default VPC network.  It should give you an public IP. Next, let's create our VM and configure it to  - use default network  - disable public ip creation by setting it to none, by setting External IP to none - as shown here:- And when try to et the default IP use for your network, you will get it using the cloud router IP.

 kubectl run -it ubuntu --image=ubuntu -- bash

  curl -s https://checkip.amazonaws.com

  To create a service we can just use the following demo code  import { Injectable } from "@angular/core" ; export class Logger {   log ( message : string )   {     console . log ( message );   } } Then to use that in the component, we can include the following code:  import { Component , inject } from '@angular/core' ; import { Logger } from "./betterLogger" ; @ Component ({   selector : 'app-ssrcounter' ,   imports : [],   templateUrl : './ssrcounter.component.html' ,   styleUrl : './ssrcounter.component.css' ,   providers : [ Logger ] }) export class SsrcounterComponent {     //alternative   //private logger = inject(Logger);   constructor ( privateprivate logger : Logger )   {       service . getUsers ();       logger . log ( "testing" )   } }

To create an angular pipe, you can use the following code. We create a mycustomTransformation pipe by adding a file that has the following codes import { Pipe , PipeTransform } from '@angular/core' ; @ Pipe ({   name: 'myCustomTransformation' , }) export class MyCustomTransformationPipe implements PipeTransform {   transform ( value : string ) : string {     return `My custom transformation of ${ value } .`   } } To use the pipe above in your angular component, you need to import it as show below here import { Component , inject } from '@angular/core' ; import { UserService } from "./userservice" ; import { Logger , EvenBetterLogger } from "./betterLogger" ; import { MyCustomTransformationPipe } from './userpipe' ; @ Component ({   selector : 'app-ssrcounter' ,   imports : [ MyCustomTransformationPipe ],   templateUrl : './ssrcounter.component.html' ,   styleUrl : './ssrcounter.component...

To get a list of accelerator listed in specific regions, you can use the following command: gcloud compute accelerator-types list

In this setup we are  trying to call Azure Devops endpoint to files in a repository or get a file content using REST API without using a PAT token. Instead we are fully relying on using workload identity and use Bear authorization. Let's see how we can do that.  Before starting we need to ensure  1. your pod is running on a specific managed identity (workload identity) 2. you have granted permission for this managed identity to access your Azure Devops  repositories / project $AzureDevopsApplicationId = "499b84ac-1321-427f-aa17-267ca6975798" # we are using az cli to get us the acces token $token = az account get-access - token -- resource $AzureDevopsApplicationId | ConvertFrom-Json $headers = SetupAuthorizationHeader $token .accessToken function SetupAuthorizationHeader ( $usertoken ) {           Write-Host ( "SetupAuthorizationHeader function/module" )   Write-Host ( $usertoken )   $headers = New-Object "System.Collect...