Cloud Native Catalog
Easily import any catalog item into Meshery. Have a design pattern to share? Add yours to the catalog.
Meshery CLI
Import using mesheryctl, visit docs for steps.
1. Apply a pattern file.
mesheryctl pattern apply -f [file | URL]
2. Onboard an application.
mesheryctl app onboard -f [file-path]
3. Apply a WASM filter file.
mesheryctl exp filter apply --file [GitHub Link]
No results found
Accelerated mTLS handshake for Envoy data planes
MESHERY4421
ACCELERATED MTLS HANDSHAKE FOR ENVOY DATA PLANES
What this pattern does
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
...read moreCaveats and Considerations
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
...read moreTechnologies
Acme Operator
MESHERY4627
ACME OPERATOR
What this pattern does
Let’s Encrypt uses the ACME protocol to verify that you control a given domain name and to issue you a certificate. To get a Let’s Encrypt certificate, you’ll need to choose a piece of ACME client software to use.
...read moreCaveats and Considerations
We recommend that most people start with the Certbot client. It can simply get a cert for you or also help you install, depending on what you prefer. It’s easy to use, works on many operating systems, and has great documentation.
...read moreTechnologies
Amazon Web Services IoT Architecture Diagram
MESHERY449f
AMAZON WEB SERVICES IOT ARCHITECTURE DIAGRAM
What this pattern does
This comprehensive IoT architecture harnesses the power of Amazon Web Services (AWS) to create a robust and scalable Internet of Things (IoT) ecosystem
...read moreCaveats and Considerations
It cannot be deployed because the nodes used to create the diagram are shapes and not components.
...read moreTechnologies
Apache ShardingSphere Operator
MESHERY4803
APACHE SHARDINGSPHERE OPERATOR
What this pattern does
The ShardingSphere Kubernetes Operator automates provisioning, management, and operations of ShardingSphere Proxy clusters running on Kubernetes. Apache ShardingSphere is an ecosystem to transform any database into a distributed database system, and enhance it with sharding, elastic scaling, encryption features & more.
...read moreCaveats and Considerations
Ensure Apache ShardingSphere and Knative Service is registered as a MeshModel
...read moreTechnologies
App-graph
MESHERY4f74
APP-GRAPH
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Argo CD w/Dex
MESHERY4c82
ARGO CD W/DEX
What this pattern does
The Argo CD server component exposes the API and UI. The operator creates a Service to expose this component and can be accessed through the various methods available in Kubernetes.
...read moreCaveats and Considerations
Dex can be used to delegate authentication to external identity providers like GitHub, SAML and others. SSO configuration of Argo CD requires updating the Argo CD CR with Dex connector settings.
...read moreTechnologies
ArgoCD-Application [Components added for Network, Storage and Orchestration]
MESHERY41e0
ARGOCD-APPLICATION [COMPONENTS ADDED FOR NETWORK, STORAGE AND ORCHESTRATION]
What this pattern does
This is design that deploys ArgoCD application that includes Nginx virtual service, Nginx server, K8s pod autoscaler, OpenEBS's Jiva volume, and a sample ArgoCD application listening on 127.0.0.4
...read moreCaveats and Considerations
Ensure networking is setup properly
...read moreTechnologies
Bank of Anthos
MESHERY48be
BANK OF ANTHOS
What this pattern does
Bank of Anthos is a sample HTTP-based web app that simulates a bank's payment processing network, allowing users to create artificial bank accounts and complete transactions.
...read moreCaveats and Considerations
Ensure enough resources are available on the cluster.
...read moreTechnologies
BookInfo App w/o Kubernetes
MESHERY47b4
BOOKINFO APP W/O KUBERNETES
What this pattern does
The Bookinfo application is a collection of microservices that work together to display information about a book. The main microservice is called productpage, which fetches data from the details and reviews microservices to populate the book's page. The details microservice contains specific information about the book, such as its ISBN and number of pages. The reviews microservice contains reviews of the book and also makes use of the ratings microservice to retrieve ranking information for each review. The reviews microservice has three different versions: v1, v2, and v3. In v1, the microservice does not interact with the ratings service. In v2, it calls the ratings service and displays the rating using black stars, ranging from 1 to 5. In v3, it also calls the ratings service but displays the rating using red stars, again ranging from 1 to 5. These different versions allow for flexibility and experimentation with different ways of presenting the books ratings to users.
...read moreCaveats and Considerations
Users need to ensure that their cluster is properly configured with Istio, including the installation of the necessary components and enabling sidecar injection for the microservices. Ensure that Meshery Adapter for Istio service mesh is installed properly for easy installation/registration of Istio's MeshModels with Meshery Server. Another consideration is the resource requirements of the application. The Bookinfo application consists of multiple microservices, each running as a separate container. Users should carefully assess the resource needs of the application and ensure that their cluster has sufficient capacity to handle the workload. This includes considering factors such as CPU, memory, and network bandwidth requirements.
...read moreTechnologies
Busybox (single)
MESHERY4c98
BUSYBOX (SINGLE)
What this pattern does
This design deploys simple busybox app inside Layer5-test namespace
...read moreCaveats and Considerations
None
...read moreTechnologies
Catalog Design2
MESHERY41bb
CATALOG DESIGN2
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
CryptoMB
MESHERY441b
CRYPTOMB
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
CryptoMB-TLS-handshake-acceleration-for-Istio
MESHERY4f96
CRYPTOMB-TLS-HANDSHAKE-ACCELERATION-FOR-ISTIO
What this pattern does
Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.\\\\\\\\\\\\\\
\\\\\\\\\\\\\\
Envoy uses BoringSSL as the default TLS library. BoringSSL supports setting private key methods for offloading asynchronous private key operations, and Envoy implements a private key provider framework to allow creation of Envoy extensions which handle TLS handshakes private key operations (signing and decryption) using the BoringSSL hooks.\\\\\\\\\\\\\\
\\\\\\\\\\\\\\
CryptoMB private key provider is an Envoy extension which handles BoringSSL TLS RSA operations using Intel AVX-512 multi-buffer acceleration. When a new handshake happens, BoringSSL invokes the private key provider to request the cryptographic operation, and then the control returns to Envoy. The RSA requests are gathered in a buffer. When the buffer is full or the timer expires, the private key provider invokes Intel AVX-512 processing of the buffer. When processing is done, Envoy is notified that the cryptographic operation is done and that it may continue with the handshakes.
Caveats and Considerations
None
...read moreTechnologies
CryptoMB-TLS-handshake-acceleration-for-Istio
MESHERY42b7
CRYPTOMB-TLS-HANDSHAKE-ACCELERATION-FOR-ISTIO
What this pattern does
Envoy uses BoringSSL as the default TLS library. BoringSSL supports setting private key methods for offloading asynchronous private key operations, and Envoy implements a private key provider framework to allow creation of Envoy extensions which handle TLS handshakes private key operations (signing and decryption) using the BoringSSL hooks.\\
\\
CryptoMB private key provider is an Envoy extension which handles BoringSSL TLS RSA operations using Intel AVX-512 multi-buffer acceleration. When a new handshake happens, BoringSSL invokes the private key provider to request the cryptographic operation, and then the control returns to Envoy. The RSA requests are gathered in a buffer. When the buffer is full or the timer expires, the private key provider invokes Intel AVX-512 processing of the buffer. When processing is done, Envoy is notified that the cryptographic operation is done and that it may continue with the handshakes.\\
Envoy uses BoringSSL as the default TLS library. BoringSSL supports setting private key methods for offloading asynchronous private key operations, and Envoy implements a private key provider framework to allow creation of Envoy extensions which handle TLS handshakes private key operations (signing and decryption) using the BoringSSL hooks.\\
\\
CryptoMB private key provider is an Envoy extension which handles BoringSSL TLS RSA operations using Intel AVX-512 multi-buffer acceleration. When a new handshake happens, BoringSSL invokes the private key provider to request the cryptographic operation, and then the control returns to Envoy. The RSA requests are gathered in a buffer. When the buffer is full or the timer expires, the private key provider invokes Intel AVX-512 processing of the buffer. When processing is done, Envoy is notified that the cryptographic operation is done and that it may continue with the handshakes.\\
\\
\\
Caveats and Considerations
None
...read moreTechnologies
CryptoMB.yml
MESHERY4c1f
CRYPTOMB.YML
What this pattern does
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
...read moreCaveats and Considerations
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
...read moreTechnologies
Delay Action for Chaos Mesh
MESHERY4dcc
DELAY ACTION FOR CHAOS MESH
What this pattern does
A simple example
...read moreCaveats and Considerations
An example the delay action
...read moreTechnologies
Deployment Web
MESHERY477c
DEPLOYMENT WEB
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Distributed Database w/ Shardingshpere
MESHERY4ba3
DISTRIBUTED DATABASE W/ SHARDINGSHPERE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
ELK stack
MESHERY4b16
ELK STACK
What this pattern does
ELK stack in kubernetes deployed with simple python app using logstash ,kibana , filebeat ,elastic search.
...read moreCaveats and Considerations
here technologies included are kubernetes , elastic search ,log stash ,log stash ,kibana ,python etc
...read moreTechnologies
Edge Firewall Relationship
MESHERY490f
EDGE FIREWALL RELATIONSHIP
What this pattern does
A relationship that act as a firewall for ingress and egress traffic from Pods.
...read moreCaveats and Considerations
NA
...read moreTechnologies
Edge Permission Relationship
MESHERY4ce5
EDGE PERMISSION RELATIONSHIP
What this pattern does
A relationship that binds permission between components. Eg: ClusterRole defines a set of permissions, ClusterRoleBinding binds those permissions to subjects like service accounts.
...read moreCaveats and Considerations
NA
...read moreTechnologies
ElasticSearch
MESHERY4654
ELASTICSEARCH
What this pattern does
Kubernetes makes it trivial for anyone to easily build and scale Elasticsearch clusters. Here, you'll find how to do so. Current Elasticsearch version is 5.6.2.
...read moreCaveats and Considerations
Elasticsearch for Kubernetes: Current pod descriptors use an emptyDir for storing data in each data node container. This is meant to be for the sake of simplicity and should be adapted according to your storage needs.
...read moreTechnologies
Emojivoto Application
MESHERY4c01
EMOJIVOTO APPLICATION
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Envoy using BoringSSL
MESHERY447c
ENVOY USING BORINGSSL
What this pattern does
Envoy uses BoringSSL as the default TLS library. BoringSSL supports setting private key methods for offloading asynchronous private key operations, and Envoy implements a private key provider framework to allow creation of Envoy extensions which handle TLS handshakes private key operations (signing and decryption) using the BoringSSL hooks.
CryptoMB private key provider is an Envoy extension which handles BoringSSL TLS RSA operations using Intel AVX-512 multi-buffer acceleration. When a new handshake happens, BoringSSL invokes the private key provider to request the cryptographic operation, and then the control returns to Envoy. The RSA requests are gathered in a buffer. When the buffer is full or the timer expires, the private key provider invokes Intel AVX-512 processing of the buffer. When processing is done, Envoy is notified that the cryptographic operation is done and that it may continue with the handshakes.
Envoy uses BoringSSL as the default TLS library. BoringSSL supports setting private key methods for offloading asynchronous private key operations, and Envoy implements a private key provider framework to allow creation of Envoy extensions which handle TLS handshakes private key operations (signing and decryption) using the BoringSSL hooks.
CryptoMB private key provider is an Envoy extension which handles BoringSSL TLS RSA operations using Intel AVX-512 multi-buffer acceleration. When a new handshake happens, BoringSSL invokes the private key provider to request the cryptographic operation, and then the control returns to Envoy. The RSA requests are gathered in a buffer. When the buffer is full or the timer expires, the private key provider invokes Intel AVX-512 processing of the buffer. When processing is done, Envoy is notified that the cryptographic operation is done and that it may continue with the handshakes.
Caveats and Considerations
test
...read moreTechnologies
Example Edge-Permission Relationship
MESHERY4f9f
EXAMPLE EDGE-PERMISSION RELATIONSHIP
What this pattern does
The design showcases the operational dynamics of the Edge-Permission relationship. To engage with its functionality, adhere to the sequential steps below: 1. Duplicate this design by cloning it. 2. Modify the name of the service account. Upon completion, you'll notice that the connection visually represented by the edge vanishes, and the ClusterRoleBinding (CRB) is disassociated from both the ClusterRole (CR) and Service Account (SA). To restore this relationship, you can either, 1. Drag the CRB from the CR to the SA, then release the mouse click. This action triggers the recreation of the relationship, as the relationship constraints get satisfied. 2. Or, revert the name of the SA. This automatically recreates the relationship, as the relationship constraints get satisfied. These are a few of the ways to experience this relationship.
...read moreCaveats and Considerations
NA
...read moreTechnologies
Fault-tolerant batch workloads on GKE
MESHERY4b55
FAULT-TOLERANT BATCH WORKLOADS ON GKE
What this pattern does
A batch workload is a process typically designed to have a start and a completion point. You should consider batch workloads on GKE if your architecture involves ingesting, processing, and outputting data instead of using raw data. Areas like machine learning, artificial intelligence, and high performance computing (HPC) feature different kinds of batch workloads, such as offline model training, batched prediction, data analytics, simulation of physical systems, and video processing. By designing containerized batch workloads, you can leverage the following GKE benefits: An open standard, broad community, and managed service. Cost efficiency from effective workload and infrastructure orchestration and specialized compute resources. Isolation and portability of containerization, allowing the use of cloud as overflow capacity while maintaining data security. Availability of burst capacity, followed by rapid scale down of GKE clusters.
...read moreCaveats and Considerations
Ensure proper networking of components for efficient functioning
...read moreTechnologies
Fortio Server
MESHERY4614
FORTIO SERVER
What this pattern does
This infrastructure design defines a service and a deployment for a component called Fortio-server **Service: fortio-server-service**- Type: Kubernetes Service - Namespace: Default - Port: Exposes port 8080 - Selector: Routes traffic to pods with the label app: fortio-server - Session Affinity: None - Service Type: ClusterIP - MeshMap Metadata: Describes its relationship with Kubernetes and its category as Scheduling & Orchestration. - Position: Positioned within a graphical representation of infrastructure. **Deployment: fortio-server-deployment** - Type: Kubernetes Deployment - Namespace: Default - Replicas: 1 - Selector: Matches pods with the label app: fortio-server - Pod Template: Specifies a container image for Fortio-server, its resource requests, and a service account. - Container Image: Uses the fortio/fortio:1.32.1 image - MeshMap Metadata: Specifies its parent-child relationship with the fortio-server-service and provides styling information. - Position: Positioned relative to the service within the infrastructure diagram. This configuration sets up a service and a corresponding deployment for Fortio-server in a Kubernetes environment. The service exposes port 8080, while the deployment runs a container with the Fortio-server image. These components are visualized using MeshMap for tracking and visualization purposes.
...read moreCaveats and Considerations
Ensure networking is setup properly and enuough resources are available
...read moreTechnologies
GlusterFS Service
MESHERY4aa9
GLUSTERFS SERVICE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
GuestBook App
MESHERY4a54
GUESTBOOK APP
What this pattern does
The GuestBook App is a cloud-native application designed using Kubernetes as the underlying orchestration and management system. It consists of various services and components deployed within Kubernetes namespaces. The default namespace represents the main environment where the application operates. The frontend-cyrdx service is responsible for handling frontend traffic and is deployed as a Kubernetes service with a selector for the guestbook application and frontend tier. The frontend-fsfct deployment runs multiple replicas of the frontend component, which utilizes the gb-frontend image and exposes port 80. The guestbook namespace serves as a logical grouping for components related to the GuestBook App. The redis-follower-armov service handles follower Redis instances for the backend, while the redis-follower-nwlew deployment manages multiple replicas of the follower Redis container. The redis-leader-fhxla deployment represents the leader Redis container, and the redis-leader-vjtmi service exposes it as a Kubernetes service. These components work together to create a distributed and scalable architecture for the GuestBook App, leveraging Kubernetes for container orchestration and management.
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between the frontend and backend components of the app.
...read moreTechnologies
GuestBook App
MESHERY4b31
GUESTBOOK APP
What this pattern does
The GuestBook App is a cloud-native application designed using Kubernetes as the underlying orchestration and management system. It consists of various services and components deployed within Kubernetes namespaces. The default namespace represents the main environment where the application operates. The frontend-cyrdx service is responsible for handling frontend traffic and is deployed as a Kubernetes service with a selector for the guestbook application and frontend tier. The frontend-fsfct deployment runs multiple replicas of the frontend component, which utilizes the gb-frontend image and exposes port 80. The guestbook namespace serves as a logical grouping for components related to the GuestBook App. The redis-follower-armov service handles follower Redis instances for the backend, while the redis-follower-nwlew deployment manages multiple replicas of the follower Redis container. The redis-leader-fhxla deployment represents the leader Redis container, and the redis-leader-vjtmi service exposes it as a Kubernetes service. These components work together to create a distributed and scalable architecture for the GuestBook App, leveraging Kubernetes for container orchestration and management.
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between the frontend and backend components of the app.
...read moreTechnologies
GuestBook App (Copy)
MESHERY4263
GUESTBOOK APP (COPY)
What this pattern does
The GuestBook App is a cloud-native application designed using Kubernetes as the underlying orchestration and management system. It consists of various services and components deployed within Kubernetes namespaces. The default namespace represents the main environment where the application operates. The frontend-cyrdx service is responsible for handling frontend traffic and is deployed as a Kubernetes service with a selector for the guestbook application and frontend tier. The frontend-fsfct deployment runs multiple replicas of the frontend component, which utilizes the gb-frontend image and exposes port 80. The guestbook namespace serves as a logical grouping for components related to the GuestBook App. The redis-follower-armov service handles follower Redis instances for the backend, while the redis-follower-nwlew deployment manages multiple replicas of the follower Redis container. The redis-leader-fhxla deployment represents the leader Redis container, and the redis-leader-vjtmi service exposes it as a Kubernetes service. These components work together to create a distributed and scalable architecture for the GuestBook App, leveraging Kubernetes for container orchestration and management.
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between the frontend and backend components of the app.
...read moreTechnologies
Guestbook App (All-in-One)
MESHERY4b20
GUESTBOOK APP (ALL-IN-ONE)
What this pattern does
This is a sample guestbook app to demonstrate distributed systems
...read moreCaveats and Considerations
1. Ensure networking is setup properly. 2. Ensure enough disk space is available
...read moreTechnologies
Hierarchical Parent Relationship
MESHERY4a65
HIERARCHICAL PARENT RELATIONSHIP
What this pattern does
A relationship that defines whether a component can be a parent of other components. Eg: Namespace is Parent and Role, ConfigMap are children.
...read moreCaveats and Considerations
""
...read moreTechnologies
Hierarchical Inventory Relationship
MESHERY4c5a
HIERARCHICAL INVENTORY RELATIONSHIP
What this pattern does
A hierarchical inventory relationship in which the configuration of (parent) component is patched with the configuration of child component. Eg: The configuration of the Deployment (parent) component is patched with the configuration as received from ConfigMap (child) component.
...read moreCaveats and Considerations
NA
...read moreTechnologies
HorizontalPodAutoscaler
MESHERY41d1
HORIZONTALPODAUTOSCALER
What this pattern does
A HorizontalPodAutoscaler (HPA for short) automatically updates a workload resource (such as a Deployment or StatefulSet), with the aim of automatically scaling the workload to match demand Horizontal scaling means that the response to increased load is to deploy more Pods. This is different from vertical scaling, which for Kubernetes would mean assigning more resources (for example: memory or CPU) to the Pods that are already running for the workload. If the load decreases, and the number of Pods is above the configured minimum, the HorizontalPodAutoscaler instructs the workload resource (the Deployment, StatefulSet, or other similar resource) to scale back down.
...read moreCaveats and Considerations
Modify deployments and names according to requirement
...read moreTechnologies
Install-Traefik-as-ingress-controller
MESHERY4796
INSTALL-TRAEFIK-AS-INGRESS-CONTROLLER
What this pattern does
This design creates a ServiceAccount, DaemonSet, Service, ClusterRole, and ClusterRoleBinding resources for Traefik. The DaemonSet ensures that a single Traefik instance is deployed on each node in the cluster, facilitating load balancing and routing of incoming traffic. The Service allows external traffic to reach Traefik, while the ClusterRole and ClusterRoleBinding provide the necessary permissions for Traefik to interact with Kubernetes resources such as services, endpoints, and ingresses. Overall, this setup enables Traefik to efficiently manage ingress traffic within the Kubernetes environment, providing features like routing, load balancing, and SSL termination.
...read moreCaveats and Considerations
-Resource Utilization: Ensure monitoring and scalability to manage resource consumption across nodes, especially in large clusters. -Security Measures: Implement strict access controls and firewall rules to protect Traefik's admin port (8080) from unauthorized access. -Configuration Complexity: Understand Traefik's configuration intricacies for routing rules and SSL termination to avoid misconfigurations. -Compatibility Testing: Regularly test Traefik's compatibility with Kubernetes and other cluster components before upgrading versions. -High Availability Setup: Employ strategies like pod anti-affinity rules to ensure Traefik's availability and uptime. -Performance Optimization: Conduct performance tests to minimize latency and overhead introduced by Traefik in the data path.
...read moreTechnologies
Istio BookInfo Application
MESHERY4bda
ISTIO BOOKINFO APPLICATION
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Istio Control Plane
MESHERY4a09
ISTIO CONTROL PLANE
What this pattern does
This design includes an Istio control plane, which will deploy to the istio-system namespace by default.
...read moreCaveats and Considerations
No namespaces are annotated for sidecar provisioning in this design.
...read moreTechnologies
Istio HTTP Header Filter (Clone)
MESHERY4bfd
ISTIO HTTP HEADER FILTER (CLONE)
What this pattern does
This is a test design
...read moreCaveats and Considerations
NA
...read moreTechnologies
JAX 'Hello World' using NVIDIA GPUs A100-80GB on GKE
MESHERY4cfd
JAX 'HELLO WORLD' USING NVIDIA GPUS A100-80GB ON GKE
What this pattern does
JAX is a rapidly growing Python library for high-performance numerical computing and machine learning (ML) research. With applications in large language models, drug discovery, physics ML, reinforcement learning, and neural graphics, JAX has seen incredible adoption in the past few years. JAX offers numerous benefits for developers and researchers, including an easy-to-use NumPy API, auto differentiation and optimization. JAX also includes support for distributed processing across multi-node and multi-GPU systems in a few lines of code, with accelerated performance through XLA-optimized kernels on NVIDIA GPUs. We show how to run JAX multi-GPU-multi-node applications on GKE (Google Kubernetes Engine) using the A2 ultra machine series, powered by NVIDIA A100 80GB Tensor Core GPUs. It runs a simple Hello World application on 4 nodes with 8 processes and 8 GPUs each.
...read moreCaveats and Considerations
Ensure networking is setup properly and correct annotation are applied to each resource
...read moreTechnologies
Kubernetes Deployment with Azure File Storage
MESHERY487a
KUBERNETES DEPLOYMENT WITH AZURE FILE STORAGE
What this pattern does
This design sets up a Kubernetes Deployment deploying two NGINX containers. Each container utilizes an Azure File storage volume for shared data. The NGINX instances serve web content while accessing an Azure File share, enabling scalable and shared storage for the web servers.
...read moreCaveats and Considerations
1. Azure Configuration: Ensure that your Azure configuration, including secrets, is correctly set up to access the Azure File share.
2. Data Sharing: Multiple NGINX containers share the same storage. Be cautious when handling write operations to avoid conflicts or data corruption.
3. Scalability: Consider the scalability of both NGINX and Azure File storage to meet your application's demands.
4. Security: Safeguard the secrets used to access Azure resources and limit access to only authorized entities.
5. Pod Recovery: Ensure that the pod recovery strategy is well-defined to handle disruptions or node failures.
6. Azure Costs: Monitor and manage costs associated with Azure File storage, as it may incur charges based on usage.
7. Maintenance: Plan for regular maintenance and updates of both NGINX and Azure configurations to address security and performance improvements.
8. Monitoring: Implement monitoring and alerts for both the NGINX containers and Azure File storage to proactively detect and address issues.
9. Backup and Disaster Recovery: Establish a backup and disaster recovery plan to safeguard data stored in Azure File storage.
Technologies
Kubernetes Engine Training Example
MESHERY40f1
KUBERNETES ENGINE TRAINING EXAMPLE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Kubernetes Metrics Server Configuration
MESHERY4892
KUBERNETES METRICS SERVER CONFIGURATION
What this pattern does
This design configures the Kubernetes Metrics Server for monitoring cluster-wide resource metrics. It defines a Kubernetes Deployment, Role-Based Access Control (RBAC) rules, and other resources for the Metrics Server's deployment and operation.
...read moreCaveats and Considerations
This design configures the Kubernetes Metrics Server for resource monitoring. Ensure that RBAC and ServiceAccount configurations are secure to prevent unauthorized access. Adjust Metrics Server settings for specific metrics and monitor resource usage regularly to prevent resource overuse. Implement probes for reliability and maintain correct API service settings. Plan for scalability and choose the appropriate namespace. Set up monitoring for issue detection and establish data backup and recovery plans. Regularly update components for improved security and performance.
...read moreTechnologies
Kubernetes Service for Product Page App
MESHERY4c57
KUBERNETES SERVICE FOR PRODUCT PAGE APP
What this pattern does
This design installs a namespace, a deployment and a service. Both deployment and service are deployed in my-bookinfo namespace. Service is exposed at port 9081.
...read moreCaveats and Considerations
Ensure sufficient resources are available in the cluster and networking is exopsed properly.
...read moreTechnologies
Kubernetes cronjob
MESHERY4483
KUBERNETES CRONJOB
What this pattern does
This design contains a single Kubernetes Cronjob.
...read moreCaveats and Considerations
This design is for learning purposes and may be freely copied and distributed.
...read moreTechnologies
Limit Range
MESHERY4cb9
LIMIT RANGE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Load Balanced AWS Architecture
MESHERY4079
LOAD BALANCED AWS ARCHITECTURE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Mattermost Cluster Install
MESHERY41c2
MATTERMOST CLUSTER INSTALL
What this pattern does
The cluster-installation service is based on the Mattermost Operator model and operates at version 0.3.3. It is responsible for managing the installation and configuration of the Mattermost operator in default namespace
...read moreCaveats and Considerations
Ensure sufficient resources are available in the cluster
...read moreTechnologies
Meshery v0.6.73
MESHERY4b52
MESHERY V0.6.73
What this pattern does
A self-service engineering platform, Meshery, is the open source, cloud native manager that enables the design and management of all Kubernetes-based infrastructure and applications. Among other features, As an extensible platform, Meshery offers visual and collaborative GitOps, freeing you from the chains of YAML while managing Kubernetes multi-cluster deployments.
...read moreCaveats and Considerations
Not for Production deployment. Does not include Meshery Cloud.
...read moreTechnologies
Minecraft App
MESHERY48dd
MINECRAFT APP
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Minimal Nginx Ingress
MESHERY4d2c
MINIMAL NGINX INGRESS
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Mount(Pod -> PersistentVolume)
MESHERY429b
MOUNT(POD -> PERSISTENTVOLUME)
What this pattern does
A relationship that represents volume mounts between components. Eg: The Pod component is binded to the PersistentVolume component via the PersistentVolumeClaim component.
...read moreCaveats and Considerations
NA
...read moreTechnologies
My first k8s app
MESHERY496d
MY FIRST K8S APP
What this pattern does
This is a simple kubernetes workflow application that has deployment, pods and service. This is first design used for eexploring Meshery Cloud platform
...read moreCaveats and Considerations
No caveats; Free to reuse
...read moreTechnologies
MySQL Deployment
MESHERY492d
MYSQL DEPLOYMENT
What this pattern does
This is a simple SQL deployment that would install a k8s deployment, volume and a service.
...read moreCaveats and Considerations
No caveats. Ensure the ports are exposed accurately.
...read moreTechnologies
MySQL installation with cinder volume plugin
MESHERY4693
MYSQL INSTALLATION WITH CINDER VOLUME PLUGIN
What this pattern does
Cinder is a Block Storage service for OpenStack. It can be used as an attachment mounted to a pod in Kubernetes.
...read moreCaveats and Considerations
Currently the cinder volume plugin is designed to work only on linux hosts and offers ext4 and ext3 as supported fs types Make sure that kubelet host machine has the following executables
...read moreTechnologies
NGINX deployment
MESHERY4981
NGINX DEPLOYMENT
What this pattern does
This design is for learning purposes and may be freely copied and distributed.
...read moreCaveats and Considerations
This design contains nginx deployment
...read moreTechnologies
NGINX with init container and vhost
MESHERY4135
NGINX WITH INIT CONTAINER AND VHOST
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Namespace
MESHERY4f8c
NAMESPACE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Network policy
MESHERY4da3
NETWORK POLICY
What this pattern does
If you want to control traffic flow at the IP address or port level for TCP, UDP, and SCTP protocols, then you might consider using Kubernetes NetworkPolicies for particular applications in your cluster. NetworkPolicies are an application-centric construct which allow you to specify how a pod is allowed to communicate with various network "entities" (we use the word "entity" here to avoid overloading the more common terms such as "endpoints" and "services", which have specific Kubernetes connotations) over the network. NetworkPolicies apply to a connection with a pod on one or both ends, and are not relevant to other connections.
...read moreCaveats and Considerations
This is an sample network policy with ingress,egress defined , change according to your requirements
...read moreTechnologies
Network(Service -> Endpoint)
MESHERY440f
NETWORK(SERVICE -> ENDPOINT)
What this pattern does
A relationship that defines network edges between components. In the design Edge network relationship defines a network configuration for managing services and endpoints in a Kubernetes environment. This design shows the relationship between two Kubernetes components Endpoint and Service.
...read moreCaveats and Considerations
NA
...read moreTechnologies
Nginx Deployment
MESHERY4c89
NGINX DEPLOYMENT
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Nodejs-kubernetes-microservices
MESHERY496f
NODEJS-KUBERNETES-MICROSERVICES
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Online Boutique
MESHERY498b
ONLINE BOUTIQUE
What this pattern does
Google's Microservices sample app is named Online Boutique. Docs - https://docs.meshery.io/guides/sample-apps#online-boutique Source - https://github.com/GoogleCloudPlatform/microservices-demo
...read moreCaveats and Considerations
N/A
...read moreTechnologies
Persistence-volume-claim
MESHERY4671
PERSISTENCE-VOLUME-CLAIM
What this pattern does
Defines a Kubernetes PersistentVolumeClaim (PVC) requesting 10Gi storage with 'manual' storage class. Supports both ReadWriteMany and ReadWriteOnce access modes, with optional label-based PV selection. Carefully adjust storage size for specific storage solutions, and consider annotations, security, monitoring, and scalability needs.
...read moreCaveats and Considerations
Ensure that the chosen storageClassName is properly configured and available in your cluster. Be cautious about the ReadWriteMany and ReadWriteOnce access modes, as they impact compatibility with PersistentVolumes (PVs). The selector should match existing PVs in your cluster if used. Adjust the storage size to align with your storage solution, keeping in mind the AWS EFS special case. Review the need for annotations, confirm the namespace, and implement security measures. Monitor and set up alerts for your PVC, and plan for backup and disaster recovery. Lastly, ensure scalability to meet your application's storage requirements.
...read moreTechnologies
Persistent Volume
MESHERY4f33
PERSISTENT VOLUME
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Persistent Volume Claims
MESHERY4a28
PERSISTENT VOLUME CLAIMS
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Life Cycle
MESHERY437a
POD LIFE CYCLE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Liveness
MESHERY4a7e
POD LIVENESS
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Multi Containers
MESHERY436c
POD MULTI CONTAINERS
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Node Affinity
MESHERY4134
POD NODE AFFINITY
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Priviledged Simple
MESHERY4568
POD PRIVILEDGED SIMPLE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Readiness
MESHERY4b83
POD READINESS
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Resource Limit
MESHERY41a3
POD RESOURCE LIMIT
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Resource Memory Request Limit
MESHERY45d9
POD RESOURCE MEMORY REQUEST LIMIT
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Resource Request
MESHERY4a23
POD RESOURCE REQUEST
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Service Account Token
MESHERY4756
POD SERVICE ACCOUNT TOKEN
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Volume Mount SubPath
MESHERY4e52
POD VOLUME MOUNT SUBPATH
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Volume Mount SubPath-expr
MESHERY4fde
POD VOLUME MOUNT SUBPATH-EXPR
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pod Volumes Projected
MESHERY4d18
POD VOLUMES PROJECTED
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Pods Image Pull Policy
MESHERY4c85
PODS IMAGE PULL POLICY
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Postgres Deployment
MESHERY49ba
POSTGRES DEPLOYMENT
What this pattern does
The combination of PostgreSQL and Kubernetes provides a scalable and highly available (HA) database solution that’s well suited for modern application development and deployment practices. While creating a HA solution is out of the scope of this article, you’ll learn how to set up a simple container with PostgreSQL, which offers a number of benefits.
...read moreCaveats and Considerations
It’s important to remember that this need to be configured to store data in node-local memory.
...read moreTechnologies
Prometheus Sample
MESHERY4bea
PROMETHEUS SAMPLE
What this pattern does
This is a simple prometheus montioring design
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between the frontend and backend components of the app.
...read moreTechnologies
Prometheus dummy exporter
MESHERY487c
PROMETHEUS DUMMY EXPORTER
What this pattern does
A simple prometheus-dummy-exporter container exposes a single Prometheus metric with a constant value. The metric name, value and port on which it will be served can be passed by flags. This container is then deployed in the same pod with another container, prometheus-to-sd, configured to use the same port. It scrapes the metric and publishes it to Stackdriver. This adapter isn't part of the sample code, but a standard component used by many Kubernetes applications. You can learn more about it from given below link https://github.com/GoogleCloudPlatform/k8s-stackdriver/tree/master/prometheus-to-sd
...read moreCaveats and Considerations
It is only developed for Google Kubernetes Engine to collect metrics from system services in order to support Kubernetes users. We designed the tool to be lean when deployed as a sidecar in your pod. It's intended to support only the metrics the Kubernetes team at Google needs and is not meant for end-users.
...read moreTechnologies
Prometheus-monitoring-ns
MESHERY420f
PROMETHEUS-MONITORING-NS
What this pattern does
This is a simple prometheus montioring design
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between the frontend and backend components of the app.
...read moreTechnologies
QAT-TLS-handshake-acceleration-for-Istio.yaml
MESHERY4baf
QAT-TLS-HANDSHAKE-ACCELERATION-FOR-ISTIO.YAML
What this pattern does
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
...read moreCaveats and Considerations
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
...read moreTechnologies
RBAC for ElasticSearch
MESHERY4af2
RBAC FOR ELASTICSEARCH
What this pattern does
This infrastructure design defines resources related to Role-Based Access Control (RBAC) for Elasticsearch in a Kubernetes environment. Here's a brief description of the components: 1.) zk (ZooKeeper StatefulSet): - A StatefulSet named zk with 3 replicas is defined to manage ZooKeeper instances. - It uses ordered pod management policy, ensuring that pods are started in order. - ZooKeeper is configured with specific settings, including ports, data directories, and resource requests. - It has affinity settings to avoid running multiple ZooKeeper instances on the same node. - The configuration includes liveness and readiness probes to ensure the health of the pods. 2.) zk-cs (ZooKeeper Service): - A Kubernetes Service named zk-cs is defined to provide access to the ZooKeeper instances. - It exposes the client port (port 2181) used to connect to ZooKeeper. 3.) zk-hs (ZooKeeper Headless Service): - Another Kubernetes Service named `zk-hs` is defined as headless (with cluster IP set to None). - It exposes ports for ZooKeeper server (port 2888) and leader election (port 3888). - This headless service is typically used for direct communication with individual ZooKeeper instances. 4.) **zk-pdb (ZooKeeper PodDisruptionBudget):** - A PodDisruptionBudget named `zk-pdb` is defined to control the maximum number of unavailable ZooKeeper pods to 1. - This ensures that at least one ZooKeeper instance remains available during disruptions.
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between pod and services. Ensure sufficient resources are available in the cluster.
...read moreTechnologies
Redis Leader Deployment
MESHERY48cc
REDIS LEADER DEPLOYMENT
What this pattern does
This is a simple deployment of redis leader app. Its deployment includes 1 replica that uses image:docker.io/redis:6.0.5, cpu: 100m, memory: 100Mi and exposes containerPort: 6379
...read moreCaveats and Considerations
None
...read moreTechnologies
Redis master deployment
MESHERY4357
REDIS MASTER DEPLOYMENT
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Redis_using_configmap
MESHERY447e
REDIS_USING_CONFIGMAP
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Relationship Master Design
MESHERY43e0
RELATIONSHIP MASTER DESIGN
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Resilient Web App
MESHERY4e64
RESILIENT WEB APP
What this pattern does
This is a simple app that uses nginx as a web proxy for improving the resiliency of web app
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between the frontend and backend components of the app.
...read moreTechnologies
Robot Shop Sample App
MESHERY4c4e
ROBOT SHOP SAMPLE APP
What this pattern does
Stans Robot Shop is a sample microservice application you can use as a sandbox to test and learn containerised application orchestration and monitoring techniques. It is not intended to be a comprehensive reference example of how to write a microservices application, although you will better understand some of those concepts by playing with Stans Robot Shop. To be clear, the error handling is patchy and there is not any security built into the application.
...read moreCaveats and Considerations
This sample microservice application has been built using these technologies: NodeJS (Express), Java (Spring Boot), Python (Flask), Golang, PHP (Apache), MongoDB, Redis, MySQL (Maxmind data), RabbitMQ, Nginx, AngularJS (1.x)
...read moreTechnologies
Run DaemonSet on GKE Autopilot
MESHERY4bf8
RUN DAEMONSET ON GKE AUTOPILOT
What this pattern does
GKE uses the total size of your deployed workloads to determine the size of the nodes that Autopilot provisions for the cluster. If you add or resize a DaemonSet after Autopilot provisions a node, GKE won't resize existing nodes to accommodate the new total workload size. DaemonSets with resource requests larger than the allocatable capacity of existing nodes, after accounting for system pods, also won't get scheduled on those nodes. Starting in GKE version 1.27.6-gke.1248000, clusters in Autopilot mode detect nodes that can't fit all DaemonSets and, over time, migrate workloads to larger nodes that can fit all DaemonSets. This process takes some time, especially if the nodes run system Pods, which need extra time to gracefully terminate so that there's no disruption to core cluster capabilities. In GKE version 1.27.5-gke.200 or earlier, we recommend cordoning and draining nodes that can't accommodate DaemonSet Pods.
...read moreCaveats and Considerations
For all GKE versions, we recommend the following best practices when deploying DaemonSets on Autopilot: Deploy DaemonSets before any other workloads. Set a higher PriorityClass on DaemonSets than regular Pods. The higher PriorityClass lets GKE evict lower-priority Pods to accommodate DaemonSet pods if the node can accommodate those pods. This helps to ensure that the DaemonSet is present on each node without triggering node recreation.
...read moreTechnologies
Running ZooKeeper, A Distributed System Coordinator
MESHERY4339
RUNNING ZOOKEEPER, A DISTRIBUTED SYSTEM COORDINATOR
What this pattern does
This cloud native design defines a Kubernetes configuration for a ZooKeeper deployment. It includes a Service, PodDisruptionBudget, and StatefulSet. It defines a Service named zk-hs with labels indicating it is part of the zk application. It exposes two ports, 2888 and 3888, and has a clusterIP of None meaning it is only accessible within the cluster. The Service selects Pods with the zk label. The next part defines another Service named zk-cs with similar labels and a single port, 2181, used for client connections. It also selects Pods with the zk label. Following that, a PodDisruptionBudget named zk-pdb is defined. It sets the selector to match Pods with the zk label and allows a maximum of 1 Pod to be unavailable during disruptions. Finally, a StatefulSet named zk is defined. It selects Pods with the zk label and uses the zk-hs Service for the headless service. It specifies 3 replicas, a RollingUpdate update strategy, and OrderedReady pod management policy. The Pod template includes affinity rules for pod anti-affinity, resource requests for CPU and memory, container ports for ZooKeeper, a command to start ZooKeeper with specific configurations, and readiness and liveness probes. It also defines a volume claim template for data storage
...read moreCaveats and Considerations
You must have a cluster with at least four nodes, and each node requires at least 2 CPUs and 4 GiB of memory.
...read moreTechnologies
RuntimeClass
MESHERY4c6c
RUNTIMECLASS
What this pattern does
This pattern establishes and visualizes the relationship between Runtime Class(a Kubernetes component) and other Kubernetes components
...read moreCaveats and Considerations
The name of the Runtime Class is referenced by the other Kubernetes Components
...read moreTechnologies
Serve an LLM using multi-host TPUs on GKE
MESHERY4813
SERVE AN LLM USING MULTI-HOST TPUS ON GKE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Serve an LLM with multiple GPUs in GKE
MESHERY4d06
SERVE AN LLM WITH MULTIPLE GPUS IN GKE
What this pattern does
Serve a large language model (LLM) with GPUs in Google Kubernetes Engine (GKE) mode. Create a GKE Standard cluster that uses multiple L4 GPUs and prepares the GKE infrastructure to serve any of the following models: 1. Falcon 40b. 2. Llama 2 70b
...read moreCaveats and Considerations
Depending on the data format of the model, the number of GPUs varies. In this design, each model uses two L4 GPUs.
...read moreTechnologies
Service Internal Traffic Policy
MESHERY41b6
SERVICE INTERNAL TRAFFIC POLICY
What this pattern does
Service Internal Traffic Policy enables internal traffic restrictions to only route internal traffic to endpoints within the node the traffic originated from. The "internal" traffic here refers to traffic originated from Pods in the current cluster. This can help to reduce costs and improve performance. How it works ?? The kube-proxy filters the endpoints it routes to based on the spec.internalTrafficPolicy setting. When it's set to Local, only node local endpoints are considered. When it's Cluster (the default), or is not set, Kubernetes considers all endpoints.
...read moreCaveats and Considerations
Note: For pods on nodes with no endpoints for a given Service, the Service behaves as if it has zero endpoints (for Pods on this node) even if the service does have endpoints on other nodes.
...read moreTechnologies
Serving T5 Large Language Model with TorchServe
MESHERY40e7
SERVING T5 LARGE LANGUAGE MODEL WITH TORCHSERVE
What this pattern does
Deploy torchserve inference server with prepared T5 model and Client Application. Manifests were tested against GKE Autopilot Kubernetes cluster.
...read moreCaveats and Considerations
To configure HPA base on metrics from torchserve you need to: Enable Google Manager Prometheus or install OSS Prometheus. Install Custom Metrics Adapter. Apply pod-monitoring.yaml and hpa.yaml
...read moreTechnologies
Simple DaemonSet
MESHERY40f0
SIMPLE DAEMONSET
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Simple Kubernetes Pod
MESHERY4e04
SIMPLE KUBERNETES POD
What this pattern does
This cloud-native design consists of a Kubernetes Pod running an Nginx container and a Kubernetes Service named service. The Pod uses the image nginx with an image pull policy of Always. The Service defines two ports: one with port 80 and target port 8080, and another with port 80. The Service allows communication between the Pod and external clients on port 80.
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between pod and services. Ensure sufficient resources are available in the cluster.
...read moreTechnologies
Simple Kubernetes Pod
MESHERY4fc5
SIMPLE KUBERNETES POD
What this pattern does
This cloud-native design consists of a Kubernetes Pod running an Nginx container and a Kubernetes Service named service. The Pod uses the image nginx with an image pull policy of Always. The Service defines two ports: one with port 80 and target port 8080, and another with port 80. The Service allows communication between the Pod and external clients on port 80.
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between pod and services. Ensure sufficient resources are available in the cluster.
...read moreTechnologies
Simple Kubernetes Pod
MESHERY454a
SIMPLE KUBERNETES POD
What this pattern does
Just an example of how to use a Kubernetes Pod.
...read moreCaveats and Considerations
None
...read moreTechnologies
Simple Kubernetes Pod and Service
MESHERY4266
SIMPLE KUBERNETES POD AND SERVICE
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
Simple Kubernetes Pod and Service
MESHERY4200
SIMPLE KUBERNETES POD AND SERVICE
What this pattern does
This cloud-native design consists of a Kubernetes Pod running an Nginx container and a Kubernetes Service named service. The Pod uses the image nginx with an image pull policy of Always. The Service defines two ports: one with port 80 and target port 8080, and another with port 80. The Service allows communication between the Pod and external clients on port 80.
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between pod and services. Ensure sufficient resources are available in the cluster.
...read moreTechnologies
Thanos Query Design
MESHERY4034
THANOS QUERY DESIGN
What this pattern does
This is sample app for testing k8s deployment and thanos
...read moreCaveats and Considerations
Ensure networking is setup properly and correct annotation are applied to each resource
...read moreTechnologies
Untitled Design
MESHERY411e
UNTITLED DESIGN
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
WordPress and MySQL with Persistent Volume on Kubernetes
MESHERY4d8b
WORDPRESS AND MYSQL WITH PERSISTENT VOLUME ON KUBERNETES
What this pattern does
This design includes a WordPress site and a MySQL database using Minikube. Both applications use PersistentVolumes and PersistentVolumeClaims to store data.
...read moreCaveats and Considerations
Warning: This deployment is not suitable for production use cases, as it uses single instance WordPress and MySQL Pods. Consider using WordPress Helm Chart to deploy WordPress in production.
...read moreTechnologies
Wordpress Deployment
MESHERY4c81
WORDPRESS DEPLOYMENT
What this pattern does
This is a sample WordPress deployment.
...read moreCaveats and Considerations
No caveats. Feel free to reuse or distrubute.
...read moreTechnologies
Wordpress and MySql on Kubernetes
MESHERY4c7e
WORDPRESS AND MYSQL ON KUBERNETES
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
ZooKeeper Cluster
MESHERY4f53
ZOOKEEPER CLUSTER
What this pattern does
This StatefulSet will create three Pods, each running a ZooKeeper server container. The Pods will be named my-zookeeper-cluster-0, my-zookeeper-cluster-1, and my-zookeeper-cluster-2. The volumeMounts section of the spec tells the Pods to mount the PersistentVolumeClaim my-zookeeper-cluster-pvc to the /zookeeper/data directory. This will ensure that the ZooKeeper data is persistent and stored across restarts.
...read moreCaveats and Considerations
1. The storage for a given Pod must either be provisioned by a PersistentVolume Provisioner based on the requested storage class, or pre-provisioned by an admin. 2. Deleting and/or scaling a StatefulSet down will not delete the volumes associated with the StatefulSet. This is done to ensure data safety, which is generally more valuable than an automatic purge of all related StatefulSet resources. 3. StatefulSets currently require a Headless Service to be responsible for the network identity of the Pods. You are responsible for creating this Service. 4. StatefulSets do not provide any guarantees on the termination of pods when a StatefulSet is deleted. To achieve ordered and graceful termination of the pods in the StatefulSet, it is possible to scale the StatefulSet down to 0 prior to deletion. 5. When using Rolling Updates with the default Pod Management Policy (OrderedReady), it's possible to get into a broken state that requires manual intervention to repair.
...read moreTechnologies
api-backend
MESHERY4e4a
API-BACKEND
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
default-ns
MESHERY490b
DEFAULT-NS
What this pattern does
This is a sample default namespace that can be used for testing.
...read moreCaveats and Considerations
No caveats. Feel free to reuse.
...read moreTechnologies
deployment
MESHERY4579
DEPLOYMENT
What this pattern does
This is a sample design used for exploring kubernetes deployment
...read moreCaveats and Considerations
No caveats. Free to reuses and distribute
...read moreTechnologies
doks-nginx-deployment
MESHERY4bf7
DOKS-NGINX-DEPLOYMENT
What this pattern does
This is a sample design used for exploring kubernetes deployment and service
...read moreCaveats and Considerations
No caveats. Free to reuses and distribute
...read moreTechnologies
fluentd deployment
MESHERY4f28
FLUENTD DEPLOYMENT
What this pattern does
This configuration sets up Fluentd-ES to collect and forward logs from Kubernetes pods to Elasticsearch for storage and analysis. Ensure that Elasticsearch is properly configured and accessible by Fluentd-ES for successful log aggregation and visualization. Additionally, adjust resource requests and limits according to your cluster's capacity and requirements.
...read moreCaveats and Considerations
1. Resource Utilisation: Fluentd can consume significant CPU and memory resources, especially in environments with high log volumes. Monitor resource usage closely and adjust resource requests and limits according to your cluster's capacity and workload requirements. 2. Configuration Complexity: Fluentd's configuration can be complex, particularly when configuring input, filtering, and output plugins. Thoroughly test and validate the Fluentd configuration to ensure it meets your logging requirements and effectively captures relevant log data. 3. Security Considerations: Secure the Fluentd deployment by following best practices for managing secrets and access control. Ensure that sensitive information, such as credentials and configuration details, are properly encrypted and protected.
...read moreTechnologies
gitlab runner deployment
MESHERY4170
GITLAB RUNNER DEPLOYMENT
What this pattern does
This configuration ensures that a single instance of the GitLab Runner is deployed within the gitlab-runner namespace. The GitLab Runner is configured with a specific ServiceAccount, CPU resource requests and limits, and is provided with a ConfigMap containing the configuration file config.toml. The deployment is designed to continuously restart the pod (restartPolicy: Always) to ensure the GitLab Runner remains available for executing jobs.
...read moreCaveats and Considerations
1. Resource Allocation: Ensure that the CPU resource requests and limits specified in the configuration are appropriate for the workload of the GitLab Runner. Monitor resource usage and adjust these values as necessary to prevent resource contention and ensure optimal performance. 2. Image Pull Policy: The configuration specifies imagePullPolicy: Always, which causes Kubernetes to pull the Docker image (gitlab/gitlab-runner:latest) every time the pod is started. While this ensures that the latest image is always used, it may increase deployment time and consume additional network bandwidth. Consider whether this policy aligns with your deployment requirements and constraints. 3. Security: Review the permissions granted to the gitlab-admin ServiceAccount to ensure that it has appropriate access rights within the Kubernetes cluster. Limit the permissions to the minimum required for the GitLab Runner to perform its tasks to reduce the risk of unauthorized access or privilege escalation. 4. ConfigMap Management: Ensure that the gitlab-runner-config ConfigMap referenced in the configuration contains the correct configuration settings for the GitLab Runner. Monitor and manage changes to the ConfigMap to ensure that the GitLab Runner's configuration remains up-to-date and consistent across deployments.
...read moreTechnologies
gke-online-serving-single-gpu
MESHERY481f
GKE-ONLINE-SERVING-SINGLE-GPU
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
grafana deployment
MESHERY4f2a
GRAFANA DEPLOYMENT
What this pattern does
The provided YAML configuration defines a Kubernetes Deployment named "grafana" within the "monitoring" namespace. This Deployment ensures the availability of one instance of Grafana, a monitoring and visualization tool. It specifies resource requirements, including memory and CPU limits, and mounts volumes for persistent storage and configuration. The container runs the latest version of the Grafana image, exposing port 3000 for access. The configuration also includes a Pod template with labels for Pod identification and a selector to match labels for managing Pods.
...read moreCaveats and Considerations
1. Container Image Version: While the configuration uses grafana/grafana:latest for the container image, it's important to note that relying on the latest tag can introduce instability if Grafana publishes a new version that includes breaking changes or bugs. Consider specifying a specific version tag for more predictable behavior. 2. Resource Limits: Resource limits (memory and cpu) are specified for the container. Ensure that these limits are appropriate for your deployment environment and the expected workload of Grafana. Adjust these limits based on performance testing and monitoring. 3. Storage: The configuration uses an emptyDir volume for Grafana's storage. This volume is ephemeral and will be deleted if the Pod restarts or is rescheduled to a different node. Consider using a persistent volume (e.g., PersistentVolumeClaim) for storing Grafana data to ensure data persistence across Pod restarts. 4. Configurations: Configuration for Grafana's data sources is mounted using a ConfigMap. Ensure that the ConfigMap (grafana-datasources) is properly configured with the required data source configurations. Verify that changes to the ConfigMap are propagated to the Grafana Pod without downtime.
...read moreTechnologies
guest_book
MESHERY4b71
GUEST_BOOK
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
hello-app
MESHERY4089
HELLO-APP
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
istio-ingress-service-web-api-v1-only
MESHERY48d4
ISTIO-INGRESS-SERVICE-WEB-API-V1-ONLY
What this pattern does
Requests with the URI prefix kiali are routed to the kiali.istio-system.svc.cluster.local service on port 20001. Requests with URI prefixes like /web-api/v1/getmultiple, /web-api/v1/create, and /web-api/v1/manage are routed to the web-api service with the subset v1. Requests with URI prefixes openapi/ui/ and /openapi are routed to the web-api service on port 9080. Requests with URI prefixes like /loginwithtoken, /login, and /callback are routed to different services, including web-app and authentication. Requests with any other URI prefix are routed to the web-app service on port 80.
...read moreCaveats and Considerations
Ensure Istio control plane is up and running
...read moreTechnologies
jaegar
MESHERY4186
JAEGAR
What this pattern does
Distributed tracing observability platforms, such as Jaeger, are essential for modern software applications that are architected as microservices. Jaeger maps the flow of requests and data as they traverse a distributed system. These requests may make calls to multiple services, which may introduce their own delays or errors. Jaeger connects the dots between these disparate components, helping to identify performance bottlenecks, troubleshoot errors, and improve overall application reliability.
...read moreCaveats and Considerations
technologies used in this design is jaegar for distributed tracing ,sample services ,deployments to show distributed tracing in kubernetes
...read moreTechnologies
k8s Deployment-2
MESHERY4d32
K8S DEPLOYMENT-2
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
mTLS-handshake-acceleration-for-Istio
MESHERY4d09
MTLS-HANDSHAKE-ACCELERATION-FOR-ISTIO
What this pattern does
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on which Envoy is running, incoming traffic patterns, and key size. These factors can impact Envoy serving many new incoming TLS requests. To achieve performance improvements and accelerated handshakes, a new feature was introduced in Envoy 1.20 and Istio 1.14. It can be achieved with 3rd Gen Intel® Xeon® Scalable processors, the Intel® Integrated Performance Primitives (Intel® IPP) crypto library, CryptoMB Private Key Provider Method support in Envoy, and Private Key Provider configuration in Istio using ProxyConfig.
...read moreCaveats and Considerations
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
...read moreTechnologies
meshery-cilium-deployment
MESHERY4267
MESHERY-CILIUM-DEPLOYMENT
What this pattern does
This is sample app for testing k8s deployment and cilium
...read moreCaveats and Considerations
Ensure networking is setup properly and correct annotation are applied to each resource for custom Intel configuration
...read moreTechnologies
minIO Deployment
MESHERY4c90
MINIO DEPLOYMENT
What this pattern does
This configuration sets up a single MinIO instance with specific environment variables, health checks, and life cycle actions, utilising a PersistentVolumeClaim for data storage within a Kubernetes cluster. It ensures that MinIO is deployed and managed according to the specified parameters.
...read moreCaveats and Considerations
1. Replication and High Availability: The configuration specifies only one replica (replicas: For production environments requiring high availability and fault tolerance, consider increasing the number of replicas and configuring MinIO for distributed mode to ensure data redundancy and availability. 2. Security Considerations: The provided configuration includes hard-coded access and secret keys (MINIO_ACCESS_KEY and MINIO_SECRET_KEY) within the YAML file. It is crucial to follow best practices for secret management in Kubernetes, such as using Kubernetes Secrets or external secret management solutions, to securely manage sensitive information. 3. Resource Requirements: Resource requests and limits for CPU, memory, and storage are not defined in the configuration. Assess and adjust these resource specifications according to the expected workload and performance requirements to ensure optimal resource utilisation and avoid resource contention. 4. Storage Provisioning: The configuration relies on a PersistentVolumeClaim (PVC) named minio to provide storage for MinIO. Ensure that the underlying storage provisioner and PersistentVolume (PV) configuration meet the performance, capacity, and durability requirements of the MinIO workload.
...read moreTechnologies
minimalistiobookinfo.yaml
MESHERY4377
MINIMALISTIOBOOKINFO.YAML
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
my first app
MESHERY4191
MY FIRST APP
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
my first app design
MESHERY46a2
MY FIRST APP DESIGN
What this pattern does
This infrastructure design defines two services within a system: 1. **Customer Service**: - Type: Customer - Version: 0.0.50 - Model: Jira Service Desk Operator - Attributes: This service is configured with specific settings, including an email address, legacy customer mode, and a name. It is categorized as a tool within the system.2. **Notebook Service**: - Type: Notebook - Version: 1.6.1 - Model: Kubeflow - Attributes: This service is categorized as a machine learning tool. It has metadata related to its source URI and appearance. These services are components within a larger system or design, each serving a distinct purpose. The Customer Service is associated with customer-related operations, while the Notebook Service is related to machine learning tasks.
...read moreCaveats and Considerations
Make sure to use correct credentials for Jira service operator
...read moreTechnologies
my-sql-with-cinder-vol-plugin
MESHERY40de
MY-SQL-WITH-CINDER-VOL-PLUGIN
What this pattern does
Cinder is a Block Storage service for OpenStack. This example shows how it can be used as an attachment mounted to a pod in Kubernetes. Start kubelet with cloud provider as openstack with a valid cloud config Sample cloud_config [Global] auth-url=https://os-identity.vip.foo.bar.com:5443/v2.0 username=user password=pass region=region1 tenant-id=0c331a1df18571594d49fe68asa4e Create a cinder volume Ex cinder create --display-name=test-repo 2Use the id of the cinder volume created to create a pod definition Create a new pod with the definition cluster/kubectl.sh create -f examples/mysql-cinder-pd/mysql.yaml This should now 1. Attach the specified volume to the kubelet's host machine\\
2. Format the volume if required (only if the volume specified is not already formatted to the fstype specified) 3. Mount it on the kubelet's host machine 4. Spin up a container with this volume mounted to the path specified in the pod definition
Caveats and Considerations
Currently the cinder volume plugin is designed to work only on linux hosts and offers ext4 and ext3 as supported fs types Make sure that kubelet host machine has the following executables.\\
Ensure cinder is installed and configured properly in the region in which kubelet is spun up
Technologies
nginx ingress
MESHERY4d83
NGINX INGRESS
What this pattern does
Creates a Kubernetes deployment with two replicas running NGINX containers and a service to expose these pods internally within the Kubernetes cluster. The NGINX containers are configured to listen on port 80, and the service routes traffic to these containers.
...read moreCaveats and Considerations
ImagePullPolicy: In the Deployment spec, the imagePullPolicy is set to Never. This means that Kubernetes will never attempt to pull the NGINX image from a container registry, assuming it's already present on the node where the pod is scheduled. This can be problematic if the image is not present or if you need to update to a newer version. Consider setting the imagePullPolicy to Always or IfNotPresent depending on your deployment requirements. Resource Allocation: The provided manifest doesn't specify resource requests and limits for the NGINX container. Without resource limits, the container can consume excessive resources, impacting other workloads on the same node. It's recommended to define resource requests and limits based on the expected workload characteristics to ensure stability and resource efficiency.
...read moreTechnologies
nginx-deployment
MESHERY4817
NGINX-DEPLOYMENT
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
postgreSQL cluster
MESHERY4d4f
POSTGRESQL CLUSTER
What this pattern does
This YAML configuration defines a PostgreSQL cluster deployment tailored for Google Kubernetes Engine (GKE) utilizing the Cloud Native PostgreSQL (CNPG) operator. The cluster, named "gke-pg-cluster," is designed to offer a standard PostgreSQL environment, featuring three instances for redundancy and high availability. Each instance is provisioned with 2Gi of premium storage, ensuring robust data persistence. Resource allocations are specified, with each instance requesting 1Gi of memory and 1000m (milliCPU) of CPU, and limits set to the same values. Additionally, the cluster is configured with pod anti-affinity, promoting distribution across nodes for fault tolerance. Host-based authentication is enabled for security, permitting access from IP range 10.48.0.0/20 using the "md5" method. Monitoring capabilities are integrated, facilitated by enabling pod monitoring. The configuration also includes tolerations and additional pod affinity rules, enhancing scheduling flexibility and optimizing resource utilization within the Kubernetes environment. This deployment exemplifies a robust and scalable PostgreSQL infrastructure optimized for cloud-native environments, aligning with best practices for reliability, performance, and security.
...read moreCaveats and Considerations
1. Resource Requirements: The specified resource requests and limits (memory and CPU) should be carefully evaluated to ensure they align with the expected workload demands. Adjustments may be necessary based on actual usage patterns and performance requirements. 2. Storage Class: The choice of storage class ("premium-rwo" in this case) should be reviewed to ensure it meets performance, availability, and cost requirements. Depending on the workload characteristics, other storage classes may be more suitable. 3. Networking Configuration: The configured host-based authentication rules may need adjustment based on the network environment and security policies in place. Ensure that only authorized entities have access to the PostgreSQL cluster.
...read moreTechnologies
prometheus-operator-crd-cluster-roles
MESHERY4571
PROMETHEUS-OPERATOR-CRD-CLUSTER-ROLES
What this pattern does
prometheus operator crd cluster roles
...read moreCaveats and Considerations
prometheus operator crd cluster roles
...read moreTechnologies
prometheus-versus-3
MESHERY48bb
PROMETHEUS-VERSUS-3
What this pattern does
This is a simple prometheus montioring design
...read moreCaveats and Considerations
Networking should be properly configured to enable communication between the frontend and backend components of the app.
...read moreTechnologies
prometheus.yaml
MESHERY46c3
PROMETHEUS.YAML
What this pattern does
prometheus
...read moreCaveats and Considerations
prometheus
...read moreTechnologies
prometheus_kubernetes
MESHERY4a71
PROMETHEUS_KUBERNETES
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
replication controller
MESHERY4849
REPLICATION CONTROLLER
What this pattern does
A ReplicationController ensures that a specified number of pod replicas are running at any one time. In other words, a ReplicationController makes sure that a pod or a homogeneous set of pods is always up and available. If there are too many pods, the ReplicationController terminates the extra pods. If there are too few, the ReplicationController starts more pods. Unlike manually created pods, the pods maintained by a ReplicationController are automatically replaced if they fail, are deleted, or are terminated. For example, your pods are re-created on a node after disruptive maintenance such as a kernel upgrade. For this reason, you should use a ReplicationController even if your application requires only a single pod. A ReplicationController is similar to a process supervisor, but instead of supervising individual processes on a single node, the ReplicationController supervises multiple pods across multiple nodes.
...read moreCaveats and Considerations
This example ReplicationController config runs three copies of the nginx web server. u can add deployments , config maps , services to this design as per requirements .
...read moreTechnologies
the-new-stack
MESHERY4705
THE-NEW-STACK
What this pattern does
The New Stack (TNS) is a simple three-tier demo application, fully instrumented with the 3 pillars of observability: metrics, logs, and traces. It offers an insight on what a modern observability stack looks like and experience what it's like to pivot among different types of observability data. The TNS app is an example three-tier web app built by Weaveworks. It consists of a data layer, application logic layer, and load-balancing layer. To learn more about it, see How To Detect, Map and Monitor Docker Containers with Weave Scope from Weaveworks. The instrumentation for the TNS app is as follows: Metrics: Each tier of the TNS app exposes metrics on /metrics endpoints, which are scraped by the Grafana Agent. Additionally, these metrics are tagged with exemplar information. The Grafana Agent then writes these metrics to Mimir for storage.Logs: Each tier of the TNS app writes logs to standard output or standard error. It is captured by Kubernetes, which are then collected by the Grafana Agent. Finally, the Agent forwards them to Loki for storage. Traces: Each tier of the TNS app sends traces in Jaeger format to the Grafana Agent, which then converts them to OTel format and forwards them to Tempo for storage. Visualization: A Grafana instance configured to talk to the Mimir, Loki, and Tempo instances makes it possible to query and visualize the metrics, logs, and traces data.
...read moreCaveats and Considerations
Ensure enough resources are available on the k8s cluster
...read moreTechnologies
voting_app
MESHERY49d5
VOTING_APP
What this pattern does
""
...read moreCaveats and Considerations
""
...read moreTechnologies
webserver
MESHERY457a
WEBSERVER
What this pattern does
This designs runs a simple python webserver at port 8000. It also containers k8s service which connects to the deployment
...read moreCaveats and Considerations
Ensure port are not pre-occupied.
...read moreTechnologies
HTTP Auth
FILTER001
HTTP AUTH
What this filter does
Simulates handling authentication of requests at proxy level. Requests with a header token with value hello are accepted as authorized while the rest unauthorized. The actual authentication is handled by the Upstream server. Whenever the proxy recieves a request it extracts the token header and makes a request to the Upstream server which validates the token and returns a response.
...read moreCaveats and Considerations
Test:
curl -H "token":"hello" 0.0.0.0:18000 -v # Authorized
curl -H "token":"world" 0.0.0.0:18000 -v # Unauthorized
Technologies
TCP Metrics
FILTER002
TCP METRICS
What this filter does
Collects simple metrics for every TCP packet and logs it.
...read moreCaveats and Considerations
Test:curl 0.0.0.0:18000 -v -d "request body"
Check the logs for the metrics.
...read moreTechnologies
TCP Packet Parse
FILTER003
TCP PACKET PARSE
What this filter does
Parses the contents of every TCP packet the proxy receives and logs it.
...read moreCaveats and Considerations
Test:curl 0.0.0.0:18000 -v -d "request body"
Check the logs for the packet contents.
...read moreTechnologies
Singleton HTTP Call
FILTER004
SINGLETON HTTP CALL
What this filter does
The filter is responsible for intercepting HTTP requests, authorizing them based on the stored cache, and performing rate limiting. In the context of the envoy, this component is an HTTP filter and gets executed in the worker threads. For each request, a context object gets created.
...read moreCaveats and Considerations
llam tristique tristique condimentum. Maecenas sollicitudin scelerisque egestas. Suspendisse aliquet elit quis dolor gravida, et auctor ligula ornare. Nullam et sodales ante, quis varius elit. Nullam cursus, orci eleifend tristique semper, neque nisl tincidunt purus, sed ultricies felis arcu vel metus.
...read moreTechnologies
Metrics Store
FILTER005
METRICS STORE
What this filter does
This example showcases communication between a WASM filter and a service via shared queue. It combines the `Singleton-HTTP-Call` and `TCP-Metrics` examples. The filter collects metrics and enqueues it onto the queue while the service dequeues it and sends it to upstream server where it is stored.
...read moreCaveats and Considerations
Test:curl 0.0.0.0:18000 -v -d "request body" # make a few of these callscurl 0.0.0.0:8080/retrieve -v # Retrieves the stored stats
# x | y | z === x : downstream bytes, y : upstream bytes, z: the latency for application server to respond
Technologies
Singleton Queue
FILTER006
SINGLETON QUEUE
What this filter does
An example which depicts an singleton HTTP WASM service which does an HTTP call once every 2 seconds.
...read moreCaveats and Considerations
Check the logs for the response of the request.
...read moreTechnologies
JWT Filter
FILTER007
JWT FILTER
What this filter does
Sample configuration to be passed:{
"add_header": [
["header1","value1"],
["header2","value2"]
],
"del_header":[
"header1"
],
"add_payload": [
["payload1","value1"],
["payload2","value2"],
],
"del_payload":[
"payload1"
],
"payload_to_header": [
"payload2"
],
"header_to_payload": [
"header2"
]
}
Caveats and Considerations
DISCLAIMER: This filter doesn't regenerate the signature of the modified JWT, and provides no protections. Proceed with caution.
...read moreTechnologies
Using Envoy metrics
Coming Soon...
