Johannes Hölzel jhoelzel

## Ansible Alternative Directory Layout Structure
# https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#id12
inventories/
   production/
      hosts               # inventory file for production servers
      group_vars/
         group1.yml       # here we assign variables to particular groups
         group2.yml
      host_vars/
         hostname1.yml    # here we assign variables to particular systems
         hostname2.yml

## gist:1c015e667c162fc8f3f3712b1c6417c5
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

## gist:9cf00a5eda378996669a426b0d780502
# with more you can easily scroll through the kubectl output:
kubectl -n kube-system get deployment.apps/cluster-autoscaler -o yaml | more

## gist:f27b7a05640e4cf7d535d24c844cc71e
#cloud-config
packages:
  - ufw
  - fail2ban
package_update: true
package_upgrade: true
runcmd:
  - sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
  - sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
  - systemctl restart sshd

## gist:5a778e55192e398a0e34d083b52159e3
# Scale Up the Deployment
kubectl scale --replicas=20 deployment/<Deployment-Name>
kubectl scale --replicas=20 deployment/my-deployment

# Verify Deployment status
kubectl get deployments

# Verify ReplicaSet has been updated
kubectl get rs

## gist:2ed10b1d893856fec3e0f0a5d1524fe4
# Enable MetalLB Load Balancer.
microk8s enable metallb

when asked for an IP range give a NEW ONE for instance 10.37.1.0/24

## route local machine
route -P add 10.1.2.0/24 MASK 255.255.255.0 10.0.37.1

## in order to do that with OpenWRT just add a static route!
Host-IP or Network: 10.1.1.1/24 MASK 255.255.255.0  Gateway:10.37.0.6

## gist:07334e7698b9cf729e8087e01de8dfe4
kubectl get deployments --no-headers | wc -l

## gist:68687d945d2116499a547eba8a44c00d
# Often after hibernation your docker containers will be out of sync which will create problems with everythin expiration based.
# This quick fix will update the time in your local docker desktop container which should be using wsl und Windows 11
# You can find more information about hwclock here: https://linux.die.net/man/8/hwclock

$ wsl -d docker-desktop -e /sbin/hwclock -s

## Argo Helm parameter
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: sealed-secrets-controller
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://bitnami-labs.github.io/sealed-secrets
    targetRevision: 0.17.5

## Argo Helm values
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: external-dns
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "2"
spec:
  destination:
    namespace: external-dns
	# https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#id12
	inventories/
	production/
	hosts # inventory file for production servers
	group_vars/
	group1.yml # here we assign variables to particular groups
	group2.yml
	host_vars/
	hostname1.yml # here we assign variables to particular systems
	hostname2.yml
	# https://www.cloudflare.com/ips
	# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

	for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
	for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
	# with more you can easily scroll through the kubectl output:
	kubectl -n kube-system get deployment.apps/cluster-autoscaler -o yaml \| more
	#cloud-config
	packages:
	- ufw
	- fail2ban
	package_update: true
	package_upgrade: true
	runcmd:
	- sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
	- sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
	- systemctl restart sshd
	# Scale Up the Deployment
	kubectl scale --replicas=20 deployment/<Deployment-Name>
	kubectl scale --replicas=20 deployment/my-deployment

	# Verify Deployment status
	kubectl get deployments

	# Verify ReplicaSet has been updated
	kubectl get rs
	# Enable MetalLB Load Balancer.
	microk8s enable metallb

	when asked for an IP range give a NEW ONE for instance 10.37.1.0/24

	## route local machine
	route -P add 10.1.2.0/24 MASK 255.255.255.0 10.0.37.1

	## in order to do that with OpenWRT just add a static route!
	Host-IP or Network: 10.1.1.1/24 MASK 255.255.255.0 Gateway:10.37.0.6
	# Often after hibernation your docker containers will be out of sync which will create problems with everythin expiration based.
	# This quick fix will update the time in your local docker desktop container which should be using wsl und Windows 11
	# You can find more information about hwclock here: https://linux.die.net/man/8/hwclock

	$ wsl -d docker-desktop -e /sbin/hwclock -s
	apiVersion: argoproj.io/v1alpha1
	kind: Application
	metadata:
	name: sealed-secrets-controller
	namespace: argocd
	spec:
	project: default
	source:
	repoURL: https://bitnami-labs.github.io/sealed-secrets
	targetRevision: 0.17.5