PhilipSchmid

Prometheus Operator Custom Resource (CR) Testing Manifests

Ever searched for a simple setup to test the exposure of a /metrics endpoint and tried to add this endpoint to Prometheus using a ServiceMonitor CR? Well, use the manifests below and you are good to go :).

Creation

---
apiVersion: v1
kind: Namespace
metadata:
  name: testing

PhilipSchmid

# NS
kubectl create ns cadvisor-issue-test

# PV
echo "
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pvc-cadvisor-issue-test
spec:

PhilipSchmid

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: kuard
  name: kuard
  namespace: kuard
spec:
  replicas: 1

PhilipSchmid

How to disable Kube-Proxy in RKE2

Example use case: Running the Cilium CNI without any kube-proxy

On all RKE2 servers (master nodes), add the following configuration to your /etc/rancher/rke2/config.yaml file:

disable-kube-proxy: "true"

Now the important step: If you already had stared the RKE2 service before (without this flag and with kube-proxy enabled), ensure to also delete the kube-proxy.yaml static pod manifest:

PhilipSchmid

Grafana Dashboards for Kubernetes Environments

Helpful Kubernetes Grafana dashboards. Tested with kube-state-metrics v2.0.0 & Grafana 8.0.3.

Original sources of the JSONs:

• https://grafana.com/grafana/dashboards/10000
• https://grafana.com/api/dashboards/1860/revisions/16/download
• https://github.com/kubernetes/ingress-nginx/blob/master/deploy/grafana/dashboards/nginx.json
• https://github.com/kubernetes/ingress-nginx/blob/master/deploy/grafana/dashboards/request-handling-performance.json)

PhilipSchmid

Wireguard VPN Setup

This two scripts install & configure Wireguard on a CentOS8 "server" (peer) and on a Ubuntu 18.04 "client" peer. Of course, if you replace the # Installation script parts, these instructions can also be used on other distributions like Debian, CentOS 7, Fedora, etc..

Possible pitfall: When you change something in the /etc/wireguard/wg0.conf configuration file on the server, ensure to disable the wg-quick@wg0 service in advance:

sudo systemctl stop wg-quick@wg0
sudo systemctl disable wg-quick@wg0
sudo vim /etc/wireguard/wg0.conf    # edit what ever you like
sudo systemctl enable --now wg-quick@wg0

PhilipSchmid

<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
     It will be read and overwritten.
     DO NOT EDIT! -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<TITLE>Bookmarks</TITLE>
<H1>Bookmarks</H1>
<DL><p>
    <DT><H3 ADD_DATE="1639761932" LAST_MODIFIED="1639906307" PERSONAL_TOOLBAR_FOLDER="true">Bookmarks bar</H3>
    <DL><p>

PhilipSchmid

Clientless Linux remote access with Apache Guacamole

Quick and dirty guide how to get Apache Guacamole in combination with VNC up and running.

Apache Guacamole

Prerequisites

sudo add-apt-repository -y ppa:remmina-ppa-team/freerdp-daily
sudo apt update
env DEBIAN_FRONTEND=noninteractive sudo apt install -y freerdp2-dev freerdp2-x11

PhilipSchmid

Quick & Dirty, Copy & Paste, Single-Host Kubernetes Setup

Tested on a Rocky Linux 8.4 VM on DigitalOcean. Run everything as root. Based on RKE2, Cilium, Nginx and Longhorn.

Disable SELinux & Swap

# SELinux
sestatus
setenforce 0
sed -i --follow-symlinks 's/^SELINUX=.*/SELINUX=permissive/g' /etc/sysconfig/selinux && cat /etc/sysconfig/selinux
sestatus

PhilipSchmid

Interface bonding

Configure a LACP active network interface bonding on Ubuntu 18.04 using netplan:

root@srv01:~# mv /etc/netplan/50-cloud-init.yaml /etc/netplan/01-netcfg.yaml
root@srv01:~# cat /etc/netplan/01-netcfg.yaml 
network:
    version: 2
    renderer: networkd
 ethernets: