Skip to content

Instantly share code, notes, and snippets.

View PhilipSchmid's full-sized avatar

Philip Schmid PhilipSchmid

45 followers · 16 following
View GitHub Profile
@PhilipSchmid
PhilipSchmid / privileged-node-debugging-pod.md
Created February 13, 2024 19:40
Spin up a privileged K8s node debugging Pod with access to the node's filesystem

Optional: Disable PSA

k label ns default pod-security.kubernetes.io/enforce=privileged
k label ns default pod-security.kubernetes.io/audit=privileged # optional
k label ns default pod-security.kubernetes.io/warn=privileged # optional

Start tshoot pod:

echo '
@PhilipSchmid
PhilipSchmid / deploy-iperf3.yaml
Last active October 6, 2023 09:41
iperf3 Deployment for Kubernetes network performance tests
apiVersion: apps/v1
kind: Deployment
metadata:
name: iperf3
spec:
replicas: 2
selector:
matchLabels:
app: iperf3
template:
@PhilipSchmid
PhilipSchmid / pod-hostpath-kubectl-run.yaml
Created July 18, 2023 11:05
kubectl run Pod with hostPath
kubectl run -it --rm tshoot --overrides='
{
"spec": {
"containers": [
{
"name": "tshoot",
"image": "nicolaka/netshoot:latest",
"command": ["/bin/bash"],
"stdin": true,
"stdinOnce": true,
@PhilipSchmid
PhilipSchmid / k8s-goldpinger.yaml
Created July 13, 2023 11:36
Goldpinger to test K8s Pod to Pod connectivity
# https://github.com/bloomberg/goldpinger
---
apiVersion: v1
kind: Namespace
metadata:
name: goldpinger
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@PhilipSchmid
PhilipSchmid / kubeadm-cilium-k8s-cluster.md
Last active December 18, 2023 11:39
Minimal guide for setting up a kubeadm and containerd based Kubernetes 1.26 cluster with Cilium in kubeproxy-replacement mode (tested on Ubuntu 22.04)
@PhilipSchmid
PhilipSchmid / 0-minio-readme.md
Last active December 31, 2023 16:42

Single-host Minio Setup

Docker-Compose single-host Minio S3 setup using Traefik (Let's Encrypt with DNS-01 challenge via Cloudflare) for TLS offloading.

Tested on Ubuntu 20.04.

Host Prerequisites

Run all commands shown here with root or prepend a sudo to the regarding commands which require higher privileges.

Install Docker




  


  




    


          
    

      

        
        

          

              @PhilipSchmid
          

          

            
                PhilipSchmid
                / quick-k8s-setup.md
            
            

              Created
              March 9, 2022 16:16
            

              
                Quick & dirty (copy & paste, single-host) Kubernetes setup based on RKE2, Cilium, Nginx and Longhorn
              
          

        

      

        

  

      

    
Quick & Dirty, Copy & Paste, Single-Host Kubernetes Setup


Tested on a Rocky Linux 8.4 VM on DigitalOcean. Run everything as root. Based on RKE2, Cilium, Nginx and Longhorn.


Disable SELinux & Swap


# SELinux
sestatus
setenforce 0
sed -i --follow-symlinks 's/^SELINUX=.*/SELINUX=permissive/g' /etc/sysconfig/selinux && cat /etc/sysconfig/selinux
sestatus



  


  




    


          
    

      

        
        

          

              @PhilipSchmid
          

          

            
                PhilipSchmid
                / rke2-node-cleanup.md
            
            

              Last active
              March 20, 2024 01:49
            

              
                RKE2 node cleanup statements to clean up a node after a failed Rancher custom cluster installation try
              
          

        

      

        

  

      

    
RKE2 Node Cleanup
To reset a RKE2 node, run the following commands:


# rke2-(server|agent) related
rke2-killall.sh
rke2-uninstall.sh
# rancher-system-agent related
systemctl stop rancher-system-agent.service
systemctl disable rancher-system-agent.service
rm -f /etc/systemd/system/rancher-system-agent.service



  


  




    


          
    

      

        
        

          

              @PhilipSchmid
          

          

            
                PhilipSchmid
                / cks-bookmarks.html
            
            

              Last active
              January 16, 2022 12:30
            

              
                Collection of allowed bookmarks for the Linux Foundation CKS exam (December 2021, K8s 1.22) - https://docs.linuxfoundation.org/tc-docs/certification/important-instructions-cks#resources-allowed-during-exam
              
          

        

      

        

  

    
    


        



  


  

        

          
          <!DOCTYPE NETSCAPE-Bookmark-file-1>
        

        

          
          <!-- This is an automatically generated file.
        

        

          
               It will be read and overwritten.
        

        

          
               DO NOT EDIT! -->
        

        

          
          <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
        

        

          
          <TITLE>Bookmarks</TITLE>
        

        

          
          <H1>Bookmarks</H1>
        

        

          
          <DL><p>
        

        

          
              <DT><H3 ADD_DATE="1639761932" LAST_MODIFIED="1639906307" PERSONAL_TOOLBAR_FOLDER="true">Bookmarks bar</H3>
        

        

          
              <DL><p>
        

  





    


  




    


          
    

      

        
        

          

              @PhilipSchmid
          

          

            
                PhilipSchmid
                / rke2-disable-kube-proxy.md
            
            

              Created
              November 18, 2021 07:14
            

          

        

      

        

  

      

    
How to disable Kube-Proxy in RKE2


Example use case: Running the Cilium CNI without any kube-proxy


On all RKE2 servers (master nodes), add the following configuration to your /etc/rancher/rke2/config.yaml file:


disable-kube-proxy: "true"


Now the important step: If you already had stared the RKE2 service before (without this flag and with kube-proxy enabled), ensure to also delete the kube-proxy.yaml static pod manifest: