Skip to content

Instantly share code, notes, and snippets.

Avatar

Philip Schmid PhilipSchmid

24 followers · 9 following
View GitHub Profile
@PhilipSchmid
PhilipSchmid / prometheus-cr-test.md
Created Dec 9, 2020
Prometheus Operator CR Testing Manifests
View prometheus-cr-test.md

Prometheus Operator Custom Resource (CR) Testing Manifests

Ever searched for a simple setup to test the exposure of a /metrics endpoint and tried to add this endpoint to Prometheus using a ServiceMonitor CR? Well, use the manifests below and you are good to go :).

Creation

---
apiVersion: v1
kind: Namespace
metadata:
 name: testing
@PhilipSchmid
PhilipSchmid / minio-upload.sh
Created Nov 19, 2020
Upload data to Minio using CURL
View minio-upload.sh
#!/bin/bash
# Usage: ./minio-upload my-bucket my-file.zip
bucket=$1
file=$2
host=minio.example.com
s3_key=svc_example_user
s3_secret=svc_example_user_password
@PhilipSchmid
PhilipSchmid / k8s-rbac-example.yaml
Created Oct 23, 2020
A (more or less) complete RBAC example for Kubernetes
View k8s-rbac-example.yaml
---
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
# Attention: This PSP has quite some loose restrictions! Do not just copy & paste it!
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: example
spec:
allowPrivilegeEscalation: true
allowedCapabilities:
@PhilipSchmid
PhilipSchmid / kvm-windows-10-guest-ultrawide-resolution.md
Created Sep 27, 2020
3440x1440 resolution for Windows 10 KVM VM
View kvm-windows-10-guest-ultrawide-resolution.md

Configure a Windows 10 KVM Guest to use an ultrawide display resolution (3440x1440)

  1. virsh edit Windows10
  2. Navigate to the <video> section and change it to the following one:
    <video>
      <model type='qxl' ram='131072' vram='131072' vgamem='32768' heads='1' primary='yes'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
@PhilipSchmid
PhilipSchmid / 0-wireguard-readme.md
Last active Jan 7, 2022
Wireguard installation on CentOS/RHEL 8 server and Ubuntu 20.04 client (IPv6 dual stack)
View 0-wireguard-readme.md

Wireguard VPN Setup

This two scripts install & configure Wireguard on a CentOS8 "server" (peer) and on a Ubuntu 18.04 "client" peer. Of course, if you replace the # Installation script parts, these instructions can also be used on other distributions like Debian, CentOS 7, Fedora, etc..

Possible pitfall: When you change something in the /etc/wireguard/wg0.conf configuration file on the server, ensure to disable the wg-quick@wg0 service in advance:

sudo systemctl stop wg-quick@wg0
sudo systemctl disable wg-quick@wg0
sudo vim /etc/wireguard/wg0.conf    # edit what ever you like
sudo systemctl enable --now wg-quick@wg0
@PhilipSchmid
PhilipSchmid / 0-rancher-vsphere-setup.md
Last active May 23, 2022
How to set up a Rancher K8s cluster on VMware (incl. vSphere StorageClass)
View 0-rancher-vsphere-setup.md

Rancher K8s Cluster on VMware vSphere

Prerequisites

vCenter Configuration

@PhilipSchmid
PhilipSchmid / clientless-linux-remote-access.md
Last active Feb 25, 2022
Using Apache Guacamole in combination with VNC for clientless Linux remote access
View clientless-linux-remote-access.md

Clientless Linux remote access with Apache Guacamole

Quick and dirty guide how to get Apache Guacamole in combination with VNC up and running.

Apache Guacamole

Prerequisites

sudo add-apt-repository -y ppa:remmina-ppa-team/freerdp-daily
sudo apt update
env DEBIAN_FRONTEND=noninteractive sudo apt install -y freerdp2-dev freerdp2-x11
@PhilipSchmid
PhilipSchmid / nic-isolation-readme.md
Last active Apr 29, 2020
Automatically add Linux NIC to namespace at system boot (e.g. used for Ethernet USB dongles with dynamic identifier)
View nic-isolation-readme.md

Linux NIC to namespace (persisted via systemd service)

Save the file nic-isolation.service to /etc/systemd/system/nic-isolation.service.

Afterwards reload the systemd daemon and enable & start the "service":

sudo systemctl daemon-reload
sudo systemctl enable nic-isolation.service
sudo systemctl start nic-isolation.service
@PhilipSchmid
PhilipSchmid / multicast-on-linux.md
Last active May 9, 2022
Testing Multicast Traffic on Linux
View multicast-on-linux.md

Testing Multicast Traffic on Linux

Prerequisites

By default Linux ignores Broadcast and Multicast ICMP messages. That's why you need to enable it first:

sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0

Join and Test Multicast Traffic

To join any mutlicast address (e.g. 224.10.10.10/24) just add it to your active interface (e.g. eth0) and append the keyword autojoin at the end:

@PhilipSchmid
PhilipSchmid / rancher-keycloak-idp-configuration.md
Last active May 13, 2022
Rancher v2.X KeyCloak Authentication Backend Configuration
View rancher-keycloak-idp-configuration.md

Rancher v2.X KeyCloak Authentication Backend Configuration

Ranchers official documentation about how to configure the Rancher <> KeyCloak setup is fine but definitely not sufficient to successfully configure it (https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/keycloak/). That's the reason why here every single required step is documented down here.

KeyCloak Configuration

I simply use the default master realm for the Rancher client. Nevertheless, it would sometimes absolutely make sense to use a custom KeyCloak realm.

  1. Login as admin on https://keycloak.example.com/. Important: It's crucial that in KeyCloak the same username exists as you use as admin user on Rancher. Since I just use the admin account in this guide, this prerequisite is already achieved.
  2. Create a new client under https://keycloak.example.com/auth/admin/master/console/#/realms/master/clients
  • Client ID: https://rancher.example.com/v1-saml/keycloak/saml/metadata