Parse some message fields from k3s' journal logs.
sudo journalctl -u k3s -g detail -n80 -ojson | jq -r '.MESSAGE' | jq
...
##### Sample output:
{
"level": "info",
Using just a Calico CRD felixconfiguration, instead of vxlan tunnel.
calicoctl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true}}'
This should only be enabled by direction from your professional services consultant on an as-needed basis after a thorough examination of the specific environmental factors.
flrichar
/ rancher-ingress-fix.md
Last active
May 21, 2024 11:09
Rancher Helm Install Error about Ingress is Misleading
This took a bit of digging to figure out. As it turns out, my lab ingress has evolved a little. This env may have had several ingress classes in the past.
- alpha env behind a LB with Let's Encrypt enabled
- the error is misleading, the api-resources are OK & pathType IS specified
- helm install works OK but won't touch ingress, keeps status as
failed - even backing up ingress to make it net-new fails
flrichar
/ nix-container.md
Last active
April 4, 2024 12:55
Easy nix environment from nerdctl container
... or readlink might require a flag like -f and/or the which command might not include root's $PATH so perhaps run under sudo.
This is a little hacky. A better bet for your operations might be Neuvector.
readlink $(awk '/liblzma.so.5/{print $3}' <(ldd $(which sshd))) | grep -qE "liblzma.so.5.6.0|liblzma.so.5.6.1" && echo "Affected by CVE-2024-3094" || echo "Not affected."
flrichar
/ frr-speaker.md
Last active
June 21, 2024 15:39
FRR container inside metallb speaker daemonset
Recent versions of MetalLB include FRR as a software router.
If you are cisco-like check it out ...
kubectl exec -it -n metallb-system ds/speaker -c frr -- vtysh
Ask your Qualified consultant for analysis the specifics of the frr configuration. Above applies to manifest only.
iostat -o JSON | jq -r '.[] | paths | select(length>=2) | map(tostring) | join(".")'
... (wip)
Taking notes from here: https://unix.stackexchange.com/questions/549570/list-all-keys-excluding-arrays
flrichar
/ libvirt-ansible-adhoc-inventory.md
Last active
January 17, 2024 22:21
Libvirt/Virsh Adhoc Ansible Inventory
- domain names need to match ssh host ids
- dynamic inventory ansible module for
community.libvirt.libvirtrequires qemu-ga running in guest - why not just create a temporary ad-hoc inventory of currently running vms?
- use as an alias or function or with Taskfile, prevent Task from throwing an error for non-running vms
echo "[running]" $(virsh list --name) | xargs printf "%s\n" > ~/.local/tmp/inventory
ansible -i ~/.local/tmp/inventory -a 'uptime' running
- find the
calico-nodecontainer, bin is located in/calicoctl - [Edit]: Rancher
canalincludes it, but not genericcalico
$ kubectl exec -it -n kube-system $(kubectl get pods -n kube-system -l k8s-app=canal --no-headers -o custom-columns=":metadata.name") -c calico-node -- /calicoctl version
Client Version: v3.26.3
Git commit: bdb7878af
Cluster Version: v3.26.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| dotenv: [ '.env' ] | |
| tasks: | |
| cri-name: | |
| deps: | |
| - task: ctl-bin | |
| vars: | |
| CTLBIN: "/var/lib/rancher/rke2/bin/crictl" |
NewerOlder