janeczku

• https://gist.github.com/altermarkive/9463f2b370e384be372513ee90824be3
• https://medium.com/platformer-blog/kubernetes-on-centos-7-with-firewalld-e7b53c1316af
• https://gist.github.com/sau-lanvy/90819c398972631024a53966132b15bc
• https://medium.com/@earielli/kubernetes-on-baremetal-kubespray-terraform-multimaster-ha-haproxy-api-traefik-and-apps-with-ec165133c5ca

janeczku

Fetch details of an existing RKE cluster template:

data "rancher2_cluster_template" "hardened" {
    name = "hardened-template"
}

or create a new RKE cluster template:

janeczku

Benchmark Pod Startup Latency

$ mkdir -p $GOPATH/k8s.io
$ cd $GOPATH/k8s.io
$ git clone https://github.com/kubernetes/perf-tests.git
$ git checkout release-1.18
$ cd perf-tests
$ go run cmd/clusterloader.go --kubeconfig=rke-kubeconfig.yaml --testconfig=testing/node-throughput/config.yaml

janeczku

Create Service Account

$ kubectl create serviceaccount deployer
$ export SA_NAME=$(kubectl get sa deployer -o jsonpath="{.secrets[*]['name']}")
$ export SA_TOKEN=$(kubectl get secret $SA_NAME -o jsonpath="{.data.token}" | base64 --decode)
$ export SA_CA_CRT=$(kubectl get secret $SA_NAME -o jsonpath="{.data.ca\.crt}" | base64 --decode)

Use as Authorization: Bearer <SA_TOKEN> in the restful API request from external client.

janeczku

How to register Rancher managed Kubernetes clusters in Argo CD

Registering Rancher managed clusters in Argo CD doesn't work out of the box unless the Authorized Cluster Endpoint is used. Many users will prefer an integration of Argo CD via the central Rancher authentication proxy (which shares the network endpoint of the Rancher API/GUI). So let's find out why registering clusters via Rancher auth proxy fails and how to make it work.

Hint: If you are just looking for the solution scroll to the bottom of this page.

Why do i get an error when running argocd cluster add?

Service Account tokens and the Rancher authentication proxy

janeczku

Requirements

• Raspberry Pi 3b+, CM3 or 4
• 16GB+ SDHC card certified A1 or A2 grade to provide sufficient IO performance. Example: SanDisk Extreme microSDHC

Installation Steps

1. Flash Ubuntu 18.04 LTS 64-bit Raspberry Pi disk image to the SD-card
2. Either mount the boot partition on the same machine used to flash the image (Hint: sudo mkdir -p /mnt/rpi-boot && sudo mount -t vfat -o uid=root /dev/mmcblk0p1 /mnt/rpi-boot) or boot the Raspberry Pi once to apply the configuration changes below.
3. Enable the missing cgroups by appending two arguments to /boot/firmware/nobtcmd.txt:

janeczku

apiVersion: batch/v1
kind: Job
metadata:
  name: dbench-hostpath
spec:
  template:
    spec:
      containers:
      - name: dbench
        image: logdna/dbench:latest

janeczku

Instructions

First, create a custom ServiceMonitor resource in the cattle-prometheus namespace of the corresponding cluster. This ServiceMonitor will make Prometheus scrape the resource metrics for all Pods that have a matching annotation of prom_scrape_every_5s: "true" every 5 seconds.

$ kubectl create -n cattle-prometheus -f sm.yaml

The contents of the sm.yaml file:

janeczku

On the k3d host:

curl -s https://raw.githubusercontent.com/rancher/k3d/master/install.sh | TAG=v3.0.0-alpha.4 bash
k3d create cluster --network host --k3s-server-arg "--token=changeme"

On the k3s host:

curl -sfL https://get.k3s.io | K3S_URL="https://<k3d-host-ip>:6443" K3S_TOKEN="changeme" sh -s -

janeczku

Rancher 2.4 HA Installation Prerequisites

This is a summary of typical prerequisites for performing an HA install of Rancher.
For detailed installation instructions, consult the official documentation.

General VM OS Requirements

VM instances used for the Rancher management cluster must meet the following OS requirements:

• Ubuntu 18.04
• 18.04 RHEL/CentOS 7.5, 7.6, 7.7