Matthew Mattox mattmattox

## patch-k8s-cluster.sh
#!/bin/bash

while getopts "c:h" opt; do
  case $opt in
    c)
      CLUSTER="${OPTARG}"
      ;;
    h)
      help && exit 0
      ;;

## kick-cert-manager.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: log-watcher-sa
  namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

## linkerd-rootca.sh
#!/bin/bash
# Create CA private key
if [ ! -f ca-private.pem ]; then
    openssl ecparam -name prime256v1 -genkey -noout -out ca-private.pem
fi
# Create CA public key
openssl ec -in ca-private.pem -pubout -out ca-public.pem
# Create self signed CA certificate
openssl req -x509 -new -key ca-private.pem -days 365 -out ca.crt -subj "/CN=root.linkerd.cluster.local"

## gist:2a5aadb30c457f08e067e8b597f085c6
#!/bin/bash
ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
mkdir -p ~/.kube/
ln -s /var/lib/rancher/rke2/server/cred/admin.kubeconfig ~/.kube/config

## values.yaml
  ...
  config:
    global:
      resolve_timeout: 5m
      slack_api_url: "https://hooks.slack.com/services/abcdef/123456789...."
    receivers:
    - name: "slack"
      slack_configs:
      - api_url: 'https://hooks.slack.com/services/abcdef/123456789....'
        username: 'ClusterName'

## gist:6fd74b9f857ebbdcc29a167f46e9b591
#!/bin/bash


objects=`kubectl api-resources --verbs=list --namespaced -o name`

for namespace in `kubectl get ns -o name | awk -F '/' '{print $2}'`
do
  echo "Namespace: $namespace"
  mkdir -p namespace/"$namespace"
  for object in $objects

## custom_slack_alerts.yaml
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-name: monitoring
    meta.helm.sh/release-namespace: monitoring
    prometheus-operator-validated: "true"
  labels:
    app: kube-prometheus-stack
    app.kubernetes.io/instance: monitoring

## dump.sh
#!/bin/bash

objects=`kubectl api-resources --verbs=list --namespaced -o name`

for namespace in `kubectl get ns -o name | awk -F '/' '{print $2}'`
do
  echo "Namespace: $namespace"
  mkdir -p namespace/"$namespace"
  for object in $objects
  do

## grab-rke2-bootstrap.sh
/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml exec -it $(/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get po -l component=etcd -n kube-system \
-o jsonpath='{.items[0].metadata.name}') -n kube-system -- /bin/bash -c "ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
--cacert=/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt \
--cert=/var/lib/rancher/rke2/server/tls/etcd/server-client.crt \
--key=/var/lib/rancher/rke2/server/tls/etcd/server-client.key \
get /bootstrap --prefix "

## build-rke2.sh
#!/bin/bash

usage() { echo "Usage: $0 [-m master|worker|all] [-v v1.21.6+rke2r1] [-s 192.168.1.100] [-t K1075c2da4946626e73...] " 1>&2; exit 1; }

while getopts ":m:v:s:t:" o; do
    case "${o}" in
        m)
            m=${OPTARG}
            ((m == master || m == worker || m == all)) || usage
            ;;
	#!/bin/bash

	while getopts "c:h" opt; do
	case $opt in
	c)
	CLUSTER="${OPTARG}"
	;;
	h)
	help && exit 0
	;;
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: log-watcher-sa
	namespace: cert-manager
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	#!/bin/bash
	# Create CA private key
	if [ ! -f ca-private.pem ]; then
	openssl ecparam -name prime256v1 -genkey -noout -out ca-private.pem
	fi
	# Create CA public key
	openssl ec -in ca-private.pem -pubout -out ca-public.pem
	# Create self signed CA certificate
	openssl req -x509 -new -key ca-private.pem -days 365 -out ca.crt -subj "/CN=root.linkerd.cluster.local"
	#!/bin/bash
	ln -s /var/lib/rancher/rke2/bin/kubectl /usr/local/bin/kubectl
	mkdir -p ~/.kube/
	ln -s /var/lib/rancher/rke2/server/cred/admin.kubeconfig ~/.kube/config
	...
	config:
	global:
	resolve_timeout: 5m
	slack_api_url: "https://hooks.slack.com/services/abcdef/123456789...."
	receivers:
	- name: "slack"
	slack_configs:
	- api_url: 'https://hooks.slack.com/services/abcdef/123456789....'
	username: 'ClusterName'
	#!/bin/bash


	objects=`kubectl api-resources --verbs=list --namespaced -o name`

	for namespace in `kubectl get ns -o name \| awk -F '/' '{print $2}'`
	do
	echo "Namespace: $namespace"
	mkdir -p namespace/"$namespace"
	for object in $objects
	apiVersion: monitoring.coreos.com/v1
	kind: PrometheusRule
	metadata:
	annotations:
	meta.helm.sh/release-name: monitoring
	meta.helm.sh/release-namespace: monitoring
	prometheus-operator-validated: "true"
	labels:
	app: kube-prometheus-stack
	app.kubernetes.io/instance: monitoring
	/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml exec -it $(/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get po -l component=etcd -n kube-system \
	-o jsonpath='{.items[0].metadata.name}') -n kube-system -- /bin/bash -c "ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
	--cacert=/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt \
	--cert=/var/lib/rancher/rke2/server/tls/etcd/server-client.crt \
	--key=/var/lib/rancher/rke2/server/tls/etcd/server-client.key \
	get /bootstrap --prefix "
	#!/bin/bash

	usage() { echo "Usage: $0 [-m master\|worker\|all] [-v v1.21.6+rke2r1] [-s 192.168.1.100] [-t K1075c2da4946626e73...] " 1>&2; exit 1; }

	while getopts ":m:v:s:t:" o; do
	case "${o}" in
	m)
	m=${OPTARG}
	((m == master \|\| m == worker \|\| m == all)) \|\| usage
	;;