mrballcb

# This will survive restarts of Rancher Desktop.  I don't expect it to survive "Reset Kubernetes" actions.

# This will get a shell inside the running VM.
# Many thanks to Jan Dubois, this one liner replaced a complicated set of commands I had here earlier.
LIMA_HOME="$HOME/Library/Application Support/rancher-desktop/lima" limactl shell 0

sudo su -
vi /etc/conf.d/docker

# Add to the DOCKER_OPTS cli the bip and subnet you want.  I picked a very small /24 at the end of the 172.16/20 space:

mrballcb

Usage:

# Both of these will activate lungo for 10 hours
lungo 10 hours
lungo hours=10

# Both of these will toggle lungo off if it's on, or on indefinitely if it was off
lungo toggle
lungo

mrballcb

#!/usr/bin/env bash

set -eu -o pipefail

FILTER=${1-.*}
REGIONS="us-east-1 us-east-2 us-west-1 us-west-2"

tempwork=$(mktemp -d)

# When the script finishes or is cancelled, clean up the temp dir

mrballcb

acl_check_dkim:
  # Skip this whole acl if header.d contains an @ sign because exim is
  # breaking down the header.i part (which usually is an email address)
  # bit by bit, working towards just the domain name.
  accept  condition      = ${if match{$dkim_cur_signer}{\N@\N}}

  accept  dkim_status    = none
          sender_domains = KNOWN_DKIM_SIGNERS
          dkim_signers   = KNOWN_DKIM_SIGNERS
          condition      = ${if eqi{$sender_address_domain}{$dkim_cur_signer} {yes}{no}}

mrballcb

1) Exim config
a. Global settings:
dmarc_history_file = /var/spool/exim/dmarc_history.txt
dmarc_tld_file = /etc/exim/opendmarc.tlds

b. Get the tld file (list of valid TLD's) from http://publicsuffix.org/list/

c. Somewhere early in the RCPT ACL I have:
.include_if_exists /etc/exim/dmarc_acl_control.conf

mrballcb

#!/bin/bash

function ssh_and_get_status {
  SSH=$1
  SSHARGS=$2
  TARG=$3
  ssh $SSHARGS $SSH "
    echo
    curl -s 'http://$TARG/_cat/nodes?v'
    echo

mrballcb

Rancher Desktop is what I've switched to in place of Docker Desktop.  It has some differences that
need to be worked around (see previous gist for setting the network subnet a container uses).

One other issue is that after about 24 hours, the docker socket just stops listening.  It is currently
on Rancher's radar, but in the meantime, the only real solution is to stop and start the entire
Rancher Desktop app.  The below script does exactly that.

A second issue is that a running k3s cluster consumes enough CPU/power that it raises the temperature
of the Mac when it's idle and significantly cuts down on battery life.  The second script will stop
the k3s subsystem and kill all running containers, bringing the CPU usage down to a very low level.

mrballcb

#!/usr/bin/env bash

# Expected input can be one of the following types:
#   CTX        # Just the context - shows "transition mode" for this cluster and all kube masters/nodes
#   CTX NS     # The context, a space, and the namespace - shows all pods in that NS and only kube nodes
TYPE=${1-none}
CTX=${TYPE}
NS=${2-$TYPE}
# Extract instance types, AZ, and kops instance group name
SED_FILTER_LABELS="-e 's/beta.kubernetes.*instance-type=/type=/' -e 's#beta.kubernetes.io/##g' -e 's#kubernetes.io/##g' -e 's#,arch=\w*##' -e 's#,os=\w*##'"

mrballcb

#!/usr/bin/env bash

set -eu -o pipefail

MYROLE=elevated       # Set to whatever you named your role
MYBUCKET=history      # Set to whatever S3 bucket you will put this

DATE=$(date +%F)

AWS_ACCOUNT=$(aws sts get-caller-identity | jq -r .Account)

mrballcb

# Loops through regions
# Gets all data for instances in the inner array
# Outputs instance id, AZ, Launch Time, and the Name tag

for REGION in us-east-1 us-west-1; do
  aws --region $REGION ec2 describe-instances | \
  jq '.Reservations[].Instances[] | select(.InstanceId as $id | ["id-1234", "id-56789"] | index($id)) | [.InstanceId, .Placement.AvailabilityZone, .LaunchTime, [.Tags[] | select(.Key == "Name") | .Value][] ]'
done