oskapt

#!/usr/bin/env bash

mkdir certs my-safe-directory

cat > ca.cnf <<EOF
# OpenSSL CA configuration file
[ ca ]
default_ca = CA_default
[ CA_default ]
default_days = 365

oskapt

##
# Individual DoH server entries, one server per resolver.
# These establish proxy ports that the upstream resolvers
# can be reached via.
##
server {
  listen 8001 default_server;
  server_name _;
  location / {
    proxy_pass https://dns.google;

oskapt

kubectl get authorizationrolebinding.auth.containership.io \
  | tail -n +2 | awk '{ print $1 }' | while read x; do 
    kubectl get -o yaml authorizationrolebinding.auth.containership.io/$x -o json | jq '.metadata.finalizers=[]' \
    | kubectl apply -f -; 
  done

kubectl get authorizationrole.auth.containership.io \
  | tail -n +2 | awk '{ print $1 }' | while read x; do 
    kubectl get -o yaml authorizationrole.auth.containership.io/$x -o json | jq '.metadata.finalizers=[]' \
    | kubectl apply -f -; 

oskapt

#cloud-config

package_upgrade: true
package_update: true
packages: 
  - curl
  - nfs-kernel-server
  - python3-pip
runcmd:
  - curl -s -o /var/tmp/install_docker https://releases.rancher.com/install-docker/18.09.sh

oskapt

kubectl -n kube-system create serviceaccount tiller

kubectl create clusterrolebinding tiller \
  --clusterrole=cluster-admin \
  --serviceaccount=kube-system:tiller

helm init --service-account tiller

oskapt

velero install \
    --provider aws \
    --bucket $BUCKET \
    --secret-file ./credentials-velero \
    --backup-location-config region=$REGION \
    --snapshot-location-config region=$REGION \
    --use-restic

oskapt

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AttachVolume",
                "ec2:CreateSnapshot",
                "ec2:CreateTags",
                "ec2:CreateVolume",

oskapt

#!/bin/bash

# Set BUCKET and REGION before continuing. If you want to use a
# different IAM user name or if you use a different AWS profile
# for connecting, you can set those as well. 

BUCKET=
REGION=
VELERO_USER=velero
AWS_PROFILE=default

oskapt

Hello! This gist goes with this video, which covers shortcuts and strategies for working with the K8s command line. You can see all of my videos on YouTube at https://adrian.goins.tv.

Scripts

I use Fish as my shell, but I know that a lot of people are using Bash. Here are two ways to concatenate config files for kubectl into the KUBECONFIG environment variable. If you're using zsh or tcsh you'll know how to convert these to your shell's format.

You can call these from your shell init file, or if you want to temporarily disable a script, append .bak or .disabled to its extension and run the script manually.

You can even hotkey it on something like the Elgato Stream Deck.

oskapt

Restore Rancher 2 cluster/node agents on clusters

This is an unsupported scenario, see rancher/rancher#14731 when there is an official solution.

When cattle-cluster-agent and/or cattle-node-agent are accidentally deleted, or when server-url/cacerts are changed.

Generate definitions

• Generate API token in the UI (user -> API & Keys) and save the Bearer token
• Find the clusterid in the Rancher UI (format is c-xxxxx), its in the address bar when the cluster is selected