CFSSL as an external CA for non-ha kubeadm intialized clusters
Using cfssl to Create an External CA Infrastructure
Install cfssl
# This requires an existing Go environment with GOPATH set
go get -u github.com/cloudflare/cfssl/cmd/...
Peter Skarpetis peterska
peterska
/ README.md
Created
August 24, 2021 07:26
— forked from detiber/README.md
Using CFSSL as an external CA for kubeadm
View README.md
peterska
/ haproxy_srv_cleanup_connections_crash.cfg
Created
January 6, 2021 00:57
View haproxy_srv_cleanup_connections_crash.cfg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| user haproxy | |
| group haproxy | |
| log stdout local0 | |
| stats socket /run/haproxy.sock user haproxy group haproxy mode 660 level admin | |
| tune.ssl.default-dh-param 2048 | |
| ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS | |
| ssl-default-bind-options no-sslv3 no-tls-tickets | |
| ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY130 |
peterska
/ rook-ceph-opearator.log
Created
October 3, 2018 08:30
ceph rook operator logs for failed 0.8.3 upgrade
View rook-ceph-opearator.log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [peters@troy ceph]$ kubectl logs -n rook-ceph-system -l app=rook-ceph-operator | |
| 2018-10-03 07:42:35.535543 I | rookcmd: starting Rook v0.8.3 with arguments '/usr/local/bin/rook ceph operator' | |
| 2018-10-03 07:42:35.535617 I | rookcmd: flag values: --help=false, --log-level=INFO, --mon-healthcheck-interval=45s, --mon-out-timeout=5m0s | |
| 2018-10-03 07:42:35.536379 I | cephcmd: starting operator | |
| 2018-10-03 07:42:35.597170 I | op-agent: getting flexvolume dir path from FLEXVOLUME_DIR_PATH env var | |
| 2018-10-03 07:42:35.597191 I | op-agent: flexvolume dir path env var FLEXVOLUME_DIR_PATH is not provided. Defaulting to: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/ | |
| 2018-10-03 07:42:35.597196 I | op-agent: discovered flexvolume dir path from source default. value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/ | |
| 2018-10-03 07:42:35.611939 I | op-agent: rook-ceph-agent daemonset already exists, updating ... | |
| 2018-10-03 07:42:35.625192 I | op-discover: rook-discover daemonset already exists, updating ... | |
| 2018-10-03 0 |