Skip to content

Instantly share code, notes, and snippets.

View rex's full-sized avatar

ᴘɪᴇʀᴄᴇ ᴍᴏᴏʀᴇ™ rex

46 followers · 14 following
View GitHub Profile
@superseb
superseb / kubectl-diagnostic.sh
Last active September 10, 2021 21:35
kubectl cluster diagnostic
#!/usr/bin/env bash
if [ $# -eq 0 ]; then
# Check if run on controlplane node, we can use that kubeconfig
if [ -f /opt/rke/etc/kubernetes/ssl/kube-controller-manager.pem ]; then
KUBECTLCERT=/opt/rke/etc/kubernetes/ssl/kube-controller-manager.pem
elif [ -f /etc/kubernetes/ssl/kube-controller-manager.pem ]; then
KUBECTLCERT=/etc/kubernetes/ssl/kube-controller-manager.pem
fi
if [ -f /opt/rke/etc/kubernetes/ssl/kube-controller-manager-key.pem ]; then
KUBECTLKEY=/opt/rke/etc/kubernetes/ssl/kube-controller-manager-key.pem
@superseb
superseb / retrieve-fullclusterstate-etcd.md
Last active November 12, 2020 19:21
Retrieve full-cluster-state from etcd directly

Retrieve full-cluster-state from etcd directly

etcdctl

docker exec -e ETCDCTL_ENDPOINTS=$(docker exec etcd /bin/sh -c "etcdctl member list | cut -d, -f5 | sed -e 's/ //g' | paste -sd ','") etcd etcdctl get /registry/configmaps/kube-system/full-cluster-state | tail -n1 | tr -c '[:print:]\t\r\n' '[ *]' | sed 's/^.*{"desiredState/{"desiredState/'  | docker run -i oildex/jq:1.6 jq -r . > cluster.rkestate 2>/dev/null

curl

@superseb
superseb / check-certificate-state-rancherv22.md
Last active August 28, 2023 07:52
Check certificate state on Rancher v2.2 clusters

Check certificate state on Rancher v2.2 clusters

Steps to verify certificate state for custom clusters in v2.2

Check certificates locally on nodes

Run script below to output certificate checksums for certificates present on the node.

#!/bin/sh
@superseb
superseb / restore-rkestate-file.md
Last active May 21, 2024 08:31
Recover cluster.rkestate file from controlplane node

Recover cluster.rkestate file from controlplane node

RKE

Run on controlplane node, uses any found hyperkube image

k8s 1.19 and higher

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.opencontainers.image.source=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .' > cluster.rkestate
@superseb
superseb / minio-letsencrypt.sh
Last active March 19, 2023 14:02
Minio using Let's Encrypt certbot obtained certificates
#!/bin/bash
if [ "$#" -ne 2 ]; then
echo "Usage: $0 fqdn email"
exit 1
fi
docker run -p 80:80 -p 443:443 -v /etc/letsencrypt:/etc/letsencrypt certbot/certbot certonly --standalone --agree-tos --reinstall --force-renewal --non-interactive --text --rsa-key-size 4096 --email $2 --domains $1
mkdir -p /root/.minio/certs
cp /etc/letsencrypt/live/$1/fullchain.pem /root/.minio/certs/public.crt
@superseb
superseb / custom-cluster-etcd-certs.md
Last active November 12, 2020 19:24

Check certificate DNS/IP on etcd in Rancher custom cluster

Requirements:

  • kubectl installed
  • SSH access available to nodes

Retrieve kubeconfig from custom cluster

Use Kubeconfig File in the UI when in cluster dashboard and configure it for kubectl (either place it in ~/.kube/config or set KUBECONFIG=/tmp/kubeconfig if /tmp/kubeconfig is the file containing the kubeconfig)

@superseb
superseb / troubleshooting_kubernetes_commands.md
Last active August 12, 2023 17:10
Troubleshooting Kubernetes commands

Troubleshooting Kubernetes commands

Commands belonging to the Rancher webinar Troubleshooting Kubernetes

etcd

Check etcd members

docker exec etcd etcdctl member list
@jlesage
jlesage / plex_dvr_post_processing.sh
Created February 18, 2019 10:38
Post-processing script for Plex DVR
#!/bin/bash
#
# Post-processing script for Plex DVR.
#
# This script is used to convert the video file produced by the DVR to a smaller
# version. The conversion is performed by a separate Docker container.
#
# For example, the HandBrake docker container is capable of automatically
# converting files put in a specific folder, called the "watch" folder. The
@janeczku
janeczku / rancher-ha-cert-update.md
Last active April 11, 2022 16:40
rancher-ha-cert-update.md

Follow these steps to update the SSL certificate of the ingress in a Rancher High Availability installation or switch from the default self-signed to a custom certificate:

  1. Create or update the tls-rancher-ingress k8s secret resource with the new certificate and private key
  2. Create or update the tls-ca k8s secret resource with the root CA certificate (only required when using a private CA)
  3. Update Rancher installation using Helm CLI
  4. Reconfigure Rancher Agents to trust the new CA certificate

Detailed steps

1. Create/Update the certificate secret resource

@superseb
superseb / README.md
Last active December 21, 2023 19:19
Retrieve kubeconfig from RKE or Rancher 2 custom cluster controlplane node for RKE v0.2.x+ and Rancher v2.2.x+

Retrieve kubeconfig from RKE v0.2.x or Rancher v2.2.x custom cluster controlplane node

For RKE v0.1.x and Rancher v2.0.x/v2.1.x, see https://gist.github.com/superseb/3d8de6092ebc4b1581185197583f472a

This needs to be run on a node with the controlplane role, as it rewrites the server endpoint to https://127.0.0.1:6443, you can of course manually change this if necessary.

Applicable for:

  • RKE v0.2.x
  • Rancher v2.2.x