Sebastiaan van Steenis superseb

## etcd-restore.sh
#!/usr/bin/env bash

if [ $# -ne 2 ]; then
  echo "Usage: $0 [filename] [etcd_version]"
  exit 1
fi

FILENAME=$1
ETCD_VERSION=$2
TIMESTAMP="$(date +%s)"

## k3s-etcd-commands.md

      
              1 file
            
          
              0 forks
            
          
              4 comments
            
          
              8 stars
            
          
                superseb
                / k3s-etcd-commands.md
            
            
              Last active May 14, 2021
            
              
                k3s etcd commands
              
          
      View k3s-etcd-commands.md
  
      
    k3s etcd commands
etcd
Setup etcdctl using the instructions at https://github.com/etcd-io/etcd/releases/tag/v3.4.13 (changed path to /usr/local/bin):
ETCD_VER=v3.4.13

# choose either URL


## intermediate-ecdsa-certificate-rancher.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                superseb
                / intermediate-ecdsa-certificate-rancher.md
            
            
              Created Oct 26, 2020
            
              
                Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher
              
          
      View intermediate-ecdsa-certificate-rancher.md
  
      
    Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher
Generate ECDSA CA, intermediate CA and server certificate
docker run --rm -v $PWD/testcerts:/tmp/certs/files -e TF_VAR_ip_addresses='["127.0.0.1"]' -e TF_VAR_dns_names='["yolo.seb.local"]' superseb/intermediate-ecdsa

Run Rancher

  
## get-kube-admin-kubecfg-certs-from-cluster-rkestate.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                superseb
                / get-kube-admin-kubecfg-certs-from-cluster-rkestate.md
            
            
              Created Aug 24, 2020
            
              
                Get kube-admin kubeconfig and certificates from cluster.rkestate
              
          
      View get-kube-admin-kubecfg-certs-from-cluster-rkestate.md
  
      
    Get kube-admin kubeconfig and certificates from cluster.rkestate
See how to retrieve cluster.rkestate from controlplane node here: https://gist.github.com/superseb/e9f2628d1033cb20e54f6ee268683a7a
Get kube-admin kubeconfig from cluster.rkestate
cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".config' > kube-admin-kubeconfig.yml


## minio-nginx-selfsigned.sh
#!/bin/bash
if [ "$#" -eq 0 ]; then
    echo "No FQDN provided as first parameter, generating xip.io based on found external IP"
    FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
    FQDN="minio.${FOUNDIP}.xip.io"
else
    FQDN=$1
fi

echo "Using FQDN: ${FQDN}"

## rke2-commands.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              8 stars
            
          
                superseb
                / rke2-commands.md
            
            
              Last active Jun 4, 2021
            
              
                RKE2 / rancherd commands
              
          
      View rke2-commands.md
  
      
    RKE2 commands
Install
curl -sL https://get.rke2.io | sh
systemctl daemon-reload
systemctl start rke2-server


## k3s-logs-collector.sh
TMPDIR=$(mktemp -d $MKTEMP_BASEDIR)
# k3s
if $(command -v k3s >/dev/null 2>&1); then
        mkdir -p $TMPDIR/k3s/crictl
        mkdir -p $TMPDIR/k3s/logs
        mkdir -p $TMPDIR/k3s/podlogs
        mkdir -p $TMPDIR/k3s/kubectl
        k3s check-config > $TMPDIR/k3s/check-config 2>&1
        k3s kubectl get nodes -o json > $TMPDIR/k3s/kubectl/nodes 2>&1
        k3s kubectl version > $TMPDIR/k3s/kubectl/version 2>&1

## identify_rke_rancherlaunched_imported.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                superseb
                / identify_rke_rancherlaunched_imported.md
            
            
              Last active Jun 7, 2020
            
              
                Identify RKE / Rancher Launched Kubernetes / Imported clusters
              
          
      View identify_rke_rancherlaunched_imported.md
  
      
    Identify RKE / Rancher Launched Kubernetes / Imported clusters
This will describe how to identify clusters that are created by RKE, created by Rancher or managed by Rancher
RKE
Clusters created by RKE CLI have:

Cluster state stored as Configmap called full-cluster-state in namespace kube-system (cluster-state before RKE v0.2.0)

kubectl -n kube-system get configmap full-cluster-state


## data.json
{
 "K8sVersionServiceOptions": {
  "v1.10": {
   "etcd": null,
   "kubeapi": {
    "allow-privileged": "true",
    "anonymous-auth": "false",
    "bind-address": "0.0.0.0",
    "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction",
    "insecure-port": "0",

## rancher2-ha-helm-selfsigned-certificate.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                superseb
                / rancher2-ha-helm-selfsigned-certificate.md
            
            
              Created Dec 20, 2019
            
              
                Rancher 2 HA using Helm and self signed certificate (certificate from files)
              
          
      View rancher2-ha-helm-selfsigned-certificate.md
  
      
    Rancher 2 HA using Helm and self signed certificate (certificate from files)
This will only cover the part of installing Rancher on a RKE built cluster, see https://rancher.com/docs/rancher/v2.x/en/installation/ha/ how to get there.
Note: make sure kubeconfig is configured correctly
The commands are for Linux, if you are using Mac then you can use md5 instead of md5sum and base64 -D instead of base64 -d.
Generate certificates
	#!/usr/bin/env bash

	if [ $# -ne 2 ]; then
	echo "Usage: $0 [filename] [etcd_version]"
	exit 1
	fi

	FILENAME=$1
	ETCD_VERSION=$2
	TIMESTAMP="$(date +%s)"
	#!/bin/bash
	if [ "$#" -eq 0 ]; then
	echo "No FQDN provided as first parameter, generating xip.io based on found external IP"
	FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
	FQDN="minio.${FOUNDIP}.xip.io"
	else
	FQDN=$1
	fi

	echo "Using FQDN: ${FQDN}"
	TMPDIR=$(mktemp -d $MKTEMP_BASEDIR)
	# k3s
	if $(command -v k3s >/dev/null 2>&1); then
	mkdir -p $TMPDIR/k3s/crictl
	mkdir -p $TMPDIR/k3s/logs
	mkdir -p $TMPDIR/k3s/podlogs
	mkdir -p $TMPDIR/k3s/kubectl
	k3s check-config > $TMPDIR/k3s/check-config 2>&1
	k3s kubectl get nodes -o json > $TMPDIR/k3s/kubectl/nodes 2>&1
	k3s kubectl version > $TMPDIR/k3s/kubectl/version 2>&1
	{
	"K8sVersionServiceOptions": {
	"v1.10": {
	"etcd": null,
	"kubeapi": {
	"allow-privileged": "true",
	"anonymous-auth": "false",
	"bind-address": "0.0.0.0",
	"enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction",
	"insecure-port": "0",