Skip to content

Instantly share code, notes, and snippets.

Avatar
👋

Sebastiaan van Steenis superseb

👋
View GitHub Profile
@superseb
superseb / etcd-restore.sh
Last active May 31, 2021
Single command etcd snapshot restore to inspect etcd contents
View etcd-restore.sh
#!/usr/bin/env bash
if [ $# -ne 2 ]; then
echo "Usage: $0 [filename] [etcd_version]"
exit 1
fi
FILENAME=$1
ETCD_VERSION=$2
TIMESTAMP="$(date +%s)"
@superseb
superseb / k3s-etcd-commands.md
Last active May 14, 2021
k3s etcd commands
View k3s-etcd-commands.md
@superseb
superseb / intermediate-ecdsa-certificate-rancher.md
Created Oct 26, 2020
Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher
View intermediate-ecdsa-certificate-rancher.md

Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher

Generate ECDSA CA, intermediate CA and server certificate

docker run --rm -v $PWD/testcerts:/tmp/certs/files -e TF_VAR_ip_addresses='["127.0.0.1"]' -e TF_VAR_dns_names='["yolo.seb.local"]' superseb/intermediate-ecdsa

Run Rancher

@superseb
superseb / get-kube-admin-kubecfg-certs-from-cluster-rkestate.md
Created Aug 24, 2020
Get kube-admin kubeconfig and certificates from cluster.rkestate
View get-kube-admin-kubecfg-certs-from-cluster-rkestate.md

Get kube-admin kubeconfig and certificates from cluster.rkestate

See how to retrieve cluster.rkestate from controlplane node here: https://gist.github.com/superseb/e9f2628d1033cb20e54f6ee268683a7a

Get kube-admin kubeconfig from cluster.rkestate

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".config' > kube-admin-kubeconfig.yml
@superseb
superseb / minio-nginx-selfsigned.sh
Last active May 11, 2021
Minio + NGINX in Docker using self signed certificates
View minio-nginx-selfsigned.sh
#!/bin/bash
if [ "$#" -eq 0 ]; then
echo "No FQDN provided as first parameter, generating xip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
FQDN="minio.${FOUNDIP}.xip.io"
else
FQDN=$1
fi
echo "Using FQDN: ${FQDN}"
@superseb
superseb / rke2-commands.md
Last active Jun 4, 2021
RKE2 / rancherd commands
View rke2-commands.md

RKE2 commands

Install

curl -sL https://get.rke2.io | sh
systemctl daemon-reload
systemctl start rke2-server
@superseb
superseb / k3s-logs-collector.sh
Last active Dec 2, 2020
k3s logs collector
View k3s-logs-collector.sh
TMPDIR=$(mktemp -d $MKTEMP_BASEDIR)
# k3s
if $(command -v k3s >/dev/null 2>&1); then
mkdir -p $TMPDIR/k3s/crictl
mkdir -p $TMPDIR/k3s/logs
mkdir -p $TMPDIR/k3s/podlogs
mkdir -p $TMPDIR/k3s/kubectl
k3s check-config > $TMPDIR/k3s/check-config 2>&1
k3s kubectl get nodes -o json > $TMPDIR/k3s/kubectl/nodes 2>&1
k3s kubectl version > $TMPDIR/k3s/kubectl/version 2>&1
@superseb
superseb / identify_rke_rancherlaunched_imported.md
Last active Jun 7, 2020
Identify RKE / Rancher Launched Kubernetes / Imported clusters
View identify_rke_rancherlaunched_imported.md

Identify RKE / Rancher Launched Kubernetes / Imported clusters

This will describe how to identify clusters that are created by RKE, created by Rancher or managed by Rancher

RKE

Clusters created by RKE CLI have:

  • Cluster state stored as Configmap called full-cluster-state in namespace kube-system (cluster-state before RKE v0.2.0)
    • kubectl -n kube-system get configmap full-cluster-state
@superseb
superseb / data.json
Created Feb 25, 2020
data.json test
View data.json
{
"K8sVersionServiceOptions": {
"v1.10": {
"etcd": null,
"kubeapi": {
"allow-privileged": "true",
"anonymous-auth": "false",
"bind-address": "0.0.0.0",
"enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction",
"insecure-port": "0",
@superseb
superseb / rancher2-ha-helm-selfsigned-certificate.md
Created Dec 20, 2019
Rancher 2 HA using Helm and self signed certificate (certificate from files)
View rancher2-ha-helm-selfsigned-certificate.md

Rancher 2 HA using Helm and self signed certificate (certificate from files)

This will only cover the part of installing Rancher on a RKE built cluster, see https://rancher.com/docs/rancher/v2.x/en/installation/ha/ how to get there.

Note: make sure kubeconfig is configured correctly

The commands are for Linux, if you are using Mac then you can use md5 instead of md5sum and base64 -D instead of base64 -d.

Generate certificates