Skip to content

Instantly share code, notes, and snippets.

View superseb's full-sized avatar

Sebastiaan van Steenis superseb

  • Qdrant
  • Netherlands
  • 12:45 (UTC +02:00)
View GitHub Profile
@superseb
superseb / create-nginx-in-front-of-github.sh
Last active August 9, 2024 19:09
Front github.com with self signed certificate to test custom CA in tooling
#!/bin/bash
while true; do
docker ps && break
echo "waiting for docker to respond"
sleep 3
done
echo "Generating nip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
FQDN="git.${FOUNDIP}.nip.io"
@superseb
superseb / rancher_v263plus_etcd_maintenance.md
Last active April 13, 2023 07:04
Rancher v2.6.3 and up single install etcd maintenance

Rancher v2.6.3 and up single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.6.3 and up only

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / rancher_v26x_etcd_maintenance.md
Last active December 22, 2021 15:31
Rancher v2.6.x single install etcd maintenance

Rancher v2.6.x single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.6.0/v2.6.1/v2.6.2 only, for v2.6.3 and up, see https://gist.github.com/superseb/bcfeb07931b70b8722b77f1fbd791e99

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / rancher_v25x_etcd_maintenance.md
Last active November 22, 2021 18:49
Rancher v2.5.x single install etcd maintenance

Rancher v2.5.x single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.5.x only

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / k8s-cluster-ip.md
Last active February 1, 2022 15:39
Working of kubernetes cluster IP

Working of kubernetes cluster IP

The by default created Service named kubernetes can be used to connect to the Kubernetes API. Behind this Service, there are endpoints for each control plane/master node.

Kubernetes docs on Service: https://kubernetes.io/docs/concepts/services-networking/service/

Commands to lookup Service and associated Endpoints:

> kubectl get svc kubernetes
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
@superseb
superseb / etcd-restore.sh
Last active April 20, 2023 07:31
Single command etcd snapshot restore to inspect etcd contents
#!/usr/bin/env bash
if [ $# -ne 2 ]; then
echo "Usage: $0 [filename] [etcd_version]"
exit 1
fi
FILENAME=$1
ETCD_VERSION=$2
TIMESTAMP="$(date +%s)"
@superseb
superseb / rancher-check-cluster-secret-state.sh
Last active February 17, 2022 11:00
Rancher check stored cluster secret for fullState and state
#!/bin/bash
# Needs to be run on the server running `rancher/rancher` container
# Check if jq exists
command -v jq >/dev/null 2>&1 || { echo "jq is not installed. Exiting." >&2; exit 1; }
# Retrieve Docker container ID of container running `rancher/rancher` image
CONTID=$(docker ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | head -1 | awk '{ print $1 }')
echo "Container ID running Rancher is ${CONTID}"
@superseb
superseb / cluster-rkestate-rancher-cluster-secret.md
Created April 9, 2021 20:55
Retrieve cluster.rkestate for Rancher c-c-XXXXX cluster secret reconstruction

Retrieve cluster.rkestate for Rancher c-c-XXXXX cluster secret reconstruction

k8s 1.18 and lower

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\"' > cluster.rkestate

@superseb
superseb / k3s-etcd-commands.md
Last active August 18, 2024 03:22
k3s etcd commands

k3s etcd commands

etcd

Setup etcdctl using the instructions at https://github.com/etcd-io/etcd/releases/tag/v3.4.13 (changed path to /usr/local/bin):

Note: if you want to match th etcdctl binaries with the embedded k3s etcd version, please run the curl command for getting the version first and adjust ETCD_VER below accordingly:

curl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/version
@superseb
superseb / intermediate-ecdsa-certificate-rancher.md
Created October 26, 2020 15:59
Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher

Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher

Generate ECDSA CA, intermediate CA and server certificate

docker run --rm -v $PWD/testcerts:/tmp/certs/files -e TF_VAR_ip_addresses='["127.0.0.1"]' -e TF_VAR_dns_names='["yolo.seb.local"]' superseb/intermediate-ecdsa

Run Rancher