Skip to content

Instantly share code, notes, and snippets.

Avatar
😁

Sebastiaan van Steenis superseb

😁
View GitHub Profile
@superseb
superseb / get-kube-admin-kubecfg-certs-from-cluster-rkestate.md
Created Aug 24, 2020
Get kube-admin kubeconfig and certificates from cluster.rkestate
View get-kube-admin-kubecfg-certs-from-cluster-rkestate.md

Get kube-admin kubeconfig and certificates from cluster.rkestate

See how to retrieve cluster.rkestate from controlplane node here: https://gist.github.com/superseb/e9f2628d1033cb20e54f6ee268683a7a

Get kube-admin kubeconfig from cluster.rkestate

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".config' > kube-admin-kubeconfig.yml
@superseb
superseb / minio-nginx-selfsigned.sh
Last active Aug 30, 2020
Minio + NGINX in Docker using self signed certificates
View minio-nginx-selfsigned.sh
#!/bin/bash
if [ "$#" -eq 0 ]; then
echo "No FQDN provided as first parameter, generating xip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
FQDN="minio.${FOUNDIP}.xip.io"
else
FQDN=$1
fi
echo "Using FQDN: ${FQDN}"
View rke2-commands.md

RKE2 commands

Various exploration/debug commmands for RKE2

binaries

Necessary binaries unpacked from image and symlinked in /usr/local/bin (only when using install.sh script)

-rwxr-xr-x 1 root root 151543800 Jul 22 06:22 rke2
@superseb
superseb / k3s-logs-collector.sh
Last active May 5, 2020
k3s logs collector
View k3s-logs-collector.sh
TMPDIR=$(mktemp -d $MKTEMP_BASEDIR)
# k3s
if $(command -v k3s >/dev/null 2>&1); then
mkdir -p $TMPDIR/k3s/crictl
mkdir -p $TMPDIR/k3s/logs
mkdir -p $TMPDIR/k3s/podlogs
mkdir -p $TMPDIR/k3s/kubectl
k3s check-config > $TMPDIR/k3s/check-config 2>&1
k3s kubectl get nodes -o json > $TMPDIR/k3s/kubectl/nodes 2>&1
k3s kubectl version > $TMPDIR/k3s/kubectl/version 2>&1
@superseb
superseb / identify_rke_rancherlaunched_imported.md
Last active Jun 7, 2020
Identify RKE / Rancher Launched Kubernetes / Imported clusters
View identify_rke_rancherlaunched_imported.md

Identify RKE / Rancher Launched Kubernetes / Imported clusters

This will describe how to identify clusters that are created by RKE, created by Rancher or managed by Rancher

RKE

Clusters created by RKE CLI have:

  • Cluster state stored as Configmap called full-cluster-state in namespace kube-system (cluster-state before RKE v0.2.0)
    • kubectl -n kube-system get configmap full-cluster-state
@superseb
superseb / data.json
Created Feb 25, 2020
data.json test
View data.json
{
"K8sVersionServiceOptions": {
"v1.10": {
"etcd": null,
"kubeapi": {
"allow-privileged": "true",
"anonymous-auth": "false",
"bind-address": "0.0.0.0",
"enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction",
"insecure-port": "0",
@superseb
superseb / rancher2-ha-helm-selfsigned-certificate.md
Created Dec 20, 2019
Rancher 2 HA using Helm and self signed certificate (certificate from files)
View rancher2-ha-helm-selfsigned-certificate.md

Rancher 2 HA using Helm and self signed certificate (certificate from files)

This will only cover the part of installing Rancher on a RKE built cluster, see https://rancher.com/docs/rancher/v2.x/en/installation/ha/ how to get there.

Note: make sure kubeconfig is configured correctly

The commands are for Linux, if you are using Mac then you can use md5 instead of md5sum and base64 -D instead of base64 -d.

Generate certificates

@superseb
superseb / rancher-extract-selfsigned-ca.sh
Created Nov 11, 2019
Extract self signed CA certificate from Rancher
View rancher-extract-selfsigned-ca.sh
#!/usr/bin/env bash
CONTID=$(docker ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | awk '{ print $1 }')
docker exec $CONTID kubectl get listenconfigs cli-config -o jsonpath={.caCerts} > /tmp/cacerts
curl --cacert /tmp/cacerts https://localhost
@superseb
superseb / local-prom-graph-etcd.md
Created Nov 4, 2019
WIP Local prometheus to graph etcd
View local-prom-graph-etcd.md

WIP Local prometheus to graph etcd

Ability to graph etcd metrics locally to identify issues

Prometheus

scrape_configs:
- job_name: etcd
  static_configs:
@superseb
superseb / eks-in-rancher-debug.md
Last active Sep 18, 2019
EKS in Rancher debug
View eks-in-rancher-debug.md

EKS in Rancher debug

# Configure CLUSTERID (can be found in UI)
CLUSTERID=c-tc6mc

# Get service account token, endpoint and ca certificate
docker exec $(docker  ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | awk '{ print $1 }') kubectl  -n cattle-system get secret "c-${CLUSTERID}" -o json | docker run -i oildex/jq:1.6 jq -r '.data.cluster  | @base64d' | docker run -i oildex/jq:1.6 jq -r '.rootCACert | @base64d' > ca.crt
docker exec $(docker  ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | awk '{ print $1 }') kubectl  -n cattle-system get secret "c-${CLUSTERID}" -o json | docker run -i oildex/jq:1.6 jq -r '.data.cluster  | @base64d' | docker run -i oildex/jq:1.6 jq -r '.serviceAccountToken' > token
docker exec $(docker  ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | awk '{ print $1 }') kubectl  -n cattle-system get secret "c-${CLUSTERID}" -o json | docker run -i oildex/jq:1.6 jq -r '.data.clust
You can’t perform that action at this time.