Skip to content

Instantly share code, notes, and snippets.

Avatar
👋

Sebastiaan van Steenis superseb

👋
View GitHub Profile
@superseb
superseb / create-nginx-in-front-of-github.sh
Last active Apr 7, 2022
Front github.com with self signed certificate to test custom CA in tooling
View create-nginx-in-front-of-github.sh
#!/bin/bash
while true; do
docker ps && break
echo "waiting for docker to respond"
sleep 3
done
echo "Generating nip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
FQDN="git.${FOUNDIP}.nip.io"
@superseb
superseb / rancher_v263plus_etcd_maintenance.md
Created Dec 13, 2021
Rancher v2.6.3 and up single install etcd maintenance
View rancher_v263plus_etcd_maintenance.md

Rancher v2.6.3 and up single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.6.3 and up only

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / rancher_v26x_etcd_maintenance.md
Last active Dec 22, 2021
Rancher v2.6.x single install etcd maintenance
View rancher_v26x_etcd_maintenance.md

Rancher v2.6.x single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.6.0/v2.6.1/v2.6.2 only, for v2.6.3 and up, see https://gist.github.com/superseb/bcfeb07931b70b8722b77f1fbd791e99

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / rancher_v25x_etcd_maintenance.md
Last active Nov 22, 2021
Rancher v2.5.x single install etcd maintenance
View rancher_v25x_etcd_maintenance.md

Rancher v2.5.x single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.5.x only

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / k8s-cluster-ip.md
Last active Feb 1, 2022
Working of kubernetes cluster IP
View k8s-cluster-ip.md

Working of kubernetes cluster IP

The by default created Service named kubernetes can be used to connect to the Kubernetes API. Behind this Service, there are endpoints for each control plane/master node.

Kubernetes docs on Service: https://kubernetes.io/docs/concepts/services-networking/service/

Commands to lookup Service and associated Endpoints:

> kubectl get svc kubernetes
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
@superseb
superseb / etcd-restore.sh
Last active Jul 25, 2022
Single command etcd snapshot restore to inspect etcd contents
View etcd-restore.sh
#!/usr/bin/env bash
if [ $# -ne 2 ]; then
echo "Usage: $0 [filename] [etcd_version]"
exit 1
fi
FILENAME=$1
ETCD_VERSION=$2
TIMESTAMP="$(date +%s)"
@superseb
superseb / rancher-check-cluster-secret-state.sh
Last active Feb 17, 2022
Rancher check stored cluster secret for fullState and state
View rancher-check-cluster-secret-state.sh
#!/bin/bash
# Needs to be run on the server running `rancher/rancher` container
# Check if jq exists
command -v jq >/dev/null 2>&1 || { echo "jq is not installed. Exiting." >&2; exit 1; }
# Retrieve Docker container ID of container running `rancher/rancher` image
CONTID=$(docker ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | head -1 | awk '{ print $1 }')
echo "Container ID running Rancher is ${CONTID}"
@superseb
superseb / cluster-rkestate-rancher-cluster-secret.md
Created Apr 9, 2021
Retrieve cluster.rkestate for Rancher c-c-XXXXX cluster secret reconstruction
View cluster-rkestate-rancher-cluster-secret.md

Retrieve cluster.rkestate for Rancher c-c-XXXXX cluster secret reconstruction

k8s 1.18 and lower

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\"' > cluster.rkestate

View k3s-etcd-commands.md

k3s etcd commands

etcd

Setup etcdctl using the instructions at https://github.com/etcd-io/etcd/releases/tag/v3.4.13 (changed path to /usr/local/bin):

Note: if you want to match th etcdctl binaries with the embedded k3s etcd version, please run the curl command for getting the version first and adjust ETCD_VER below accordingly:

curl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/version
@superseb
superseb / intermediate-ecdsa-certificate-rancher.md
Created Oct 26, 2020
Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher
View intermediate-ecdsa-certificate-rancher.md

Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher

Generate ECDSA CA, intermediate CA and server certificate

docker run --rm -v $PWD/testcerts:/tmp/certs/files -e TF_VAR_ip_addresses='["127.0.0.1"]' -e TF_VAR_dns_names='["yolo.seb.local"]' superseb/intermediate-ecdsa

Run Rancher