Skip to content

Instantly share code, notes, and snippets.

Avatar
🌴

Sebastiaan van Steenis superseb

🌴
  • Netherlands
View GitHub Profile
@superseb
superseb / create-nginx-in-front-of-github.sh
Last active April 7, 2022 15:25
Front github.com with self signed certificate to test custom CA in tooling
View create-nginx-in-front-of-github.sh
#!/bin/bash
while true; do
docker ps && break
echo "waiting for docker to respond"
sleep 3
done
echo "Generating nip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
FQDN="git.${FOUNDIP}.nip.io"
@superseb
superseb / rancher_v263plus_etcd_maintenance.md
Created December 13, 2021 17:14
Rancher v2.6.3 and up single install etcd maintenance
View rancher_v263plus_etcd_maintenance.md

Rancher v2.6.3 and up single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.6.3 and up only

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / rancher_v26x_etcd_maintenance.md
Last active December 22, 2021 15:31
Rancher v2.6.x single install etcd maintenance
View rancher_v26x_etcd_maintenance.md

Rancher v2.6.x single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.6.0/v2.6.1/v2.6.2 only, for v2.6.3 and up, see https://gist.github.com/superseb/bcfeb07931b70b8722b77f1fbd791e99

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / rancher_v25x_etcd_maintenance.md
Last active November 22, 2021 18:49
Rancher v2.5.x single install etcd maintenance
View rancher_v25x_etcd_maintenance.md

Rancher v2.5.x single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.5.x only

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

@superseb
superseb / k8s-cluster-ip.md
Last active February 1, 2022 15:39
Working of kubernetes cluster IP
View k8s-cluster-ip.md

Working of kubernetes cluster IP

The by default created Service named kubernetes can be used to connect to the Kubernetes API. Behind this Service, there are endpoints for each control plane/master node.

Kubernetes docs on Service: https://kubernetes.io/docs/concepts/services-networking/service/

Commands to lookup Service and associated Endpoints:

> kubectl get svc kubernetes
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
@superseb
superseb / etcd-restore.sh
Last active July 25, 2022 07:11
Single command etcd snapshot restore to inspect etcd contents
View etcd-restore.sh
#!/usr/bin/env bash
if [ $# -ne 2 ]; then
echo "Usage: $0 [filename] [etcd_version]"
exit 1
fi
FILENAME=$1
ETCD_VERSION=$2
TIMESTAMP="$(date +%s)"
@superseb
superseb / rancher-check-cluster-secret-state.sh
Last active February 17, 2022 11:00
Rancher check stored cluster secret for fullState and state
View rancher-check-cluster-secret-state.sh
#!/bin/bash
# Needs to be run on the server running `rancher/rancher` container
# Check if jq exists
command -v jq >/dev/null 2>&1 || { echo "jq is not installed. Exiting." >&2; exit 1; }
# Retrieve Docker container ID of container running `rancher/rancher` image
CONTID=$(docker ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | head -1 | awk '{ print $1 }')
echo "Container ID running Rancher is ${CONTID}"
@superseb
superseb / cluster-rkestate-rancher-cluster-secret.md
Created April 9, 2021 20:55
Retrieve cluster.rkestate for Rancher c-c-XXXXX cluster secret reconstruction
View cluster-rkestate-rancher-cluster-secret.md

Retrieve cluster.rkestate for Rancher c-c-XXXXX cluster secret reconstruction

k8s 1.18 and lower

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\"' > cluster.rkestate

@superseb
superseb / k3s-etcd-commands.md
Last active January 7, 2023 21:29
k3s etcd commands
View k3s-etcd-commands.md

k3s etcd commands

etcd

Setup etcdctl using the instructions at https://github.com/etcd-io/etcd/releases/tag/v3.4.13 (changed path to /usr/local/bin):

Note: if you want to match th etcdctl binaries with the embedded k3s etcd version, please run the curl command for getting the version first and adjust ETCD_VER below accordingly:

curl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/version
@superseb
superseb / intermediate-ecdsa-certificate-rancher.md
Created October 26, 2020 15:59
Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher
View intermediate-ecdsa-certificate-rancher.md

Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher

Generate ECDSA CA, intermediate CA and server certificate

docker run --rm -v $PWD/testcerts:/tmp/certs/files -e TF_VAR_ip_addresses='["127.0.0.1"]' -e TF_VAR_dns_names='["yolo.seb.local"]' superseb/intermediate-ecdsa

Run Rancher