Skip to content

Instantly share code, notes, and snippets.

View superseb's full-sized avatar

Sebastiaan van Steenis superseb

233 followers · 6 following
  • Qdrant
  • Netherlands
  • 07:19 (UTC +02:00)
View GitHub Profile
@superseb
superseb / rke2-commands.md
Last active May 9, 2024 19:25
RKE2 commands

RKE2 commands

Install

curl -sL https://get.rke2.io | sh
systemctl daemon-reload
systemctl start rke2-server
@superseb
superseb / 1_README.md
Last active May 6, 2024 07:48
Generate Rancher 2 cluster/node agent definitions

Generate Rancher 2 cluster/node agents definitions

This is not official documentation/tooling, use with caution

This generate the Kubernetes definitions of the cattle-cluster-agent Deployment and cattle-node-agent DaemonSet, in case it's accidentally removed/server-url was changed/certficates were changed. It is supposed to run on every cluster Rancher manages. If you have custom clusters created in Rancher, see Kubeconfig for Custom clusters created in Rancher how to obtain the kubeconfig to directly talk to the Kubernetes API (as usually it doesn't work via Rancher anymore). For other clusters, use the tools provided by the provider to get the kubeconfig.

IMPORTANT: You get the cluster/node agents definitions from Rancher, and you apply them to the cluster that is created/managed so you need to switch kubeconfig to point to that cluster before applying them.

Running it

@superseb
superseb / k3s-etcd-commands.md
Last active April 27, 2024 06:08
k3s etcd commands

k3s etcd commands

etcd

Setup etcdctl using the instructions at https://github.com/etcd-io/etcd/releases/tag/v3.4.13 (changed path to /usr/local/bin):

Note: if you want to match th etcdctl binaries with the embedded k3s etcd version, please run the curl command for getting the version first and adjust ETCD_VER below accordingly:

curl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/version
@superseb
superseb / README.md
Last active April 24, 2024 05:03
Generate self signed certificates for Rancher 2.x

Generate self signed certificates for Rancher 2.x

Generate certificates

docker run -v $PWD/certs:/certs \
  -e SSL_SUBJECT=test.example.com \
  -e SSL_DNS=test.example.com,test2.example.com \
  -e SSL_IP=10.0.0.1 \
 superseb/omgwtfssl
@superseb
superseb / defaultdns.md
Last active April 17, 2024 08:51
Change default DNS nameserver used by Kubernetes pods

Change default DNS nameserver used by Kubernetes pods

This can be applied generically but usually applies to Linux nodes that have a local caching nameserver running, which means pointing to an IP in the loopback range (127.0.0.0/8). Ubuntu 18.04 Bionic Beaver does this by default.

Option 1: Change host configuration

sudo systemctl mask systemd-resolved
rm -f /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
@superseb
superseb / extended-cleanup-rancher2.sh
Last active March 13, 2024 09:22
Extended Rancher 2 cleanup (backup your data, use at your own risk)
#!/bin/sh
# Backup your data
# Use at your own risk
# Usage ./extended-cleanup-rancher2.sh
# Include clearing all iptables: ./extended-cleanup-rancher2.sh flush
docker rm -f $(docker ps -qa)
docker rmi -f $(docker images -q)
docker volume rm $(docker volume ls -q)
for mount in $(mount | grep tmpfs | grep '/var/lib/kubelet' | awk '{ print $3 }') /var/lib/kubelet /var/lib/rancher; do umount $mount; done
cleanupdirs="/etc/ceph /etc/cni /etc/kubernetes /opt/cni /opt/rke /run/secrets/kubernetes.io /run/calico /run/flannel /var/lib/calico /var/lib/etcd /var/lib/cni /var/lib/kubelet /var/lib/rancher/rke/log /var/log/containers /var/log/pods /var/run/calico"
@superseb
superseb / minio-nginx-selfsigned.sh
Last active February 23, 2024 06:52
Minio + NGINX in Docker using self signed certificates
#!/bin/bash
if [ "$#" -lt 0 ]; then
echo "Usage: $0"
exit 1
fi
echo "Generating nip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
APIFQDN="minio-api.${FOUNDIP}.nip.io"
FQDN="minio.${FOUNDIP}.nip.io"
@superseb
superseb / rancher2-ha-helm-selfsigned-certificate.md
Created December 20, 2019 11:40
Rancher 2 HA using Helm and self signed certificate (certificate from files)

Rancher 2 HA using Helm and self signed certificate (certificate from files)

This will only cover the part of installing Rancher on a RKE built cluster, see https://rancher.com/docs/rancher/v2.x/en/installation/ha/ how to get there.

Note: make sure kubeconfig is configured correctly

The commands are for Linux, if you are using Mac then you can use md5 instead of md5sum and base64 -D instead of base64 -d.

Generate certificates

@superseb
superseb / cluster.yml
Last active February 7, 2024 09:08
Rancher 2.x custom cluster YAML quicker node failure detection (k8s 1.13)
services:
kubelet:
extra_args:
node-status-update-frequency: 4s
kube-api:
extra_args:
default-not-ready-toleration-seconds: 30
default-unreachable-toleration-seconds: 30
kube-controller:
extra_args:
@superseb
superseb / README.md
Last active December 21, 2023 19:19
Retrieve kubeconfig from RKE or Rancher 2 custom cluster controlplane node for RKE v0.2.x+ and Rancher v2.2.x+

Retrieve kubeconfig from RKE v0.2.x or Rancher v2.2.x custom cluster controlplane node

For RKE v0.1.x and Rancher v2.0.x/v2.1.x, see https://gist.github.com/superseb/3d8de6092ebc4b1581185197583f472a

This needs to be run on a node with the controlplane role, as it rewrites the server endpoint to https://127.0.0.1:6443, you can of course manually change this if necessary.

Applicable for:

  • RKE v0.2.x
  • Rancher v2.2.x