- Updated on May 29 to accommodate etcd container not having
/bin/shavailable anymore.
curl -sL https://get.rke2.io | sh
systemctl daemon-reload
systemctl start rke2-server
Sebastiaan van Steenis superseb
superseb
/ troubleshooting_kubernetes_commands.md
Last active
December 18, 2025 21:36
Troubleshooting Kubernetes commands
superseb
/ cleanup.sh
Last active
November 26, 2025 14:21
Cleanup host added as custom to Rancher 2.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # OUTDATED: please refer to the link below for the latest version: | |
| # https://github.com/rancherlabs/support-tools/blob/master/extended-rancher-2-cleanup/extended-cleanup-rancher2.sh | |
| docker rm -f $(docker ps -qa) | |
| docker volume rm $(docker volume ls -q) | |
| cleanupdirs="/var/lib/etcd /etc/kubernetes /etc/cni /opt/cni /var/lib/cni /var/run/calico /opt/rke" | |
| for dir in $cleanupdirs; do | |
| echo "Removing $dir" | |
| rm -rf $dir | |
| done |
superseb
/ create_user_and_kubeconfig_rancher2.sh
Last active
November 4, 2025 16:04
Create local user and generate kubeconfig in Rancher 2 via API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| RANCHERENDPOINT=https://your_rancher_endpoint/v3 | |
| # The name of the cluster where the user needs to be added | |
| CLUSTERNAME=your_cluster_name | |
| # Username, password and realname of the user | |
| USERNAME=username | |
| PASSWORD=password | |
| REALNAME=myrealname | |
| # Role of the user | |
| GLOBALROLE=user |
Setup etcdctl using the instructions at https://github.com/etcd-io/etcd/releases/tag/v3.4.13 (changed path to /usr/local/bin):
Note: if you want to match th etcdctl binaries with the embedded k3s etcd version, please run the curl command for getting the version first and adjust ETCD_VER below accordingly:
curl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/version
For RKE v0.1.x and Rancher v2.0.x/v2.1.x, see https://gist.github.com/superseb/3d8de6092ebc4b1581185197583f472a
This needs to be run on a node with the controlplane role, as it rewrites the server endpoint to https://127.0.0.1:6443, you can of course manually change this if necessary.
Applicable for:
- RKE v0.2.x
- Rancher v2.2.x
superseb
/ minio-nginx-selfsigned.sh
Last active
July 3, 2025 07:31
Minio + NGINX in Docker using self signed certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "$#" -lt 0 ]; then | |
| echo "Usage: $0" | |
| exit 1 | |
| fi | |
| echo "Generating nip.io based on found external IP" | |
| FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org) | |
| APIFQDN="minio-api.${FOUNDIP}.nip.io" | |
| FQDN="minio.${FOUNDIP}.nip.io" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate RSASSA-PSS private key for CA | |
| # The key size is 2048; the exponent is 65537 | |
| openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out CA.priKey | |
| # Generate self-signed RSASSA-PSS CA | |
| openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer | |
| # Generate RSASSA-PSS private key for EE | |
| #openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out EE.priKey | |
| openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out EE.priKey |
superseb
/ extended-cleanup-rancher2.sh
Last active
April 29, 2025 17:59
Extended Rancher 2 cleanup (backup your data, use at your own risk)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Backup your data | |
| # Use at your own risk | |
| # Usage ./extended-cleanup-rancher2.sh | |
| # Include clearing all iptables: ./extended-cleanup-rancher2.sh flush | |
| docker rm -f $(docker ps -qa) | |
| docker rmi -f $(docker images -q) | |
| docker volume rm $(docker volume ls -q) | |
| for mount in $(mount | grep tmpfs | grep '/var/lib/kubelet' | awk '{ print $3 }') /var/lib/kubelet /var/lib/rancher; do umount $mount; done | |
| cleanupdirs="/etc/ceph /etc/cni /etc/kubernetes /opt/cni /opt/rke /run/secrets/kubernetes.io /run/calico /run/flannel /var/lib/calico /var/lib/etcd /var/lib/cni /var/lib/kubelet /var/lib/rancher/rke/log /var/log/containers /var/log/pods /var/run/calico" |
superseb
/ defaultdns.md
Last active
April 25, 2025 12:16
Change default DNS nameserver used by Kubernetes pods
This can be applied generically but usually applies to Linux nodes that have a local caching nameserver running, which means pointing to an IP in the loopback range (127.0.0.0/8). Ubuntu 18.04 Bionic Beaver does this by default.
sudo systemctl mask systemd-resolved
rm -f /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
NewerOlder