superseb

#!/bin/bash
while true; do
  docker ps && break
  echo "waiting for docker to respond"
  sleep 3
done

echo "Generating nip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
FQDN="git.${FOUNDIP}.nip.io"

superseb

Rancher v2.6.3 and up single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.6.3 and up only

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

superseb

Rancher v2.6.x single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.6.0/v2.6.1/v2.6.2 only, for v2.6.3 and up, see https://gist.github.com/superseb/bcfeb07931b70b8722b77f1fbd791e99

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

superseb

Rancher v2.5.x single install embedded etcd maintenance

This is not official documentation, have/make backups, use at your own risk.

v2.5.x only

When etcd db size exceeds quota, it will raise an alarm and throw the error mvcc: database space exceeded.

To manually trigger this situation:

superseb

Working of kubernetes cluster IP

The by default created Service named kubernetes can be used to connect to the Kubernetes API. Behind this Service, there are endpoints for each control plane/master node.

Kubernetes docs on Service: https://kubernetes.io/docs/concepts/services-networking/service/

Commands to lookup Service and associated Endpoints:

> kubectl get svc kubernetes
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE

superseb

#!/usr/bin/env bash

if [ $# -ne 2 ]; then
  echo "Usage: $0 [filename] [etcd_version]"
  exit 1
fi

FILENAME=$1
ETCD_VERSION=$2
TIMESTAMP="$(date +%s)"

superseb

#!/bin/bash
# Needs to be run on the server running `rancher/rancher` container

# Check if jq exists
command -v jq >/dev/null 2>&1 || { echo "jq is not installed. Exiting." >&2; exit 1; }

# Retrieve Docker container ID of container running `rancher/rancher` image
CONTID=$(docker ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | head -1 | awk '{ print $1 }')
echo "Container ID running Rancher is ${CONTID}"

superseb

Retrieve cluster.rkestate for Rancher c-c-XXXXX cluster secret reconstruction

k8s 1.18 and lower

docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml -n kube-system get configmap full-cluster-state -o json | jq -r .data.\"full-cluster-state\"' > cluster.rkestate

superseb

k3s etcd commands

etcd

Setup etcdctl using the instructions at https://github.com/etcd-io/etcd/releases/tag/v3.4.13 (changed path to /usr/local/bin):

Note: if you want to match th etcdctl binaries with the embedded k3s etcd version, please run the curl command for getting the version first and adjust ETCD_VER below accordingly:

curl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/version

superseb

Generate ECDSA CA, intermediate CA and server certificate with DNS alt names using Terraform in Docker and launch Rancher

Generate ECDSA CA, intermediate CA and server certificate

docker run --rm -v $PWD/testcerts:/tmp/certs/files -e TF_VAR_ip_addresses='["127.0.0.1"]' -e TF_VAR_dns_names='["yolo.seb.local"]' superseb/intermediate-ecdsa

Run Rancher