superseb

Get kube-admin kubeconfig and certificates from cluster.rkestate

See how to retrieve cluster.rkestate from controlplane node here: https://gist.github.com/superseb/e9f2628d1033cb20e54f6ee268683a7a

Get kube-admin kubeconfig from cluster.rkestate

cat cluster.rkestate | jq -r '.currentState.certificatesBundle."kube-admin".config' > kube-admin-kubeconfig.yml

superseb

#!/bin/bash
if [ "$#" -lt 0 ]; then
  echo "Usage: $0"
  exit 1
fi

echo "Generating nip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
APIFQDN="minio-api.${FOUNDIP}.nip.io"
FQDN="minio.${FOUNDIP}.nip.io"

superseb

RKE2 commands

Install

curl -sL https://get.rke2.io | sh
systemctl daemon-reload
systemctl start rke2-server

superseb

TMPDIR=$(mktemp -d $MKTEMP_BASEDIR)
# k3s
if $(command -v k3s >/dev/null 2>&1); then
        mkdir -p $TMPDIR/k3s/crictl
        mkdir -p $TMPDIR/k3s/logs
        mkdir -p $TMPDIR/k3s/podlogs
        mkdir -p $TMPDIR/k3s/kubectl
        k3s check-config > $TMPDIR/k3s/check-config 2>&1
        k3s kubectl get nodes -o json > $TMPDIR/k3s/kubectl/nodes 2>&1
        k3s kubectl version > $TMPDIR/k3s/kubectl/version 2>&1

superseb

Identify RKE / Rancher Launched Kubernetes / Imported clusters

This will describe how to identify clusters that are created by RKE, created by Rancher or managed by Rancher

RKE

Clusters created by RKE CLI have:

• Cluster state stored as Configmap called full-cluster-state in namespace kube-system (cluster-state before RKE v0.2.0)
• kubectl -n kube-system get configmap full-cluster-state

superseb

{
 "K8sVersionServiceOptions": {
  "v1.10": {
   "etcd": null,
   "kubeapi": {
    "allow-privileged": "true",
    "anonymous-auth": "false",
    "bind-address": "0.0.0.0",
    "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction",
    "insecure-port": "0",

superseb

Rancher 2 HA using Helm and self signed certificate (certificate from files)

This will only cover the part of installing Rancher on a RKE built cluster, see https://rancher.com/docs/rancher/v2.x/en/installation/ha/ how to get there.

Note: make sure kubeconfig is configured correctly

The commands are for Linux, if you are using Mac then you can use md5 instead of md5sum and base64 -D instead of base64 -d.

Generate certificates

superseb

#!/usr/bin/env bash
CONTID=$(docker ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | awk '{ print $1 }')
docker exec $CONTID kubectl get listenconfigs cli-config -o jsonpath={.caCerts} > /tmp/cacerts
curl --cacert /tmp/cacerts https://localhost

superseb

WIP Local prometheus to graph etcd

Ability to graph etcd metrics locally to identify issues

Prometheus

scrape_configs:
- job_name: etcd
 static_configs:

superseb

EKS in Rancher debug

# Configure CLUSTERID (can be found in UI)
CLUSTERID=c-tc6mc

# Get service account token, endpoint and ca certificate
docker exec $(docker  ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | awk '{ print $1 }') kubectl  -n cattle-system get secret "c-${CLUSTERID}" -o json | docker run -i oildex/jq:1.6 jq -r '.data.cluster  | @base64d' | docker run -i oildex/jq:1.6 jq -r '.rootCACert | @base64d' > ca.crt
docker exec $(docker  ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | awk '{ print $1 }') kubectl  -n cattle-system get secret "c-${CLUSTERID}" -o json | docker run -i oildex/jq:1.6 jq -r '.data.cluster  | @base64d' | docker run -i oildex/jq:1.6 jq -r '.serviceAccountToken' > token
docker exec $(docker  ps | grep -E "rancher/rancher:|rancher/rancher |rancher/rancher@|rancher_rancher" | awk '{ print $1 }') kubectl  -n cattle-system get secret "c-${CLUSTERID}" -o json | docker run -i oildex/jq:1.6 jq -r '.data.clust