Skip to content

Instantly share code, notes, and snippets.

View yifan-gu's full-sized avatar

Yifan Gu yifan-gu

  • Anchorage Digital
  • San Francisco
View GitHub Profile
@yifan-gu
yifan-gu / getlogs.go
Created January 13, 2016 23:46
sdjournal example
package main
import (
"fmt"
"io"
"github.com/coreos/go-systemd/sdjournal"
)
func main() {
@yifan-gu
yifan-gu / dex-kubernetes.md
Last active May 8, 2019 06:52
dex/kubernetes guide

Create CA cert/key files

In order to enable oidc authenticator in kube-apiserver, we need to have TLS enabled between kubectl and kube-apiserver, as well as between kube-apiserver and OpenID Provider(dex-worker here)

For simplicity, we will use cfssl to create the bundles.

Start dex worker

Checkout and build dex

@yifan-gu
yifan-gu / conformance.log
Created July 10, 2018 02:51
conformance test
This file has been truncated, but you can view the full file.
[INFO] [19:08:41-0700] Running tests against existing cluster...
[INFO] [19:08:41-0700] Running parallel tests N=<default>
I0709 19:08:41.741853 10764 test.go:86] Extended test version v3.10.0-alpha.0+e63afaa-1228-dirty
Running Suite: Extended
=======================
Random Seed: 1531188522 - Will randomize all specs
Will run 447 specs
Running in parallel across 5 nodes
@yifan-gu
yifan-gu / conformance.log
Created July 9, 2018 23:05
conformance test log
This file has been truncated, but you can view the full file.
[INFO] [13:42:19-0700] Running tests against existing cluster...
[INFO] [13:42:19-0700] Running parallel tests N=<default>
I0709 13:42:20.323666 26542 test.go:86] Extended test version v3.10.0-alpha.0+e63afaa-1228
Running Suite: Extended
=======================
Random Seed: 1531168941 - Will randomize all specs
Will run 447 specs
Running in parallel across 5 nodes
@yifan-gu
yifan-gu / nginxpodchecker.go
Created May 15, 2017 21:18
nginx pod checker
package main
import (
"fmt"
"os"
"time"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/pkg/api"
@yifan-gu
yifan-gu / error.md
Created May 18, 2018 01:55
tectonic install error
tectonic install assets --dir=my-test-cluster

* module.assets_base.local.identity_client_ca_cert: local.identity_client_ca_cert: file: open /home/yifan/gopher/src/github.com/coreos/tectonic-installer/my-test-cluster/generated/tls/root-ca.crt: no such file or directory in:

${file("${local.tls_path}/root-ca.crt")}
* module.assets_base.local.aggregator_ca_cert_pem: local.aggregator_ca_cert_pem: file: open /home/yifan/gopher/src/github.com/coreos/tectonic-installer/my-test-cluster/generated/tls/aggregator-ca.crt: no such file or directory in:

${file("${local.tls_path}/aggregator-ca.crt")}
* module.assets_base.local.identity_server_cert_pem: local.identity_server_cert_pem: file: open /home/yifan/gopher/src/github.com/coreos/tectonic-installer/my-test-cluster/generated/tls/identity-server.crt: no such file or directory in:
@yifan-gu
yifan-gu / commands.md
Last active May 17, 2018 23:05
Recover from the upgrade patch conflict
  1. Remove the selector section in the pod-checkpointer spec:
cat<<EOF | kubectl replace -f -
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    k8s-app: pod-checkpointer
    tier: control-plane
@yifan-gu
yifan-gu / checkpointer.log
Last active October 31, 2017 20:27
checkpointer flake
I1031 20:06:45.955006 1 main.go:290] Should start checkpoint kube-system/pod-checkpointer-wqbq7
I1031 20:06:45.955056 1 main.go:385] Checkpoint manifest for "kube-system/pod-checkpointer-wqbq7" already exists. Skipping
I1031 20:06:48.975356 1 main.go:385] Checkpoint manifest for "kube-system/pod-checkpointer-wqbq7" already exists. Skipping
I1031 20:06:48.992369 1 main.go:385] Checkpoint manifest for "kube-system/kube-etcd-0000" already exists. Skipping
I1031 20:06:49.005260 1 main.go:385] Checkpoint manifest for "kube-system/kube-apiserver-qtmd7" already exists. Skipping
I1031 20:06:49.010436 1 main.go:385] Checkpoint manifest for "kube-system/kube-etcd-network-checkpointer-2npz7" already exists. Skipping
I1031 20:06:49.023779 1 main.go:232] API GC: skipping inactive checkpoint kube-system/kube-apiserver-qtmd7
I1031 20:06:49.023799 1 main.go:232] API GC: skipping inactive checkpoint kube-system/kube-etcd-0000
I1031 20:06:49.023805 1 main.go:232] API GC: sk
@yifan-gu
yifan-gu / command.md
Created October 9, 2017 20:08
Command for rescheduling tco pods into master nodes:

To reschedule the tco pods to master nodes, run:

kubectl -n tectonic-system patch deployment tectonic-channel-operator -p '{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""},"tolerations":[{"key":"node-role.kubernetes.io/master","operator":"Exists","effect":"NoSchedule"}]}}}}'

This works around the issue that tco can't run on rhel node because it expects a ssl cert dir that's not in rhel distros.

@yifan-gu
yifan-gu / result.md
Last active September 30, 2017 01:47
manifest conflict

Hit some patch conflict when updating console

original_manifest:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: tectonic-console
  namespace: tectonic-system