add linux user

initial server install- we started this linux stuff before packages were using the group 101. We like to use that group so NFS shares work without mappings

Fix /etc/groups, move group 101 out of the way
like change systemd-journal:x:101: to systemd-journal:x:128:
groupmod -g 128 systemd-journal
groupadd -g 101 homeuser

add a generic user with a homedir & bash
useradd -m -s /bin/bash sr
add a user with no homedir & no shell
useradd -M -s /dev/null no-reply
add phomlish
useradd -g 101 -u 501 -md /home/phomlish -s /bin/bash phomlish

install certs in .ssh
add phomlish to all groups that have paul

add swarm
groupadd -g 1002 swarm
useradd -g 1002 -u 1002 -m swarm

kubernetes nginx

Installing nginx on kubernetes for localnet access (won’t be exposed to the internet)
Goal: TLS for prometheus and grafana

check
phomlish@a6:~/kubernetes/nginx$ pwd
/home/phomlish/kubernetes/nginx

kubernetes dashboard

dashboard

https://github.com/kubernetes/dashboard
https://levelup.gitconnected.com/step-by-step-slow-guide-kubernetes-dashboard-on-raspberry-pi-cluster-part-2-acdc8f9b5b99

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

we modified recommended.yaml -> homlish.yaml
deleted namespace creation
deleted cert creation
deleted kubernetes-dashboard service

k apply -f roles.yaml
k apply -f ns.yaml
k apply -f lb.yaml
k -n kubernetes-dashboard create secret generic kubernetes-dashboard-certs –from-file=certs
k apply -f homlish.yaml
k apply -f sa.yaml

k –namespace kubernetes-dashboard get all

Get token:
https://github.com/kubernetes/dashboard/blob/v2.0.0/docs/user/access-control/creating-sample-user.md

a6:/kubernetes/dashboard
./getToken.sh

visit:
https://kubernetes.homlish.net/#/pod?namespace=default

k8s Helm

installing helm

curl https://baltocdn.com/helm/signing.asc | sudo apt-key add –
sudo apt-get install apt-transport-https –yes
echo “deb https://baltocdn.com/helm/stable/debian/ all main” | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm

# we need to add our k8s certificate
helm repo add –ca-file /path/to/certificate.crt repoName https://example/repository

k8s Prometheus

Installing Prometheus
https://dev.to/kaitoii11/deploy-prometheus-monitoring-stack-to-kubernetes-with-a-single-helm-chart-2fbd

todo: review prometheus.io/scrape to scape other namespaces

#did this as phomlish@a6
k create namespace prometheus

# create persistent volume
k apply -f pv-alert.yaml
k apply -f pv-operator.yaml
k apply -f pv-grafana.yaml

helm upgrade –install prometheus . -n prometheus -f values.yaml
helm -n prometheus delete prometheus

Continue reading “k8s Prometheus”

janus

systemctl status janus.service
systemctl restart janus.service

more /etc/janus/janus.jcfg
tail -f /usr4/mydetv/logs/janus.log

2021-03-25
Yikes, I’m on version 0.7.6 from 2019-11-27
moving to 0.10.10 from 2021-02-08

k8s tls

openssl x509 -in fullchain.pem -text
openssl x509 -in certs/letsencrypt/secure.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/images.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/secure.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/homlish.net/fullchain.pem -text|grep DNS

kubectl create secret tls secure-tls –cert=secure.dev.homlish.net.2020-05-14.cert.pem –key=secure.dev.homlish.net.2020-05-14.key.pem

pwd:
w01:images phomlish$ pwd
/Users/phomlish/homlishWeb/certs-letsencrypt/images
scp -P 2222 a0:certs/letsencrypt/images.homlish.net/fullchain.pem .
scp -P 2222 a0:certs/letsencrypt/images.homlish.net/privkey.pem .
k -n homlish-web-prod create secret tls images-tls –cert=fullchain.pem –key=privkey.pem

w01:images phomlish$ pwd
/Users/phomlish/homlishWeb/certs-letsencrypt/secure
scp -P 2222 a0:certs/letsencrypt/secure.homlish.net/fullchain.pem .
scp -P 2222 a0:certs/letsencrypt/secure.homlish.net/privkey.pem .
k -n homlish-web-prod create secret tls secure-tls –cert=fullchain.pem –key=privkey.pem

k -n grafana create secret tls grafana-tls –cert=cert1.pem –key=privkey1.pem

 

kubectl create secret tls hcr-tls -ns hcr –cert=hcr.homlish.net.2020-10-27.cert.pem –key=hcr.homlish.net.2020-10-27.key.pem