Author: phomlish

string case

timezones

simultanuous unrelated issues

initial server install- we started this linux stuff before packages were using the group 101. We like to use that group so NFS shares work without mappings

Fix /etc/groups, move group 101 out of the way
grep 101 /etc/groups
like change systemd-journal:x:101: to systemd-journal:x:128:
groupmod -g 128 systemd-journal
groupadd -g 101 homeuser

add a generic user with a homedir & bash
useradd -m -s /bin/bash sr
add a user with no homedir & no shell
useradd -M -s /dev/null no-reply
add phomlish
useradd -g 101 -u 501 -md /home/phomlish -s /bin/bash phomlish

install certs in .ssh
add phomlish to all groups that have paul

add swarm
groupadd -g 1002 swarm
useradd -g 1002 -u 1002 -m swarm

give sudo
usermod -aG sudo phomlish

for wsl, powershell:

wsl –user phomlish

animate

convert -delay 20 -loop 0 *.png 307.gif

Installing nginx on kubernetes for localnet access (won’t be exposed to the internet)
Goal: TLS for prometheus and grafana

check
phomlish@a6:~/kubernetes/nginx$ pwd
/home/phomlish/kubernetes/nginx

token

kubectl -n kubernetes-dashboard create token admin-user –duration=0
eyJhbGciOiJSUzI1NiIsImtpZCI6IjA3UXBrR1JYRDdGaHNMZ0pNZHl5UkJ0QmNGeXBVOVlfUHhOS09wTkpQQzQifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjY3Mjk5MDE1LCJpYXQiOjE2NjcyOTU0MTUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiM2U4OTQzNTUtMzFjNi00M2VlLTg5YTAtZTQxMzM2NWViMzMyIn19LCJuYmYiOjE2NjcyOTU0MTUsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.rtra01E-O1CzZpBi1ocoGIETSHAWHgAq77OdZIsiMXhCKyv9bXHKCbqR-4AfGaXzEo_8W0GbHcMa_43BzVQXsrb15jIxTmEK6VgEKHD5a5KUesBd6DxEtx1pzcwgGptyb7uQY0kE_dycI7RAN8khujiFIIg2tZYCg7Vt0Um0ewD6pMy25vwRRj65uc0ROy8Q4fkq-FDnSJAerY5bPQmMC2OSFMmMyU117ZDhRAyHMv53LEy9S2t8iR2tEjBxKjB4lNo_KBjI1jx0EfTn5tIGM6yG15jIMoe3nnxyshN7kH1Fy3ITqpMU1QBWGQyiDRryEp8DuKbEMzDTGFawmE2V_Q

k -n kubernetes-dashboard get sa
NAME SECRETS AGE
admin-user 0 35d
default 0 35d
kubernetes-dashboard 0 35d

k -n kubernetes-dashboard describe sa admin-user
Name: admin-user
Namespace: kubernetes-dashboard
Labels:
Annotations:
Image pull secrets:
Mountable secrets:
Tokens:
Events:

k -n kubernetes-dashboard get secrets
NAME TYPE DATA AGE
kubernetes-dashboard-certs Opaque 5 35d
kubernetes-dashboard-csrf Opaque 1 35d
kubernetes-dashboard-key-holder Opaque 2 35d

Continue reading “kubernetes dashboard”

openssl s_client -connect images.dev.homlish.net:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > www.pem
openssl x509 -noout -text -in www.pem | grep -A 4 ‘X509v3 CRL Distribution Points’

Continue reading “certificate revocations”

installing helm

curl https://baltocdn.com/helm/signing.asc | sudo apt-key add –
sudo apt-get install apt-transport-https –yes
echo “deb https://baltocdn.com/helm/stable/debian/ all main” | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm

# we need to add our k8s certificate
helm repo add –ca-file /path/to/certificate.crt repoName https://example/repository

Installing Prometheus
2023-09-20

phomlish@a6:~/kubernetes/prometheus/homlish-monitoring
k apply -f k apply -f homlish-monitor-ns.yaml

kubectl create -f clusterRole.yaml

using helm?

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm search repo prometheus-community/prometheus –versions
prometheus-community/prometheus 19.3.1 v2.41.0 Prometheus is a monitoring system and time seri…

helm install 19.3.1 prometheus-community/prometheus

helm -n homlish-monitor delete prometheus

phomlish@a6:~/kubernetes/prometheus$ helm upgrade –install -n homlish-monitor –version 19.3.1 -f values.yaml prometheus prometheus-community/prometheus
NAME: prometheus
LAST DEPLOYED: Wed Oct 11 07:53:06 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
prometheus-server.default.svc.cluster.local

Get the Prometheus server URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods –namespace default -l “app=prometheus,component=server” -o jsonpath=”{.items[0].metadata.name}”)
kubectl –namespace default port-forward $POD_NAME 9090

The Prometheus alertmanager can be accessed via port on the following DNS name from within your cluster:
prometheus-%!s().default.svc.cluster.local

Get the Alertmanager URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods –namespace default -l “app=prometheus,component=” -o jsonpath=”{.items[0].metadata.name}”)
kubectl –namespace default port-forward $POD_NAME 9093
#################################################################################
###### WARNING: Pod Security Policy has been disabled by default since #####
###### it deprecated after k8s 1.25+. use #####
###### (index .Values “prometheus-node-exporter” “rbac” #####
###### . “pspEnabled”) with (index .Values #####
###### “prometheus-node-exporter” “rbac” “pspAnnotations”) #####
###### in case you still need it. #####
#################################################################################

The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
prometheus-prometheus-pushgateway.default.svc.cluster.local

Get the PushGateway URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods –namespace default -l “app=prometheus-pushgateway,component=pushgateway” -o jsonpath=”{.items[0].metadata.name}”)
kubectl –namespace default port-forward $POD_NAME 9091

For more information on running Prometheus, visit:
https://prometheus.io/

Continue reading “k8s Prometheus”

systemctl status janus.service
systemctl restart janus.service

more /etc/janus/janus.jcfg
tail -f /usr4/mydetv/logs/janus.log

2021-03-25
Yikes, I’m on version 0.7.6 from 2019-11-27
moving to 0.10.10 from 2021-02-08

openssl x509 -in fullchain.pem -text
openssl x509 -in certs/letsencrypt/secure.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/images.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/secure.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/homlish.net/fullchain.pem -text|grep DNS

kubectl create secret tls secure-tls –cert=secure.dev.homlish.net.2020-05-14.cert.pem –key=secure.dev.homlish.net.2020-05-14.key.pem

pwd:
w01:images phomlish$ pwd
/Users/phomlish/homlishWeb/certs-letsencrypt/images
scp -P 2222 a0:certs/letsencrypt/images.homlish.net/fullchain.pem .
scp -P 2222 a0:certs/letsencrypt/images.homlish.net/privkey.pem .
k -n homlish-web-prod create secret tls images-tls –cert=fullchain.pem –key=privkey.pem

w01:images phomlish$ pwd
/Users/phomlish/homlishWeb/certs-letsencrypt/secure
scp -P 2222 a0:certs/letsencrypt/secure.homlish.net/fullchain.pem .
scp -P 2222 a0:certs/letsencrypt/secure.homlish.net/privkey.pem .
k -n homlish-web-prod create secret tls secure-tls –cert=fullchain.pem –key=privkey.pem

k -n grafana create secret tls grafana-tls –cert=cert1.pem –key=privkey1.pem

 

kubectl create secret tls hcr-tls -ns hcr –cert=hcr.homlish.net.2020-10-27.cert.pem –key=hcr.homlish.net.2020-10-27.key.pem

kubectl –namespace jukebox-prod create secret tls jukebox-tls –cert=cert.pem –key=privkey.pem
kubectl –namespace jukebox-prod delete secret jukebox-tls