Author: phomlish

Posted on

kubernetes cert-manager

https://www.nginx.com/blog/automating-certificate-management-in-a-kubernetes-environment/

letsencrypt.homlish.net. IN A 10.11.168.4
cafe.homlish.net. IN A 10.11.168.5
cert-manager.homlish.net. IN A 10.11.168.253

helm install nginx-kic nginx-stable/nginx-ingress –namespace nginx-ingress –set controller.enableCustomResources=true –create-namespace –set controller.enableCertManager=true

helm install nginx-kic nginx-stable/nginx-ingress –namespace nginx-ingress –set controller.enableCustomResources=true –set spec.loadBalancerIP=’10.11.168.4′ –create-namespace –set controller.enableCertManager=true

helm install -f values.yaml –namespace nginx-ingress nginx-kic nginx-stable/nginx-ingress –create-namespace

helm repo add jetstack https://charts.jetstack.io
helm repo update

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.crds.yaml
helm install \
cert-manager jetstack/cert-manager \
–namespace cert-manager \
–create-namespace \
–version v1.10.1

change fw nginx to forward to cert-manager

curl -L -o kubectl-cert-manager.tar.gz https://github.com/jetstack/cert-manager/releases/latest/download/kubectl-cert_manager-linux-amd64.tar.gz
wget https://github.com/jetstack/cert-manager/releases/latest/download/kubectl-cert_manager-linux-amd64.tar.gz

Continue reading “kubernetes cert-manager”

Posted on

nginx

https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/

nginx

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -A PREROUTING -p tcp -s 10.11.1.200 –sport 443 -j MARK –set-xmark 0x1/0xffffffff
iptables -t mangle -A PREROUTING -p tcp -s 10.11.168.0/24 –sport 443 -j MARK –set-xmark 0x1/0xfffffffe

Continue reading “nginx”

Posted on

geoip maxmind

https://github.com/maxmind/libmaxminddb
https://github.com/maxmind/MaxMind-DB-Reader-php

sudo apt install libmaxminddb0 libmaxminddb-dev mmdb-bin

wget https://github.com/maxmind/MaxMind-DB-Reader-php/archive/v1.8.0.tar.gz
tar xzf v1.8.0.tar.gz
cd MaxMind-DB-Reader-php-1.8.0/
cd ext
./configure –with-php-config=/usr/local/apache2/php/bin/php-config
make
make test
sudo make install

vi /usr/local/apache2/php/php.ini
extension=maxminddb.so

Posted on

openssl rsa public/private keys

kubectl -n hcr create secret tls hcr-tls-secret \
–cert=hcr.homlish.net.2020-10-27.cert.pem \
–key=hcr.homlish.net.2020-10-27.key.pem

kubectl -n default create secret tls test-tls-secret \
–cert=jbox-api.local.homlish.net.2022-02-13.cert.pem\
–key=jbox-api.local.homlish.net.2022-02-13.key.pem

# generate private
openssl genrsa -out private-key2.pem 4096
cp private-key2.pem private-key2-no-lf.pem
awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ private-key2-no-lf.pem > private-key2-no-lf.txt

# generate public
openssl rsa -in private-key.pem -outform PEM -pubout -out public.pem

# remove linefeeds for kubernetes
awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ private-key.pem
awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ public.pem

Great, I see it on the screen. It works if I use it in VS code launch.json.

How do I get it into kubernetes?
$ kubectl create secret generic my-secret –from-file=ssh-privatekey=/path/to/.ssh/id_rsa –from-file=ssh-publickey=/path/to/.ssh/id_rsa.pub

awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ jbox-api.local.homlish.net.2022-02-13.cert.pem > jbox-api.local.homlish.net.2022-02-13.cert.pem.txt
awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ jbox-api.local.homlish.net.2022-02-13.key.pem > jbox-api.local.homlish.net.2022-02-13.key.pem.txt

Posted on

k8s persistent volume

k patch pv imagesdev -p ‘{“spec”:{“claimRef”: null}}’

k0:/home/phomlish/kubernetes/test-pv
k config set-context –current –namespace=kube-public

k apply -f test-image.yaml
k get pod shell-demo
k exec –stdin –tty shell-demo — /bin/bash
k exec shell-demo env

k delete -f shell-demo.yaml

k get pod shell-demo -o wide

k patch pv homlishca -p ‘{“spec”:{“claimRef”: null}}’

Posted on

jenkins

https://www.jenkins.io/doc/book/installing/kubernetes/

jenkins: 10.11.168.251
jenkins-agent: 10.11.168.252

k create namespace jenkins

helm -n jenkins delete jenkins
k delete -f jenkins-persistent-volume.yaml
k create -f jenkins-persistent-volume.yaml
helm install jenkins -n jenkins -f jenkins-values.yaml jenkinsci/jenkins

finally got it workig
http://10.11.168.251

printf $(kubectl get secret –namespace jenkins jenkins -o jsonpath=”{.data.jenkins-admin-password}” | base64 –decode);echo

export POD_NAME=$(kubectl get pods –namespace jenkins -l “app.kubernetes.io/component=jenkins-master” -l “app.kubernetes.io/instance=jenkins” -o jsonpath=”{.items[0].metadata.name}”)
get pods –namespace jenkins -l “app.kubernetes.io/component=jenkins-master” -l “app.kubernetes.io/instance=jenkins” -o jsonpath=”{.items[0].metadata.name}”)

both worked:
lynx http://10.166.32.242:8080/login
lynx http://10.105.174.214:8080/login

want this to work:
lynx http://10.11.169.251/login

we need to create a load balancer with an annotation to match the jenkins pod
helm -n jenkins delete jenkins
k delete -f jenkins-persistent-volume.yaml
k create -f jenkins-persistent-volume.yaml
helm install jenkins -n jenkins -f jenkins-values.yaml jenkinsci/jenkins

k delete -f jenkins-service-ui.yaml
k apply -f jenkins-service-ui.yaml

Continue reading “jenkins”

Posted on

apcupsd

multiple ups devices
https://wiki.debian.org/apcupsd

root@a6:/etc/apcupsd# lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 046d:c31c Logitech, Inc. Keyboard K120
Bus 001 Device 005: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
Bus 001 Device 004: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
Bus 001 Device 003: ID 046d:c077 Logitech, Inc. M105 Optical Mouse
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

root@a6:/etc/apcupsd# udevadm info –attribute-walk –name=/dev/usb/hiddev0 | egrep ‘manufacturer|product|serial’
ATTRS{manufacturer}==”American Power Conversion”
ATTRS{product}==”Back-UPS ES 600M1 FW:928.a8 .D USB FW:a8 ”
ATTRS{serial}==”4B1903P08928 ”
ATTRS{serial}==”0000:00:14.0″
ATTRS{product}==”xHCI Host Controller”
ATTRS{manufacturer}==”Linux 4.19.0-12-amd64 xhci-hcd”
root@a6:/etc/apcupsd# udevadm info –attribute-walk –name=/dev/usb/hiddev1 | egrep ‘manufacturer|product|serial’
ATTRS{manufacturer}==”American Power Conversion”
ATTRS{product}==”Back-UPS 350 FW: 5.4.D USB FW: c1 ”
ATTRS{serial}==”BB0236018154″
ATTRS{serial}==”0000:00:14.0″
ATTRS{manufacturer}==”Linux 4.19.0-12-amd64 xhci-hcd”
ATTRS{product}==”xHCI Host Controller”

root@a6:/etc/apcupsd# ls -l /dev/usb
total 0
crw——- 1 root root 180, 0 Jan 12 05:50 hiddev0
crw——- 1 root root 180, 1 Jan 12 05:50 hiddev1
lrwxrwxrwx 1 root root 7 Jan 12 05:50 ups-server -> hiddev1
lrwxrwxrwx 1 root root 7 Jan 12 05:50 ups-spare -> hiddev1

Continue reading “apcupsd”

Posted on

k8s cheatsheet

k get all –all-namespaces

k -n kube-system get configmap calico-config
k -n kube-system get configmap calico-config -o yaml

kubectl get clusterrolebindings system:node –all-namespaces -o json