k8s sandbox

FAILED!!!
I can access the 5 pods but not the serice

https://kubernetes.io/docs/tutorials/stateless-application/expose-external-ip-address/

kubectl expose deployment hello-world –type=NodePort –name=example-service

I wanted to force a nodeport
I wish I could figure out a yaml for this but ended up with this becaue the yaml always said endpoints:none

so I used:
kubectl expose deployment hello-world –type=NodePort –name=example-service –overrides ‘{ “apiVersion”: “v1″,”spec”:{“ports”:[{“port”:8080,”protocol”:”TCP”,”targetPort”:8080,”nodePort”:30031}]}}’

works:
curl http://10.110.245.152:8080

but on a0 does not work:
curl http://10.110.245.152:8080

k describe deployment hello-world
Name: hello-world
Namespace: default
CreationTimestamp: Wed, 28 Oct 2020 03:05:08 -0400
Labels: app.kubernetes.io/name=load-balancer-example
Annotations: deployment.kubernetes.io/revision: 1
Selector: app.kubernetes.io/name=load-balancer-example
Replicas: 5 desired | 5 updated | 5 total | 5 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app.kubernetes.io/name=load-balancer-example
Containers:
hello-world:
Image: gcr.io/google-samples/node-hello:1.0
Port: 8080/TCP
Host Port: 0/TCP
Environment:
Mounts:
Volumes:
Conditions:
Type Status Reason
—- —— ——
Progressing True NewReplicaSetAvailable
Available True MinimumReplicasAvailable
OldReplicaSets:
NewReplicaSet: hello-world-6df5659cb7 (5/5 replicas created)
Events:

kubectl expose deployment hello-world –type=NodePort –name=example-service

phomlish@k0:~$ kubectl describe services example-service
Name: example-service
Namespace: default
Labels: app.kubernetes.io/name=load-balancer-example
Annotations:
Selector: app.kubernetes.io/name=load-balancer-example
Type: NodePort
IP: 10.110.245.152
Port: 8080/TCP
TargetPort: 8080/TCP
NodePort: 30140/TCP
Endpoints: 10.166.32.215:8080,10.166.32.222:8080,10.166.32.233:8080 + 2 more…
Session Affinity: None
External Traffic Policy: Cluster
Events:

k get endpoints example-service -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: “2020-11-01T09:23:22Z”
creationTimestamp: “2020-11-01T09:23:22Z”
labels:
app.kubernetes.io/name: load-balancer-example
managedFields:
– apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:endpoints.kubernetes.io/last-change-trigger-time: {}
f:labels:
.: {}
f:app.kubernetes.io/name: {}
f:subsets: {}
manager: kube-controller-manager
operation: Update
time: “2020-11-01T09:23:22Z”
name: example-service
namespace: default
resourceVersion: “1485713”
selfLink: /api/v1/namespaces/default/endpoints/example-service
uid: 27c316f9-57d6-413b-93ca-20458d875925
subsets:
– addresses:
– ip: 10.166.32.215
nodeName: k0
targetRef:
kind: Pod
name: hello-world-6df5659cb7-fjqrc
namespace: default
resourceVersion: “1472538”
uid: e870d96c-07a4-435f-a57c-88307b3dda3f
– ip: 10.166.32.222
nodeName: k0
targetRef:
kind: Pod
name: hello-world-6df5659cb7-n9klg
namespace: default
resourceVersion: “1472588”
uid: c2965c4c-c679-4519-8f5e-f4cca25b1942
– ip: 10.166.32.233
nodeName: k0
targetRef:
kind: Pod
name: hello-world-6df5659cb7-5x6wb
namespace: default
resourceVersion: “1472473”
uid: ff188c54-dab9-4d27-a301-06ea256c0588
– ip: 10.166.32.236
nodeName: k0
targetRef:
kind: Pod
name: hello-world-6df5659cb7-9x9lx
namespace: default
resourceVersion: “1472726”
uid: 55a09551-9136-4e23-aa14-c18fbada63f4
– ip: 10.166.32.242
nodeName: k0
targetRef:
kind: Pod
name: hello-world-6df5659cb7-9fdzx
namespace: default
resourceVersion: “1472578”
uid: abd01d7a-be6b-4aaa-900e-d8d2f54a1831
ports:
– port: 8080
protocol: TCP

Name: example-service
Namespace: default
Labels: name=load-balancer-example
Annotations:
Selector: app=load-balancer-example
Type: NodePort
IP: 10.97.241.235
Port: ihttpd 8080/TCP
TargetPort: 8080/TCP
NodePort: ihttpd 30163/TCP
Endpoints:
Session Affinity: None
External Traffic Policy: Cluster
Events:

from a0
curl http://10.11.1.70:30140

certificates let’s encrypt

let’s encrypt

debian installs an old version of certbot
2021-06-29:
root@a0:/etc/letsencrypt# certbot –version
certbot 0.31.0
so we downloaded from git:
root@a0:/etc/letsencrypt# /home/phomlish/certbot/venv3/bin/certbot –version
certbot 1.15.0

certbot renewals are running from:
root@a0:/etc/letsencrypt# cat /etc/cron.d/certbot
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven’t been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
#
# Important Note! This cronjob will NOT be executed if you are
# running systemd as your init system. If you are running systemd,
# the cronjob.timer function takes precedence over this cronjob. For
# more details, see the systemd.timer manpage, or use systemctl show
# certbot.timer.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /home/phomlish/certbot/venv3/bin/certbot -a \! -d /run/systemd/system && perl -e ‘sleep int(rand(43200))’ && /home/phomlish/certbot/venv3/bin/certbot -q renew

but it seems maybe I am running certbot.timer
root@a0:/etc/letsencrypt# systemctl status certbot.timer
● certbot.timer – Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Tue 2021-06-29 00:27:05 EDT; 17min ago
Trigger: Tue 2021-06-29 13:20:59 EDT; 12h left

Jun 29 00:27:05 a0 systemd[1]: Stopped Run certbot twice daily.
Jun 29 00:27:05 a0 systemd[1]: Stopping Run certbot twice daily.
Jun 29 00:27:05 a0 systemd[1]: Started Run certbot twice daily.

I had trouble finding the file:
/etc/systemd/system/certbot-renewal.service
they were hiding here:
/usr/lib/systemd/system/certbot.service
/usr/lib/systemd/system/certbot.timer

systemctl restart certbot.timer
systemctl restart certbot.service

# this will show hosts:
openssl x509 -in fullchain.pem -text
# DNS:blog.homlish.net, DNS:homlish.net, DNS:joesfigtrees.com, DNS:mail.homlish.net, DNS:mail.joesfigtrees.com, DNS:pjhiii.homlish.net, DNS:recipes.homlish.net, DNS:www.homlish.net, DNS:www.joesfigtrees.com

certbot certonly –webroot –dry-run -d secure.homlish.net /usr3/web/http/

****** homlish-net
certbot certonly –webroot -w /usr3/web/http –dry-run \
-d homlish.net \
-d blog.homlish.net \
-d mail.homlish.net \
-d pjhiii.homlish.net \
-d recipes.homlish.net \
-d www.homlish.net

certbot certonly –webroot -w /usr3/web/http \
-d homlish.net \
-d blog.homlish.net \
-d mail.homlish.net \
-d pjhiii.homlish.net \
-d recipes.homlish.net \
-d www.homlish.net

certbot certonly –webroot -w /usr3/web/http/ –dry-run \
-d mydetv.com,www.mydetv.com \
-d swarm.mydetv.com,swarm.dev.mydetv.com,swarm.local.mydetv.com,swarm.staging.mydetv.com \
-d mail.mydetv.com \
-d mydelawaretv.com,www.mydelawaretv.com,mail.mydelawaretv.com

certbot certonly –webroot -w /usr3/web/http/ \
-d mydetv.com,www.mydetv.com \
-d swarm.mydetv.com,swarm.dev.mydetv.com,swarm.local.mydetv.com,swarm.staging.mydetv.com \
-d mail.mydetv.com \
-d mydelawaretv.com,www.mydelawaretv.com,mail.mydelawaretv.com

sudo certbot delete –cert-name mydelawaretv.com

certbot certonly –webroot -w /usr3/web/http/ –dry-run -d jplay.homlish.net -d jukebox.homlish.net
certbot certonly –webroot -w /usr3/web/http/ -d jplay.homlish.net -d jukebox.homlish.net

certbot certonly –webroot -w /usr3/web/http/ -d grafana.homlish.net

Master Controller Details

Master: if studio not active mute red/blue/white.
Change the way green works.

studio active
on: master connected, sql connected, a2 connected
flash: master connected, sql or a2 not connected
double: master not connected
off: slave not running

studio inactive
on: master connected
off: master not connected
also red/blue/white off

todo:
switch lights
motion/light box
add switches to bench box
sump pump switch

bench box
7 lights
7 switches & 7 lights

aux box
motion sensor
light sensor

goal:

pin desc
0 ADC0
1 ADC1
2 Relay0 white
3 Relay1 yellow
4 Relay2 red
5 Relay3 blue
6 Relay4 green
7 Relay5 yellow bottom
8 Relay6 blue bottom buzzer
9 SW0 t1 broadcast
10 SW1 p1 applause
11 SW2 p2 laughter
12 SW3 p3 jukebox
13 SW4 p4
14 SW5 t2 motion
15 SW6 t3 sump pump

2 ADC inputs
photocell IO0
POT IO1

7 relays
7 lights red/green/yellow/blue/white/unk

7 switches w/ lights?
toggle broadcast
push random applause
push random laugh
push jukebox silent
motion sensor
sump pump IO15
one more

hardware bit definition:
2 adc (0-1) 7 lights (2-8) 7 switches (9-15)

iodirMask 1111 1111 1111 1111
iodirValue 1111 1110 0000 0011
light mask 0000 0001 1111 1100
switch mask 1111 1110 0000 0000

gpio lights 20mA
color changing: 3.2V
@ 5V
2.0-2.2V red, yellow @ 2.2V = 140Ω (150Ω)
3.0-3.2V white,blue,green @ 3.2V = 90Ω (100Ω)
@ 12V
2.0-2.2V red, yellow @ 2.2V = 490Ω (510Ω)
3.0-3.2V white,blue,green @ 3.2V = 440Ω (470Ω)
3.4V white 3mm = 430Ω (470Ω)

Maximum current drawn by digital circuitry 300mA
Maximum IO source current : IO0 – IO7 2mA
Maximum IO sink current : IO0 – IO7 2mA
Maximum IO source current : IO8 – IO15 8mA
Maximum IO sink current : IO8 – IO15 8mA
Recommended Impedance of Analog Voltage Source 2.5KΩ

Switch
DD: Pin No.2 of the header marked as ICSP. This pin has VDD always available and can source more current compared to an IO port. VDD=3.3V. Using this recommendation uses 33 mA

Ohm’s Law
E = I x R
I = E / R
R = E / I
E=Volts
I=Current
R=Resistance

 

Voltage Divider

LED Resistance Calculator

Thermistor
00C = 273.15 Kelvin
(C × 9/5) + 32
10KΩ @ 25°C @ 77°F
12.6KΩ @ 20°C @ 68°F
8KΩ @ 30°C @ 86°F

float steinhart;
steinhart = average / THERMISTORNOMINAL; // (R/Ro)
steinhart = log(steinhart); // ln(R/Ro)
steinhart /= BCOEFFICIENT; // 1/B * ln(R/Ro)
steinhart += 1.0 / (TEMPERATURENOMINAL + 273.15); // + (1/To)
steinhart = 1.0 / steinhart; // Invert
steinhart -= 273.15; // convert to C

Motion sensor
off:
on:

Master Controller

The master controller is a hardware/software combination that controls and monitors physical devices.  Using a USB device switch states are detected and lights/relays are activated.

Original Design

Parallel Port controlled
Check out that huge power supply.

Parallel Port controlled

Parallel Port controlled
Figuring out where all the wires went.
Lights/Switches
Some wires went to the studio lights & switches

New Equipment

Motion, Temperature, Light sensors
Sump Pump relay
Sump Pump relay
Sump Pump relay
Sump Pump relay

New Design

mounted slave

Zone Minder

Upgrade cameras

IP cameras w/ POE $1000

Ethernet cable
$109 500′ outdoor

16 port (8 w/POE) Ethernet switch
$115 Linksys LGS116P 80 Watts

Computer $1000
2 ethernet
32 meg ram
loads of HD space

matomo

I don’t like using javascript embedded on all my web pages. Also that didn’t properly log the source ip in the wordpress plugin.

Reference:

How to use Log Analytics tool


https://github.com/matomo-org/matomo-log-analytics/#readme

3 homlish.net
22 mydetv.com, mydelawaretv.com
23 madbuffaloproductions.com
24 joesfigtrees.com

httpd.conf.logging
# we'll turn these on and matomo won't need to do it
HostnameLookups on

ErrorLog "logs/error_log"
LogLevel warn rewrite:trace3
LogLevel warn
# using matomo recommended
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhost
#CustomLog "logs/homlish.net" combinedvhost
CustomLog "logs/undefined" combinedvhost

# a0 has 12 cores, we’ll give this 6
# –log-format-name=common_complete is for apache logs
CustomLog “||/usr/bin/python3 /usr3/web/matomo/misc/log-analytics/import_logs.py \
–enable-http-errors \
–enable-http-redirects \
–enable-bots \
–enable-static \
–url=https://matomo.homlish.net \
–accept-invalid-ssl-certificate \
–idsite=1234 \
–recorders=6 \
–recorder-max-payload-size=1 \
–log-format-name=common_complete \
-” combinedvhost

didn’t use:
–debug \
–output=/var/log/httpd/matomo-debug.log \

Server Version: Apache/2.4.39 (Unix) OpenSSL/1.1.1c mod_fcgid/2.3.9 PHP/7.3.7
Matomo version: 3.11.0
MySQL version: 10.3.15-MariaDB-1