Posts

Posted on

k8s Prometheus

Installing Prometheus
2023-09-20

phomlish@a6:~/kubernetes/prometheus/homlish-monitoring
k apply -f k apply -f homlish-monitor-ns.yaml

kubectl create -f clusterRole.yaml

using helm?

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm search repo prometheus-community/prometheus –versions
prometheus-community/prometheus 19.3.1 v2.41.0 Prometheus is a monitoring system and time seri…

helm install 19.3.1 prometheus-community/prometheus

helm -n homlish-monitor delete prometheus

phomlish@a6:~/kubernetes/prometheus$ helm upgrade –install -n homlish-monitor –version 19.3.1 -f values.yaml prometheus prometheus-community/prometheus
NAME: prometheus
LAST DEPLOYED: Wed Oct 11 07:53:06 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
NOTES:
The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:
prometheus-server.default.svc.cluster.local

Get the Prometheus server URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods –namespace default -l “app=prometheus,component=server” -o jsonpath=”{.items[0].metadata.name}”)
kubectl –namespace default port-forward $POD_NAME 9090

The Prometheus alertmanager can be accessed via port on the following DNS name from within your cluster:
prometheus-%!s().default.svc.cluster.local

Get the Alertmanager URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods –namespace default -l “app=prometheus,component=” -o jsonpath=”{.items[0].metadata.name}”)
kubectl –namespace default port-forward $POD_NAME 9093
#################################################################################
###### WARNING: Pod Security Policy has been disabled by default since #####
###### it deprecated after k8s 1.25+. use #####
###### (index .Values “prometheus-node-exporter” “rbac” #####
###### . “pspEnabled”) with (index .Values #####
###### “prometheus-node-exporter” “rbac” “pspAnnotations”) #####
###### in case you still need it. #####
#################################################################################

The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:
prometheus-prometheus-pushgateway.default.svc.cluster.local

Get the PushGateway URL by running these commands in the same shell:
export POD_NAME=$(kubectl get pods –namespace default -l “app=prometheus-pushgateway,component=pushgateway” -o jsonpath=”{.items[0].metadata.name}”)
kubectl –namespace default port-forward $POD_NAME 9091

For more information on running Prometheus, visit:
https://prometheus.io/

Continue reading “k8s Prometheus”

Posted on

janus

systemctl status janus.service
systemctl restart janus.service

more /etc/janus/janus.jcfg
tail -f /usr4/mydetv/logs/janus.log

2021-03-25
Yikes, I’m on version 0.7.6 from 2019-11-27
moving to 0.10.10 from 2021-02-08

Posted on

k8s tls

openssl x509 -in fullchain.pem -text
openssl x509 -in certs/letsencrypt/secure.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/images.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/secure.homlish.net/fullchain.pem -text|grep DNS
openssl x509 -in certs/letsencrypt/homlish.net/fullchain.pem -text|grep DNS

kubectl create secret tls secure-tls –cert=secure.dev.homlish.net.2020-05-14.cert.pem –key=secure.dev.homlish.net.2020-05-14.key.pem

pwd:
w01:images phomlish$ pwd
/Users/phomlish/homlishWeb/certs-letsencrypt/images
scp -P 2222 a0:certs/letsencrypt/images.homlish.net/fullchain.pem .
scp -P 2222 a0:certs/letsencrypt/images.homlish.net/privkey.pem .
k -n homlish-web-prod create secret tls images-tls –cert=fullchain.pem –key=privkey.pem

w01:images phomlish$ pwd
/Users/phomlish/homlishWeb/certs-letsencrypt/secure
scp -P 2222 a0:certs/letsencrypt/secure.homlish.net/fullchain.pem .
scp -P 2222 a0:certs/letsencrypt/secure.homlish.net/privkey.pem .
k -n homlish-web-prod create secret tls secure-tls –cert=fullchain.pem –key=privkey.pem

k -n grafana create secret tls grafana-tls –cert=cert1.pem –key=privkey1.pem

 

kubectl create secret tls hcr-tls -ns hcr –cert=hcr.homlish.net.2020-10-27.cert.pem –key=hcr.homlish.net.2020-10-27.key.pem

kubectl –namespace jukebox-prod create secret tls jukebox-tls –cert=cert.pem –key=privkey.pem
kubectl –namespace jukebox-prod delete secret jukebox-tls

Posted on

kubernetes cert-manager

Automating Certificate Management in a Kubernetes Environment

letsencrypt.homlish.net. IN A 10.11.168.4
cafe.homlish.net. IN A 10.11.168.5
cert-manager.homlish.net. IN A 10.11.168.253

helm install nginx-kic nginx-stable/nginx-ingress –namespace nginx-ingress –set controller.enableCustomResources=true –create-namespace –set controller.enableCertManager=true

helm install nginx-kic nginx-stable/nginx-ingress –namespace nginx-ingress –set controller.enableCustomResources=true –set spec.loadBalancerIP=’10.11.168.4′ –create-namespace –set controller.enableCertManager=true

helm install -f values.yaml –namespace nginx-ingress nginx-kic nginx-stable/nginx-ingress –create-namespace

helm repo add jetstack https://charts.jetstack.io
helm repo update

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.crds.yaml
helm install \
cert-manager jetstack/cert-manager \
–namespace cert-manager \
–create-namespace \
–version v1.10.1

change fw nginx to forward to cert-manager

curl -L -o kubectl-cert-manager.tar.gz https://github.com/jetstack/cert-manager/releases/latest/download/kubectl-cert_manager-linux-amd64.tar.gz
wget https://github.com/jetstack/cert-manager/releases/latest/download/kubectl-cert_manager-linux-amd64.tar.gz

Continue reading “kubernetes cert-manager”

Posted on

geoip maxmind

https://github.com/maxmind/libmaxminddb
https://github.com/maxmind/MaxMind-DB-Reader-php

sudo apt install libmaxminddb0 libmaxminddb-dev mmdb-bin

wget https://github.com/maxmind/MaxMind-DB-Reader-php/archive/v1.8.0.tar.gz
tar xzf v1.8.0.tar.gz
cd MaxMind-DB-Reader-php-1.8.0/
cd ext
./configure –with-php-config=/usr/local/apache2/php/bin/php-config
make
make test
sudo make install

vi /usr/local/apache2/php/php.ini
extension=maxminddb.so

Posted on

openssl rsa public/private keys

kubectl -n hcr create secret tls hcr-tls-secret \
–cert=hcr.homlish.net.2020-10-27.cert.pem \
–key=hcr.homlish.net.2020-10-27.key.pem

kubectl -n default create secret tls test-tls-secret \
–cert=jbox-api.local.homlish.net.2022-02-13.cert.pem\
–key=jbox-api.local.homlish.net.2022-02-13.key.pem

# generate private
openssl genrsa -out private-key2.pem 4096
cp private-key2.pem private-key2-no-lf.pem
awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ private-key2-no-lf.pem > private-key2-no-lf.txt

# generate public
openssl rsa -in private-key.pem -outform PEM -pubout -out public.pem

# remove linefeeds for kubernetes
awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ private-key.pem
awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ public.pem

Great, I see it on the screen. It works if I use it in VS code launch.json.

How do I get it into kubernetes?
$ kubectl create secret generic my-secret –from-file=ssh-privatekey=/path/to/.ssh/id_rsa –from-file=ssh-publickey=/path/to/.ssh/id_rsa.pub

awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ jbox-api.local.homlish.net.2022-02-13.cert.pem > jbox-api.local.homlish.net.2022-02-13.cert.pem.txt
awk ‘NF {sub(/\r/, “”); printf “%s\\n”,$0;}’ jbox-api.local.homlish.net.2022-02-13.key.pem > jbox-api.local.homlish.net.2022-02-13.key.pem.txt

Posted on

k8s persistent volume

k patch pv imagesdev -p ‘{“spec”:{“claimRef”: null}}’

k0:/home/phomlish/kubernetes/test-pv
k config set-context –current –namespace=kube-public

k apply -f test-image.yaml
k get pod shell-demo
k exec –stdin –tty shell-demo — /bin/bash
k exec shell-demo env

k delete -f shell-demo.yaml

k get pod shell-demo -o wide

k patch pv homlishca -p ‘{“spec”:{“claimRef”: null}}’

Posted on

jenkins

https://www.jenkins.io/doc/book/installing/kubernetes/

jenkins: 10.11.168.251
jenkins-agent: 10.11.168.252

k create namespace jenkins

helm -n jenkins delete jenkins
k delete -f jenkins-persistent-volume.yaml
k create -f jenkins-persistent-volume.yaml
helm install jenkins -n jenkins -f jenkins-values.yaml jenkinsci/jenkins

finally got it workig
http://10.11.168.251

printf $(kubectl get secret –namespace jenkins jenkins -o jsonpath=”{.data.jenkins-admin-password}” | base64 –decode);echo

export POD_NAME=$(kubectl get pods –namespace jenkins -l “app.kubernetes.io/component=jenkins-master” -l “app.kubernetes.io/instance=jenkins” -o jsonpath=”{.items[0].metadata.name}”)
get pods –namespace jenkins -l “app.kubernetes.io/component=jenkins-master” -l “app.kubernetes.io/instance=jenkins” -o jsonpath=”{.items[0].metadata.name}”)

both worked:
lynx http://10.166.32.242:8080/login
lynx http://10.105.174.214:8080/login

want this to work:
lynx http://10.11.169.251/login

we need to create a load balancer with an annotation to match the jenkins pod
helm -n jenkins delete jenkins
k delete -f jenkins-persistent-volume.yaml
k create -f jenkins-persistent-volume.yaml
helm install jenkins -n jenkins -f jenkins-values.yaml jenkinsci/jenkins

k delete -f jenkins-service-ui.yaml
k apply -f jenkins-service-ui.yaml

Continue reading “jenkins”