Sign in

Velero is a great tool to do full backup/restore your k8s cluster ,but sometime you need to clean install it this is how.

#!/bin/bashvelero uninstall
kubectl delete ns velero
kubectl delete ResticRepository -n velero $(kubectl get ResticRepository -n velero -o jsonpath='{.items[*]}')
velero install \
-n velero \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.2.1 \
--bucket velero \
--secret-file ./credentials-velero \
--default-volumes-to-restic=true \
--use-volume-snapshots=true \
--backup-location-config region=minio,s3ForcePathStyle="true",s3Url= \
--use-restic --wait -n velero ; kubectl logs -f deployment/velero -n velero


kubectl get BackupStorageLocation default -n velero  -o yaml


VirtualBox is my best friend for my Ansible testing and I need to re-create VMs all the time this is how

cd C:\Program Files\Oracle\VirtualBoxVBoxManage clonevm s201 --name="s201c1"  --snapshot s1 --options=keepallmacs,Link  --registerVBoxManage clonevm s202 --name="s202c1"  --snapshot s1 --options=keepallmacs,Link  --registerVBoxManage clonevm s203 --name="s203c1"  --snapshot s1 --options=keepallmacs,Link  --registerVBoxManage clonevm w204 --name="w204c1"  --snapshot s1 --options=keepallmacs,Link  --registerVBoxManage startvm s201c1 --type headlessVBoxManage startvm s202c1 --type headlessVBoxManage startvm s203c1 --type headlessVBoxManage startvm w204c1 --type headless

that’s all

No need config map or config template file. just 2 ENVs can do this

value: x_custom_format escape=json '{"time_local":"$time_local","remote_addr":"$remote_addr","server_addr":"$server_addr","scheme":"$scheme","host":"$host","status":$status,"request_method":"$request_method","uri":"$uri","qu
value: logs/access.log x_custom_format

Note: The value must in single line


filter {
ruby {
code => "event.set('[][index]', event.get('[]').time.localtime.strftime('%Y-%m-%d-%H'))"
ruby {
code => "event.set('[][timestamp]', event.get('[]').time.localtime.strftime('%Y-%m-%d %H:%M:%S.%L'))"
input {
beats {
port => 1221
filter {
mutate {
lowercase => [ "[host][name]" ]
output {
file {
path => "/data/log/%{[host][name]}.server.log.%{[][index]}"
codec => line { format => "%{[host][name]} %{message}"}

or use this for daily rotate

ruby {
code => "event.set('[][index]', event.get('[]').time.localtime.strftime('%Y-%m-%d'))"

Done. it’s easy when you know it.


My cluster is getting bigger now 4,000+ running pod and sometimes
Weave net not work well. This is how to change Weave net to Calico:

#remove weave
kubectl delete -f weave.yml
#run as root to all servers - clear old virtual interface
rm /etc/cni/net.d/*weave*
ls -l /sys/class/net|grep virtual|grep -v -E "/lo$|/bond0$"|awk {'print $(NF-2)'}|xargs -I{} ifconfig {} down
ls -l /sys/class/net|grep virtual|grep -v -E "/lo$|/bond0$"|awk {'print $(NF-2)'}|xargs -I{} ip link delete {}
/opt/cni/bin/weave-net delete-datapath datapath
iptables -t nat -F && iptables -t mangle -F && iptables -F && iptables -X
systemctl restart kubelet
#rollout restart deploy/coredns
kubectl rollout restart -n kube-system…

Yes, someday you may need this.

  1. Do it soft way.

This one takes some time to finish. Depends on the number of POD in your cluster.

kubectl get ns -o name|awk -F/ {'print $2'} |grep -vE "^kube-system$"| xargs -I{} kubectl -n {} rollout restart deploy
kubectl get ns -o name|awk -F/ {'print $2'} |grep -vE "^kube-system$"| xargs -I{} kubectl -n {} rollout restart ds
kubectl get ns -o name|awk -F/ {'print $2'} |grep -vE "^kube-system$"| xargs -I{} kubectl -n {} rollout restart sts

2. Do it hard way.

#!/bin/bashfor i in $(kubectl get pods -A|grep -vE "^NAMESPACE|^kube-system"|shuf|awk {'print $1","$2'})…

Some of my cluster still running on Docker and this is how.

I wanted to know what is PID 25893 belongs to.

$ ./  25893
"Labels": {
"": "2021-03-23T11:40:30.983086928+08:00",
"": "api",
"app": "elasticsearch-master",
"chart": "elasticsearch",
"controller-revision-hash": "elasticsearch-master-75b6469f4b",
"": "POD",
"io.kubernetes.docker.type": "podsandbox",
"": "elasticsearch-master-1",
"io.kubernetes.pod.namespace": "client-stat-ts",
"io.kubernetes.pod.uid": "fcadf0c6-b5c9-411a-bd8b-7718a74e187e",
"release": "elasticsearch",
"": "elasticsearch-master-1"

Yes it’s elasticsearch-master node.


#!/bin/bashCID=$(grep hostname /proc/$1/mountinfo |awk {'print $4'}|awk -F / {'print $3'})
docker inspect $CID

That is all.

This is my first time facing this problem. My crontab didn’t run and got empty output.

Simple solution, just run it on screen.

0 * * * * cd /home/jbn1233/monitor ; screen -L -dm bash -c './; exit'

This will create new screen, run command and then exit the screen.

“bash -c” for run multiple command in screen

“-L” for screen output log to file



My old laptop can’t stand Windows 10. So I back to Windows 7 this is an issue you will found:

  • Can’t activate the Windows even you have an OEM key.
  • Windows update is not working. it took some time to load and came up with error.
  • and more…

A few updates will help

  • NDP47-KB3186497-x86-x64-AllOS-ENU
  • kb4490628
  • kb4474419
  • kb4534310

apply its by this order.


wget  -O

After run “” stop the VPN and update configuration file to:

port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
verb 1
crl-verify crl.pem
log-append /var/log/openvpn.log

then start OpenVPN server with this command:

/usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --duplicate-cn --config /etc/openvpn/server/server.conf

Ps. yes I know this one is TCP.


Very short and simple notes for CKA/SRE and may not works on your environment.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store