Sign in

Velero is a great tool to do full backup/restore your k8s cluster ,but sometime you need to clean install it this is how.

#!/bin/bashvelero uninstall
kubectl delete ns velero
kubectl delete ResticRepository -n velero $(kubectl get ResticRepository -n velero -o jsonpath='{.items[*].metadata.name}')
velero install \
-n velero \
--provider aws \
--plugins velero/velero-plugin-for-aws:v1.2.1 \
--bucket velero \
--secret-file ./credentials-velero \
--default-volumes-to-restic=true \
--use-volume-snapshots=true \
--backup-location-config region=minio,s3ForcePathStyle="true",s3Url= \
--use-restic --wait -n velero ; kubectl logs -f deployment/velero -n velero

verify

kubectl get BackupStorageLocation default -n velero  -o yaml

done


VirtualBox is my best friend for my Ansible testing and I need to re-create VMs all the time this is how

cd C:\Program Files\Oracle\VirtualBoxVBoxManage clonevm s201 --name="s201c1"  --snapshot s1 --options=keepallmacs,Link  --registerVBoxManage clonevm s202 --name="s202c1"  --snapshot s1 --options=keepallmacs,Link  --registerVBoxManage clonevm s203 --name="s203c1"  --snapshot s1 --options=keepallmacs,Link  --registerVBoxManage clonevm w204 --name="w204c1"  --snapshot s1 --options=keepallmacs,Link  --registerVBoxManage startvm s201c1 --type headlessVBoxManage startvm s202c1 --type headlessVBoxManage startvm s203c1 --type headlessVBoxManage startvm w204c1 --type headless

that’s all


No need config map or config template file. just 2 ENVs can do this

- name: KONG_NGINX_HTTP_LOG_FORMAT
value: x_custom_format escape=json '{"time_local":"$time_local","remote_addr":"$remote_addr","server_addr":"$server_addr","scheme":"$scheme","host":"$host","status":$status,"request_method":"$request_method","uri":"$uri","qu
ery_string":"$query_string","server_protocol":"$server_protocol","bytes_sent":$bytes_sent,"body_bytes_sent":$body_bytes_sent,"request_length":$request_length,"http_referrer":"$http_referer","http_user_agent":"$http_user_agent","requ
est_time":"$request_time","upstream_response_time":"$upstream_response_time","upstream_addr":"$upstream_addr","http_content_type":"$sent_http_content_type","upstream_host":"$upstream_host"}'
- name: KONG_PROXY_ACCESS_LOG
value: logs/access.log x_custom_format

Note: The value must in single line

Done.


filter {
ruby {
code => "event.set('[][index]', event.get('[]').time.localtime.strftime('%Y-%m-%d-%H'))"
}
ruby {
code => "event.set('[][timestamp]', event.get('[]').time.localtime.strftime('%Y-%m-%d %H:%M:%S.%L'))"
}
}
input {
beats {
port => 1221
}
}
filter {
mutate {
lowercase => [ "[host][name]" ]
}
}
output {
file {
path => "/data/log/%{[host][name]}.server.log.%{[][index]}"
codec => line { format => "%{[host][name]} %{message}"}
}
}

or use this for daily rotate

ruby {
code => "event.set('[][index]', event.get('[]').time.localtime.strftime('%Y-%m-%d'))"
}

Done. it’s easy when you know it.

refer:


My cluster is getting bigger now 4,000+ running pod and sometimes
Weave net not work well. This is how to change Weave net to Calico:

#remove weave
kubectl delete -f weave.yml
#run as root to all servers - clear old virtual interface
rm /etc/cni/net.d/*weave*
ls -l /sys/class/net|grep virtual|grep -v -E "/lo$|/bond0$"|awk {'print $(NF-2)'}|xargs -I{} ifconfig {} down
ls -l /sys/class/net|grep virtual|grep -v -E "/lo$|/bond0$"|awk {'print $(NF-2)'}|xargs -I{} ip link delete {}
/opt/cni/bin/weave-net delete-datapath datapath
iptables -t nat -F && iptables -t mangle -F && iptables -F && iptables -X
systemctl restart kubelet
#rollout restart deploy/coredns
kubectl rollout restart -n kube-system…

Yes, someday you may need this.

  1. Do it soft way.

This one takes some time to finish. Depends on the number of POD in your cluster.

kubectl get ns -o name|awk -F/ {'print $2'} |grep -vE "^kube-system$"| xargs -I{} kubectl -n {} rollout restart deploy
kubectl get ns -o name|awk -F/ {'print $2'} |grep -vE "^kube-system$"| xargs -I{} kubectl -n {} rollout restart ds
kubectl get ns -o name|awk -F/ {'print $2'} |grep -vE "^kube-system$"| xargs -I{} kubectl -n {} rollout restart sts

2. Do it hard way.

#!/bin/bashfor i in $(kubectl get pods -A|grep -vE "^NAMESPACE|^kube-system"|shuf|awk {'print $1","$2'})…

Some of my cluster still running on Docker and this is how.

I wanted to know what is PID 25893 belongs to.

$ ./pidInfo.sh  25893
[
{
...
...
...
"Labels": {
"annotation.kubernetes.io/config.seen": "2021-03-23T11:40:30.983086928+08:00",
"annotation.kubernetes.io/config.source": "api",
"app": "elasticsearch-master",
"chart": "elasticsearch",
"controller-revision-hash": "elasticsearch-master-75b6469f4b",
"io.kubernetes.container.name": "POD",
"io.kubernetes.docker.type": "podsandbox",
"io.kubernetes.pod.name": "elasticsearch-master-1",
"io.kubernetes.pod.namespace": "client-stat-ts",
"io.kubernetes.pod.uid": "fcadf0c6-b5c9-411a-bd8b-7718a74e187e",
"release": "elasticsearch",
"statefulset.kubernetes.io/pod-name": "elasticsearch-master-1"
},
},
...
...
...

Yes it’s elasticsearch-master node.

cat podInfo.sh

#!/bin/bashCID=$(grep hostname /proc/$1/mountinfo |awk {'print $4'}|awk -F / {'print $3'})
docker inspect $CID

That is all.


This is my first time facing this problem. My crontab didn’t run and got empty output.

Simple solution, just run it on screen.

0 * * * * cd /home/jbn1233/monitor ; screen -L -dm bash -c './chk_all.sh; exit'

This will create new screen, run command and then exit the screen.

“bash -c” for run multiple command in screen

“-L” for screen output log to file

Done.

refer:


My old laptop can’t stand Windows 10. So I back to Windows 7 this is an issue you will found:

  • Can’t activate the Windows even you have an OEM key.
  • Windows update is not working. it took some time to load and came up with error.
  • and more…

A few updates will help

  • NDP47-KB3186497-x86-x64-AllOS-ENU
  • kb4490628
  • kb4474419
  • kb4534310

apply its by this order.

done.


wget  -O openvpn-install.sh

After run “openvpn-install.sh” stop the VPN and update configuration file to:

local 192.168.0.63
port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.0.63"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 1
crl-verify crl.pem
log-append /var/log/openvpn.log

then start OpenVPN server with this command:

/usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --duplicate-cn --config /etc/openvpn/server/server.conf

Ps. yes I know this one is TCP.

Jbn1233

Very short and simple notes for CKA/SRE and may not works on your environment.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store