az extension add --name aks-preview
az extension update --name aks-preview
az feature register --namespace "Microsoft.ContainerService" --name "KubeProxyConfigurationPreview"
az provider register --namespace "Microsoft.ContainerService"
Philip Schmid PhilipSchmid
PhilipSchmid
/ k8s-kubenurse.yaml
Created
March 28, 2025 14:03
Kubenurse deploy manifest for Kubernetes network latency/issue monitoring (https://github.com/postfinance/kubenurse)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://github.com/postfinance/kubenurse | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: kubenurse | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: |
PhilipSchmid
/ aks-byocni-with-cilium.md
Last active
July 31, 2024 08:46
Azure AKS BYOCNI Cluster with disabled Kube-Proxy (copy & paste for fish shell)
PhilipSchmid
/ privileged-node-debugging-pod.md
Created
February 13, 2024 19:40
Spin up a privileged K8s node debugging Pod with access to the node's filesystem
Optional: Disable PSA
k label ns default pod-security.kubernetes.io/enforce=privileged
k label ns default pod-security.kubernetes.io/audit=privileged # optional
k label ns default pod-security.kubernetes.io/warn=privileged # optionalStart tshoot pod:
echo '
PhilipSchmid
/ deploy-iperf3.yaml
Last active
October 6, 2023 09:41
iperf3 Deployment for Kubernetes network performance tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: iperf3 | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app: iperf3 | |
| template: |
PhilipSchmid
/ pod-hostpath-kubectl-run.yaml
Created
July 18, 2023 11:05
kubectl run Pod with hostPath
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubectl run -it --rm tshoot --overrides=' | |
| { | |
| "spec": { | |
| "containers": [ | |
| { | |
| "name": "tshoot", | |
| "image": "nicolaka/netshoot:latest", | |
| "command": ["/bin/bash"], | |
| "stdin": true, | |
| "stdinOnce": true, |
PhilipSchmid
/ k8s-goldpinger.yaml
Last active
March 28, 2025 14:02
Two Goldpinger DaemonSets (in two different namespaces) to test K8s Pod-to-Pod connectivity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://github.com/bloomberg/goldpinger | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: goldpinger1 | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: |
PhilipSchmid
/ kubeadm-cilium-k8s-cluster.md
Last active
October 20, 2024 06:56
Minimal guide for setting up a kubeadm and containerd based Kubernetes 1.26 cluster with Cilium in kubeproxy-replacement mode (tested on Ubuntu 22.04)
PhilipSchmid
/ 0-minio-readme.md
Last active
December 31, 2023 16:42
Docker-Compose single-host Minio S3 setup using Traefik (Let's Encrypt with DNS-01 challenge via Cloudflare) for TLS offloading.
Tested on Ubuntu 20.04.
Run all commands shown here with root or prepend a sudo to the regarding commands which require higher privileges.
PhilipSchmid
/ quick-k8s-setup.md
Created
March 9, 2022 16:16
Quick & dirty (copy & paste, single-host) Kubernetes setup based on RKE2, Cilium, Nginx and Longhorn
Tested on a Rocky Linux 8.4 VM on DigitalOcean. Run everything as root. Based on RKE2, Cilium, Nginx and Longhorn.
# SELinux
sestatus
setenforce 0
sed -i --follow-symlinks 's/^SELINUX=.*/SELINUX=permissive/g' /etc/sysconfig/selinux && cat /etc/sysconfig/selinux
sestatus
PhilipSchmid
/ rke2-node-cleanup.md
Last active
January 13, 2025 16:30
RKE2 node cleanup statements to clean up a node after a failed Rancher custom cluster installation try
RKE2 Node Cleanup To reset a RKE2 node, run the following commands:
# rke2-(server|agent) related
rke2-killall.sh
rke2-uninstall.sh
# rancher-system-agent related
systemctl stop rancher-system-agent.service
systemctl disable rancher-system-agent.service
rm -f /etc/systemd/system/rancher-system-agent.serviceNewerOlder