Skip to content

Instantly share code, notes, and snippets.

View axeal's full-sized avatar

Alex Seymour axeal

View GitHub Profile
TS=`date -u +"%Y-%m-%d_%H%M"`
pprofs=( goroutine heap threadcreate block mutex )
for pod in $(kubectl -n cattle-system get pods --no-headers -l app=rancher -o custom-columns=":.metadata.name"); do
echo "getting profile for $pod..."
for pp in ${pprofs[@]}; do
echo "--> generating $pp..."
kubectl -n cattle-system exec $pod -c rancher -- curl -s http://localhost:6060/debug/pprof/$pp -o $pp
done
echo "--> taring it up..."
kubectl -n cattle-system exec $pod -c rancher -- tar -czf debug-pprof.tar.gz $pprofs
#!/bin/bash
export PATH=./:$PATH
# Determine OS and architecture
case $(uname -s) in
Linux*) os="linux" ;;
Darwin*) os="darwin" ;;
*) echo "Unsupported OS detected"; exit;;
esac
@axeal
axeal / keybase.md
Created September 13, 2019 20:12
keybase.md

Keybase proof

I hereby claim:

  • I am axeal on github.
  • I am aseymour (https://keybase.io/aseymour) on keybase.
  • I have a public key ASCGMenvMgcdnlB78gtpUFRH_bIJgMIvF8mEDE01BtlFIAo

To claim this, I am signing this object:

#cloud-config
rancher:
console: debian
---
title: "Kubernetes certificate expiry and rotation in Rancher Kubernetes clusters"
author: alex-seymour
date: 2019-06-14
description: "This guide details how to rotate certificates for Rancher launched, and Rancher Kubernetes Engine CLI provisioned, Kubernetes clusters, both before expiry when certificates are still valid, and also in the event that the certificates have already expired."
type: "blog"
tags: [Kubernetes, RKE, Rancher, Certificates]
categories: [blog]
image: "/img/featured-images/featured-images_security.png"
URL: /blog/2019/kubernetes-certificate-expiry-and-rotation-in-rancher-kubernetes-clusters
@axeal
axeal / podsecurity.yml
Created April 18, 2019 11:45
Demonstrate overriding restricted PodSecurityPolicy in one namespace
apiVersion: v1
kind: Namespace
metadata:
name: psp-override
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: default-psp-role
namespace: psp-override
@axeal
axeal / cloud-config
Last active April 16, 2019 14:10
rancheros-cloud-config
#cloud-config
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCxe63//4ctYWj+BNev+Zx4yiyk/MJ8JOaIQb39QtmI56vrSnMbaYAogfpvRusFapRhJqcsfyW6qTl0mcQbPYFS9nVTLcfdt7gTDSzJRDeQJI4Y78L+tKuneD5RXxivqdVbLmzSpIix31nZ11DBPF/AES0zlr3qopSKVS7tbcxvESa/5JRe1kTBPVOWhBVmg8iKeuHW8vHPCchrPaF4x3Mx4/SgIVvmbTDrNy85dsbO5B8bjWDpwdXPU9xLzrPTr5nhhNSXIFPw6omDdJiNWTfLXizGJ6D2LbQw+m8aJIuGFDFp2/UiWHn9vH3Jx/AYWP4MCezX8fpbiDM9/ud6nmwNLUhKN4ZaXZhweyMgHiPPJnQ4B3fiTKJHnS4ma2S3BurOhoHfW0aregACKFGL+t8otCxtpxrJndmyOoRIoV2xIi6QCemcXanmI8J/+Yes3p+XZ4SZ7M4gGoRrDgaU3NMDVIYkuPEDdq3xcNRbKAAn6EMkPvYJOWO9ioEFsccX5oKn7ObPVI1LBZc1ZsGO4NsfFG8t+oa2MTECzoo9lVwbLy6Fk1qD52QnyI2o4PwTMVsyDMoRONdqFioUT2aj2xIwOHyCRwgDfpDqsefwiEj+uc3kcVLsv8BqKmnPvnpfhUpsl0b2/94qfN+Qu2ss+EdBVNlkl3Pq9bgHRjzY53h/Q==
mounts:
- ["/dev/sdb1", "/var/log", "ext4", ""]
- ["/dev/sdc1", "/var/lib/system-docker", "ext4", ""]
- ["/dev/sdd1", "/mnt/docker", "ext4", ""]
rancher:
state:
fstype: ext4
@axeal
axeal / kubelet-nodefs-imagefs.sh
Last active April 5, 2019 15:59 — forked from superseb/kubelet-nodefs-imagefs.sh
Check kubelet nodefs/imagefs
#!/bin/bash
# nodefs
# OS with curl
curl -sLk --cacert /etc/kubernetes/ssl/kube-ca.pem --cert /etc/kubernetes/ssl/kube-node.pem --key /etc/kubernetes/ssl/kube-node-key.pem https://127.0.0.1:10250/stats/summary | jq '.node.fs'
df -B1 /
# RancherOS
docker run -v /opt/rke/etc/kubernetes/ssl:/etc/kubernetes/ssl:ro --net host appropriate/curl -sLk --cacert /etc/kubernetes/ssl/kube-ca.pem --cert /etc/kubernetes/ssl/kube-node.pem --key /etc/kubernetes/ssl/kube-node-key.pem https://127.0.0.1:10250/stats/summary | jq '.node.fs'
df /