I hereby claim:
- I am axeal on github.
- I am aseymour (https://keybase.io/aseymour) on keybase.
- I have a public key ASCGMenvMgcdnlB78gtpUFRH_bIJgMIvF8mEDE01BtlFIAo
To claim this, I am signing this object:
Alex Seymour axeal
axeal
/ kubelet-nodefs-imagefs.sh
Last active
April 5, 2019 15:59
— forked from superseb/kubelet-nodefs-imagefs.sh
Check kubelet nodefs/imagefs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # nodefs | |
| # OS with curl | |
| curl -sLk --cacert /etc/kubernetes/ssl/kube-ca.pem --cert /etc/kubernetes/ssl/kube-node.pem --key /etc/kubernetes/ssl/kube-node-key.pem https://127.0.0.1:10250/stats/summary | jq '.node.fs' | |
| df -B1 / | |
| # RancherOS | |
| docker run -v /opt/rke/etc/kubernetes/ssl:/etc/kubernetes/ssl:ro --net host appropriate/curl -sLk --cacert /etc/kubernetes/ssl/kube-ca.pem --cert /etc/kubernetes/ssl/kube-node.pem --key /etc/kubernetes/ssl/kube-node-key.pem https://127.0.0.1:10250/stats/summary | jq '.node.fs' | |
| df / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| ssh_authorized_keys: | |
| - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCxe63//4ctYWj+BNev+Zx4yiyk/MJ8JOaIQb39QtmI56vrSnMbaYAogfpvRusFapRhJqcsfyW6qTl0mcQbPYFS9nVTLcfdt7gTDSzJRDeQJI4Y78L+tKuneD5RXxivqdVbLmzSpIix31nZ11DBPF/AES0zlr3qopSKVS7tbcxvESa/5JRe1kTBPVOWhBVmg8iKeuHW8vHPCchrPaF4x3Mx4/SgIVvmbTDrNy85dsbO5B8bjWDpwdXPU9xLzrPTr5nhhNSXIFPw6omDdJiNWTfLXizGJ6D2LbQw+m8aJIuGFDFp2/UiWHn9vH3Jx/AYWP4MCezX8fpbiDM9/ud6nmwNLUhKN4ZaXZhweyMgHiPPJnQ4B3fiTKJHnS4ma2S3BurOhoHfW0aregACKFGL+t8otCxtpxrJndmyOoRIoV2xIi6QCemcXanmI8J/+Yes3p+XZ4SZ7M4gGoRrDgaU3NMDVIYkuPEDdq3xcNRbKAAn6EMkPvYJOWO9ioEFsccX5oKn7ObPVI1LBZc1ZsGO4NsfFG8t+oa2MTECzoo9lVwbLy6Fk1qD52QnyI2o4PwTMVsyDMoRONdqFioUT2aj2xIwOHyCRwgDfpDqsefwiEj+uc3kcVLsv8BqKmnPvnpfhUpsl0b2/94qfN+Qu2ss+EdBVNlkl3Pq9bgHRjzY53h/Q== | |
| mounts: | |
| - ["/dev/sdb1", "/var/log", "ext4", ""] | |
| - ["/dev/sdc1", "/var/lib/system-docker", "ext4", ""] | |
| - ["/dev/sdd1", "/mnt/docker", "ext4", ""] | |
| rancher: | |
| state: | |
| fstype: ext4 |
axeal
/ podsecurity.yml
Created
April 18, 2019 11:45
Demonstrate overriding restricted PodSecurityPolicy in one namespace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: psp-override | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: Role | |
| metadata: | |
| name: default-psp-role | |
| namespace: psp-override |
axeal
/ gist:180e50207e02a7a20782c57879b60914
Last active
June 14, 2019 09:46
— forked from alena1108/gist:7902b86122b62183b35e6c33b46bce62
cert rotate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| title: "Kubernetes certificate expiry and rotation in Rancher Kubernetes clusters" | |
| author: alex-seymour | |
| date: 2019-06-14 | |
| description: "This guide details how to rotate certificates for Rancher launched, and Rancher Kubernetes Engine CLI provisioned, Kubernetes clusters, both before expiry when certificates are still valid, and also in the event that the certificates have already expired." | |
| type: "blog" | |
| tags: [Kubernetes, RKE, Rancher, Certificates] | |
| categories: [blog] | |
| image: "/img/featured-images/featured-images_security.png" | |
| URL: /blog/2019/kubernetes-certificate-expiry-and-rotation-in-rancher-kubernetes-clusters |
axeal
/ cloud-config.yml
Last active
December 13, 2019 14:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| rancher: | |
| console: debian |
axeal
/ set_s3_creds.sh
Created
July 26, 2022 06:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export PATH=./:$PATH | |
| # Determine OS and architecture | |
| case $(uname -s) in | |
| Linux*) os="linux" ;; | |
| Darwin*) os="darwin" ;; | |
| *) echo "Unsupported OS detected"; exit;; | |
| esac |
axeal
/ rancher-pprof
Created
July 25, 2024 14:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TS=`date -u +"%Y-%m-%d_%H%M"` | |
| pprofs=( goroutine heap threadcreate block mutex ) | |
| for pod in $(kubectl -n cattle-system get pods --no-headers -l app=rancher -o custom-columns=":.metadata.name"); do | |
| echo "getting profile for $pod..." | |
| for pp in ${pprofs[@]}; do | |
| echo "--> generating $pp..." | |
| kubectl -n cattle-system exec $pod -c rancher -- curl -s http://localhost:6060/debug/pprof/$pp -o $pp | |
| done | |
| echo "--> taring it up..." | |
| kubectl -n cattle-system exec $pod -c rancher -- tar -czf debug-pprof.tar.gz $pprofs |