Skip to content

Instantly share code, notes, and snippets.

View egeneralov's full-sized avatar

Eduard Generalov egeneralov

27 followers · 16 following
View GitHub Profile
@egeneralov
egeneralov / gitlab-rails console.rb
Created July 25, 2021 13:15
dump info about gitlab-runner[s]
for runner in Ci::Runner.find_each
if runner.ip_address == "1.1.1.1"
print(runner.to_json, "\n")
end
end
@egeneralov
egeneralov / gitlab runners cluster-admin.md
Last active June 30, 2021 02:06

gitlab runners cluster-admin (from kubernetes integration application tab)

cat << EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-managed-apps
roleRef:
 apiGroup: rbac.authorization.k8s.io
@egeneralov
egeneralov / containerd tls auth.md
Created June 30, 2021 02:04

containerd registry tls certificates auth

  • ${EDITOR} /etc/containerd/config.toml
  [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.company.org".tls]
    ca_file   = "/etc/containerd/certs.d/registry.company.org/ca.pem"
    cert_file = "/etc/containerd/certs.d/registry.company.org/cert.pem"
    key_file  = "/etc/containerd/certs.d/registry.company.org/key.pem"
@egeneralov
egeneralov / satisfactory.rsc
Created June 19, 2021 23:30
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=5222 log=yes log-prefix=satisfactory protocol=tcp to-addresses=192.168.88.251 to-ports=5222
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=5222 log=yes log-prefix=satisfactory protocol=udp to-addresses=192.168.88.251 to-ports=5222
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=6666 log=yes log-prefix=satisfactory protocol=tcp to-addresses=192.168.88.251 to-ports=5222
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=6666 log=yes log-prefix=satisfactory protocol=udp to-addresses=192.168.88.251 to-ports=5222
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=7777 log=yes log-prefix=satisfactory protocol=udp to-addresses=192.168.88.251 to-ports=7777
add action=dst-nat chain=dstnat dst-address=192.168.88.251 dst-port=7778 log=yes log-prefix=satisfactory protocol=udp to-addresses=192.168.88.251 to-ports=7778
@egeneralov
egeneralov / ansible-integrate-gitlab-instance-with-k8s.yaml
Created June 9, 2021 12:05
---
- name: integrate gitlab instance with k8s
hosts: kube-master[0]
gather_facts: no
tasks:
- apt:
name:
- python-pip
- python-setuptools
@egeneralov
egeneralov / iptables-chain-whitelist-example.sh
Created May 18, 2021 08:30
#!/bin/bash -xe
apt-get install iptables{,-persistent}
iptables -N node-exporter
iptables -A node-exporter -s 1.1.1.1 -j ACCEPT
iptables -A node-exporter -s 1.0.0.1 -j ACCEPT
iptables -A node-exporter -s 8.8.8.8 -j ACCEPT
iptables -A node-exporter -s 127.0.0.0/8 -j ACCEPT
iptables -A node-exporter -j REJECT
@egeneralov
egeneralov / cilium kubespray direct routing.md
Created May 12, 2021 14:47

cilium kubespray direct routing

Tested on kube-sigs/kubespray commit a923f4e7c0692229c442b07a531bfb5fc41a23f9.

  • Add enable-endpoint-routes: "true" at EOF kubespray/roles/network_plugin/cilium/templates/cilium-config.yml.j2
  • Modify kubespray inventory group_vars/k8s-cluster/k8s-net-cilium.yml
cilium_auto_direct_node_routes: true
cilium_native_routing_cidr: 10.10.2.0/24
@egeneralov
egeneralov / ipvs lb example.sh
Created May 12, 2021 14:35
#!/bin/bash -xe
# use clean docker host with ipvsadm installed
docker run -d -p 127.0.0.1:8000:8000 -t jwilder/whoami
docker run -d -p 127.0.0.1:8001:8000 -t jwilder/whoami
cat << EOF | ipvsadm-restore
-A -t ${external_ip}:80 -s rr
-a -t ${external_ip}:80 -r 172.17.0.2:8000 -m
@egeneralov
egeneralov / fstab4fscache
Created May 9, 2021 20:34
tmpfs /var/cache/fscache tmpfs nodev,nosuid,size=1G 0 0
@egeneralov
egeneralov / mount verbose.sh
Created May 9, 2021 20:33
LIBMOUNT_DEBUG=all LIBBLKID_DEBUG=all LOOPDEV_DEBUG=all mount -av