Fred Richards flrichar

Output of PLab PostRouting for NAT Table, CNI, Bridge, SNAT-1022

$ iptables -t nat -L POSTROUTING -vn --line
Chain POSTROUTING (policy ACCEPT 3159 packets, 581K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     4217  663K CNI-HOSTPORT-MASQ  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* CNI portfwd requiring masquerade */
2     1058 81606 CNI-8d379e8c80a1fb6e997fb316  all  --  *      *       10.4.0.2             0.0.0.0/0            /* name: "bridge" id: "moby-0b65d5a522417587f04a5f4429c5b63ec2fca1065291d12c7f91b158cf18f8e1" */
3        0     0 MASQUERADE  all  --  *      eth0.87  10.16.22.0/24       !10.0.0.0/8           /* SNAT 1022 through eth0.87 via fiber-inetgw */

2025-1201 IP-Change Restore Example

Always use S3 for backups
Enable adequate, constant, consistent backups
Single-Nodes for Development, ensure quick turnaround

Example ...

Address changed from .147 to .180 ... Verified the timestamp was the same from 11/21 locally & in S3. Do not require full-path for S3 bucket data.

sudo systemctl disable --now rke2-server

Mini GwAPI

Control-plane only Istio for gateway api, installing latest 1.3.0 CRDs. Simple adjustments for newer api versions and istio releases.

kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.3.0" | kubectl apply -f -;

helm install -n istio-system upstream-istio istio/istiod --set gateway.enabled=true --set istiod.profile=minimal --version 1.27.0 --create-namespace

Mainline Testing Kernel

transactional-update shell

zypper ar -f http://download.opensuse.org/repositories/Kernel:/HEAD/standard/ kernel-repo
zypper ref
zypper dist-upgrade --allow-vendor-change --from kernel-repo

# zypper dup

Some Fleet Metrics

would prefer curl, but okay
more recent fleet versions use deploy/fleet-agent instead of a statefulset

k exec -it -n cattle-fleet-local-system fleet-agent-0 -- wget -qO - monitoring-fleet-controller.cattle-fleet-system.svc.cluster.local:8080/metrics

k exec -it -n cattle-fleet-local-system fleet-agent-0 -- wget -qO - monitoring-gitjob.cattle-fleet-system.svc.cluster.local:8081/metrics

Lint Fleet.yaml Bundle Definitions

nctl command is a local alias for nervctl with options/flags

nctl run -v $(pwd):/tmp/pwd --rm rancher/fleet:v0.11.9 -- /usr/bin/fleet apply BUNDLE100 /tmp/pwd/ -o -

### or ...

podman run -v $(pwd):/tmp/pwd --rm docker.io/rancher/fleet:v0.11.9 /usr/bin/fleet apply BUNDLE100 /tmp/pwd/ -o -

Proxy the Entire Path

Example

kubectl get --raw /k8s/clusters/c-m-abc123xyz456/.well-known/openid-configuration
kubectl get --raw /k8s/clusters/c-m-abc123xyz456/openid/v1/jwks

...

Product Name	Alternative Names	GitHub Repository	Description
Rancher	SUSE Rancher Prime, Rancher Manager	rancher/rancher	Enterprise Kubernetes management platform that enables organizations to run and manage Kubernetes clusters across any infrastructure.
RKE	Rancher Kubernetes Engine	rancher/rke	An extremely simple, lightning fast Kubernetes distribution that runs entirely within containers.
RKE2	RKE Government	rancher/rke2	A Kubernetes distribution focused on security and compliance for government agencies.
K3s	Lightweight Kubernetes, k3OS	k3s-io/k3s	Purpose-built, lightweight Kubernetes distribution for edge and IoT use cases, fully managed by Kubernetes.
Longhorn	SUSE Storage	longhorn/longhorn	Cloud-nativ

Save Logs from Jobs

Append all to a filename.

kubectl -n kube-system get pods -n kube-system --template '{{range.items}}{{.metadata.name}}{{"\n"}}{{end}}' --field-selector="status.phase==Succeeded" | xargs -I{} kubectl -n kube-system logs {} >> all-jobs-logs-$(date +%YJ%j).txt

	---
	apiVersion: helm.cattle.io/v1
	kind: HelmChartConfig
	metadata:
	name: rke2-ingress-nginx
	namespace: kube-system
	spec:
	valuesContent: \|-
	controller:
	admissionWebhooks: