| Useful for when you do a temporary backup to a longhorn pvc with the backup-restore-operator, doesn't need to be lh, can be any pv. | |
| Run a one-time backup, then copy off-cluster and remove | |
| # kubect get pods -n cattle-resources-system | |
| # cd local-backups-dir/ | |
| # kubectl cp -n cattle-resources-system <name-of-backup-pod>:/var/lib/backups . | |
| # remove resources as necessary ... |
bgp lab is FRR in aws ... routing between subnet-A and subnet-B goes through various route-tables, one for the node then another for the AWS vpc, next-hops for bgp may be invalid if you do not have a direct connection
see here -- FRRouting/frr#3474
for frr 7.5.x and 8.1.x, enable the global option ...
ip nht resolve-via-default
| docker run -itd --name frr --net=none --privileged frr-buster:20191120 | |
| ovs-docker add-port kvm1 eth0 frr --macaddress="00:16:3e:49:ae:fb" | |
| sudo ovs-docker add-port kvm1 eth0 frr --macaddress="00:16:3e:49:ae:fb" | |
| docker exec -it frr vtysh | |
| cruddy bridging is cruddy. | |
| use ovs with docker ... above was FRR example | |
| ovs-docker command makes it possible |
| ## crate a cluster-wide alias to normalize yay command | |
| ## set alias in .bashrc on every linux-node, access with tf remote-exec or ansible shell module | |
| ## alias for login user w/ sudo, as root with just the command | |
| ## ex, arch is just 'yay', debian-based is 'apt-get upgrade', tumbleweed/leap/sles is 'zypper up --details', | |
| ## micro is 'transactional-update up -d -n' | |
| ## rhel,centos is 'dnf upgrade -v' or 'yum upgrade -v' | |
| ## check for existence | |
| ansible devx -b -e @path/vars/become.yaml -m shell -a 'grep yay ~/.bashrc' |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: tls-reports | |
| spec: | |
| containers: | |
| - name: tls-reporter | |
| image: drwetter/testssl.sh | |
| command: | |
| - /usr/local/bin/testssl.sh |
| ## pipe colorfied jq to less while keeping colors | |
| jql () { jq -C . $1 | less -R ; } | |
| ## pipe colorfied yq to less, keep colors, convert json to yaml | |
| yql () { yq -CP -oy $1 | -R ; } |
| ## Exec into the etcd container | |
| docker exec -it etcd sh | |
| ## All objects | |
| for key in `etcdctl get --prefix --keys-only /` | |
| do | |
| size=`etcdctl get $key --print-value-only | wc -c` | |
| versions=`etcdctl get $key --write-out=fields | grep \"Version\" | cut -f2 -d':'` |
alias nctl='sudo /usr/local/bin/nerdctl -n k8s.io -a /run/k3s/containerd/containerd.sock'nctl info (I just prefer not to spell out nerdctl)sudo /usr/local/bin/crictl <commands> works with included binaryallias crictl='sudo /var/lib/rancher/rke2/bin/crictl --runtime-endpoint unix:///run/k3s/containerd/containerd.sock'
| * https://banzaicloud.com/docs/one-eye/logging-operator/configuration/plugins/outputs/elasticsearch/ -- logging operator plugin for elastic | |
| .. option "hosts" overrides the host and port fields, turning the entire elastic target into one string | |
| .. edit Output yaml, enter host:port/path in the field exactly, minus a trailing slash / | |
| .. remove other host & port fields, ELK endpoint Output should begin to flow normally | |
| useful for when a customer/user/client has an ELK or other elastic endpoint behind a L7 reverse-proxy |
| sudo grubby --update-kernel=ALL --args='cgroup_enable=memory cgroup.memory=nokmem' | |
| ## cite refrences below, related to kernel paging problems in patched 3.10 kernels | |
| -- https://newrelic.zendesk.com/hc/en-us/articles/360059501693-RHEL7-RHEL8-DockerCE-cgroup-kernel-memory-leak | |
| -- https://github.com/opencontainers/runc/issues/1725 | |
| -- https://www.elastic.co/guide/en/cloud-enterprise/2.3/ece-configure-hosts-rhel-centos.html | |
| -- https://github.com/docker/for-linux/issues/841 |