K8S Master Isolation

title: “K8S Master Isolation”
date: 2018-02-14T14:40:53
slug: k8s-master-isolation

Master Isolation

By default, your cluster will not schedule pods on the master for security reasons. If you want to be able to schedule pods on the master, e.g. for a single-machine Kubernetes cluster for development, run:

kubectl taint nodes --all node-role.kubernetes.io/master-

How to fix “Your Kibana index is out of date” when upgrading to version 6.0.0

title: “How to fix “Your Kibana index is out of date” when upgrading to version 6.0.0″
date: 2018-02-14T10:57:15
slug: how-to-fix-your-kibana-index-is-out-of-date-when-upgrading-to-version-6-0-0

curl -X DELETE http://localhost:9200/.kibana

Maus im VI abschalten

title: “Maus im VI abschalten”
date: 2018-02-09T10:23:08
slug: maus-im-vi-abschalten

echo "set mouse-=a" > ~/.vimrc

Ausgehenden Traffic umleiten

title: “Ausgehenden Traffic umleiten”
date: 2018-02-09T10:00:18
slug: ausgehenden-traffic-umleiten

iptables -t nat -A OUTPUT -p tcp -d 10.90.32.6 --dport 443 -j DNAT --to-destination 10.90.18.52:443
iptables -t nat -A POSTROUTING -j MASQUERADE

K8S Debian Node – Flannel

title: “K8S Debian Node – Flannel”
date: 2018-02-08T15:45:49
slug: k8s-debian-node-flannel

curl --silent --location 'https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz' | tar -zvxf- cp flanneld /usr/bin mkdir -p /var/lib/k8s/flannel/networks

`cat << EOF > /lib/systemd/system/flanneld.service
[Unit]
Description=Network fabric for containers
Documentation=https://github.com/coreos/flannel
After=etcd.service

[Service]
Type=notify
Restart=always
RestartSec=5
ExecStart=/usr/bin/flanneld \
-etcd-endpoints=http://10.0.1.80:4001 \
-logtostderr=true \
-subnet-dir=/var/lib/k8s/flannel/networks \
-subnet-file=/var/lib/k8s/flannel/subnet.env
[Install]
WantedBy=multi-user.target
EOF`

Set up Go

title: “Set up Go”
date: 2018-01-22T19:51:53
slug: settun-go-variables

Download the archive (https://golang.org/dl/)

and extract it into /usr/local, creating a Go tree in /usr/local/go. For example:

tar -C /usr/local -xzf go$VERSION.$OS-$ARCH.tar.gz

export PATH=$PATH:/usr/local/go/bin

Create your workspace directory, $HOME/go. (If you’d like to use a different directory, you will need to set the GOPATH environment variable.)

mkdir -p $HOME/go/src

Create Test Project

mkdir $HOME/go/src/hello
vi $HOME/go/src/hello/hello.go

package main
import "fmt"
func main() {
fmt.Printf("hello, world
")
}

Then build it with the go tool:

cd $HOME/go/src/hello
go build

kubeadmin kubernetes mit weave unter Ubuntu

title: “kubeadmin kubernetes mit weave unter Ubuntu”
date: 2018-01-10T13:19:28
slug: kubeadmin-kubernetes-mit-weave-unter-ubuntu

apt-get install -y docker.io

cat << EOF > /etc/docker/daemon.json
{
“exec-opts”: [“native.cgroupdriver=systemd”]
}
EOF

apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add –
cat </etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
kubeadm init –pod-network-cidr=172.16.0.0/16 –service-cidr=172.17.0.0/18

vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
-> add “–pod-cidr=172.16.0.0/16 –cgroup-driver=systemd –register-with-taints=node-role.kubernetes.io/master=:PreferNoSchedule” to KUBELET_NETWORK_ARGS
-> set –cluster-dns=172.17.0.10

systemctl daemon-reload
systemctl restart kubelet

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

sysctl net.bridge.bridge-nf-call-iptables=1
export kubever=$(kubectl version | base64 | tr -d ‘
’)
kubectl apply -f “https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d ‘
’)&env.IPALLOC_RANGE=172.16.0.0/16″
kubectl get nodes

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml

kubectl describe svc kubernetes-dashboard -n kube-system

Check the “IP” and the “Endpoints:” IP Addresses, should be from the pod and service cidr

Get cni binaries

title: “Get cni binaries”
date: 2017-09-05T13:30:22
slug: get-cni-binaries

mkdir -p /opt/cni/bin/
curl -fsSL ‘https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz’ | tar xvz -C /opt/cni/bin/

Squid Proxy chaching für gif|png|jpeg|jpg|bmp|tif|tiff|ico

title: “Squid Proxy chaching für gif|png|jpeg|jpg|bmp|tif|tiff|ico”
date: 2017-08-09T19:20:51
slug: squid-proxy-chaching-fur-gifpngjpegjpgbmptiftiffico

http_port 127.0.0.1:8080 accel defaultsite=127.0.0.1
cache_peer 127.0.0.1 parent 8081 0 no-query originserver

acl our_sites dstdomain 127.0.0.1
http_access allow our_sites

cache_effective_user proxy
cache_effective_group proxy
cache_dir ufs /var/spool/squid3 100 16 256
cache_mem 60 GB
maximum_object_size_in_memory 512 KB

refresh_pattern -i .(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private

New Contabo Server (NFS, Kubernetes, openvpn)

title: “New Contabo Server (NFS, Kubernetes, openvpn)”
date: 2017-02-02T09:25:41
slug: new-contabo-server-nfs-kubernetes-openvpn

Add to .bashrc

export LC\_ALL=en\_US.UTF-8
export LANG=en\_US.UTF-8
export LANGUAGE=en\_US.UTF-8

Add Kubernetes Repository

echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list

apt-get install curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
apt-get install -y apt-transport-https && apt-get update && apt-get install -y vim mc nfs-kernel-server openvpn docker.io kubelet kubeadm kubectl kubernetes-cni

Add SSH Keys from old server

vi .ssh/authorized\_keys

Copy content from old server

tar zcPf - /STORAGE /etc/openvpn /etc/exports /etc/hostname /etc/rc.local /var/spool/cron/crontabs /root/.docker | ssh root@178.238.228.154 'tar zxpPf - '