Fred Richards flrichar

Proxy the Entire Path

Example

kubectl get --raw /k8s/clusters/c-m-abc123xyz456/.well-known/openid-configuration
kubectl get --raw /k8s/clusters/c-m-abc123xyz456/openid/v1/jwks

...

Product Name	Alternative Names	GitHub Repository	Description
Rancher	SUSE Rancher Prime, Rancher Manager	rancher/rancher	Enterprise Kubernetes management platform that enables organizations to run and manage Kubernetes clusters across any infrastructure.
RKE	Rancher Kubernetes Engine	rancher/rke	An extremely simple, lightning fast Kubernetes distribution that runs entirely within containers.
RKE2	RKE Government	rancher/rke2	A Kubernetes distribution focused on security and compliance for government agencies.
K3s	Lightweight Kubernetes, k3OS	k3s-io/k3s	Purpose-built, lightweight Kubernetes distribution for edge and IoT use cases, fully managed by Kubernetes.
Longhorn	SUSE Storage	longhorn/longhorn	Cloud-nativ

Save Logs from Jobs

Append all to a filename.

kubectl -n kube-system get pods -n kube-system --template '{{range.items}}{{.metadata.name}}{{"\n"}}{{end}}' --field-selector="status.phase==Succeeded" | xargs -I{} kubectl -n kube-system logs {} >> all-jobs-logs-$(date +%YJ%j).txt

kubectl get cluster.fleet.cattle.io/cluster-xxx765123 -n clusters -o jsonpath='{.metadata.labels}' | jq
{
  "env": "opm-lab",
  "fleet.cattle.io/cluster": "cluster-xxx765123",
  "fleet.cattle.io/created-by-agent-pod": "fleet-agent-0",
  "management.cattle.io/cluster-display-name": "r12700.F"
}

Fetch Debian Task

curl -SLO https://github.com/go-task/task/releases/download/$(curl https://api.github.com/repos/go-task/task/releases | jq -r ".[0].name")/task_linux_amd64.deb

sudo dpkg -i ./task_linux_amd64.deb && rm ./task_linux_amd64.deb

# use with caution
export TASK_X_REMOTE_TASKFILES=1

Rancher Profile Collection

TS=`date -u +"%Y-%m-%d_%H%M"`
pprofs=( goroutine heap threadcreate block mutex )
for pod in $(kubectl -n cattle-system get pods --no-headers -l app=rancher -o custom-columns=":.metadata.name"); do
  echo "getting profile for $pod..."
  for pp in ${pprofs[@]}; do
    echo "--> generating $pp..."
 kubectl -n cattle-system exec $pod -c rancher -- curl -s http://localhost:6060/debug/pprof/$pp -o $pp

K3S Journal JSON Parse

Parse some message fields from k3s' journal logs.

sudo journalctl -u k3s -g detail -n80 -ojson | jq -r '.MESSAGE'  | jq
...
##### Sample output:

{
 "level": "info",

Enable Wireguard for Calico

Using just a Calico CRD felixconfiguration, instead of vxlan tunnel.

calicoctl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true}}'

Canal - replaces vxlan with wireguard.
Calico - leaves vxlan tunnel for fall-back in case there is no wireguard support on the node.

This should only be enabled by direction from your professional services consultant on an as-needed basis after a thorough examination of the specific environmental factors.

	---
	apiVersion: helm.cattle.io/v1
	kind: HelmChartConfig
	metadata:
	name: rke2-ingress-nginx
	namespace: kube-system
	spec:
	valuesContent: \|-
	controller:
	admissionWebhooks:

	#!/bin/bash

	curl -sfL https://get.k3s.io \|\
	INSTALL_K3S_VERSION="v1.30.6+k3s1"
	INSTALL_K3S_EXEC="server --write-kubeconfig-mode=644 --cluster-cidr=10.78.0.0/16 --service-cidr=10.78.0.0/16 --cluster-init=true --kube-controller-manager-arg=node-cidr-mask=23 --kubelet-arg=max-pods=240" \
	sh -s -