K3s Install Notes

L.J. Hanson - January 7, 2023 - 1 min read

K3 Install Notes Pre-Setup For 8Gb host use external mounts ln -s /datadrive/k3s/ /run/k3s ln -s /datadrive/k3s-pods/ /var/lib/kubelet/pods ln -s /datadrive/k3s-rancher/ /var/lib/rancher ## Install ```sh '--disable' \ 'traefik' \ '--disable' \ 'servicelb' \ '--disable' \ 'metrics-server' \ '--disable' \ 'local-storage' \ '--write-kubeconfig-mode 644' \ '--node-label "k3s-upgrade=true"' \ '--flannel-backend=wireguard-native' For worker nodes need: K3S_TOKEN is at /var/lib/rancher/k3s/server/node-token on server K3S_URL is “https://:6443” Setting up upgrades Install upgrade server kubectl apply -f https://github.

Kured - Kubernetes Restart Daemon

L.J. Hanson - December 28, 2022 - 1 min read

kubernetes

Kured is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS. This should allow a full OS install, to be more like an appliance install like K3OS which is no longer being actively developed.

Snippets in VSCode

L.J. Hanson - December 28, 2022 - 1 min read

You can create snippets to add content to files in VSCode to put in boilerplate. In this example I’m using a snippet to create the frontmatter for a blogpost. { "Markdown FrontMatter": { "prefix": "eventFrontMatter", "body": [ "---", "title: $1", "date: $2", "author: L.J. Hanson", "tags: [$3]", "slug: $4", "description: $5", "draft: true", "---", "" ], "description": "Markdown FrontMatter" } }

Nikola Setup Notes

L.J. Hanson - March 23, 2021 - 1 min read

To get Pelican style metadata working in Nikola you must add the markdown metadata extension to your config. MARKDOWN_EXTENSIONS = [ "markdown.extensions.fenced_code", "markdown.extensions.codehilite", "markdown.extensions.extra", "markdown.extensions.meta", ]

Cert Manager for Kubernetes

L.J. Hanson - January 21, 2021 - 1 min read

Overall installtion instructions are here. Cert Manager was installed by Helm v3, with the custom resource definitions (CRD). ClusterIssuer.yaml file sets up the connection to the CA (Let’s Encrypt) in order to generate certs. - Requires an IAM policy for Route53 and DNS challenges - yaml file must be updated with approriate values (at a minimum role, possibly accessKey and secret)

Ubuntu unattended upgrades

L.J. Hanson - January 21, 2021 - 1 min read

Unattended upgrades for Ubuntu

Pi Install Notes

L.J. Hanson - December 7, 2020 - 1 min read

Inital Install sudo apt update sudo apt upgrade sudo apt install avahi-daemon docker.io docker-compose sudo dpkg-reconfigure tzdata sudo adduser ljhanson sudo usermod -G docker, sudo sudo hostnamectl set-hostname pi sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf Add hostname to /etc/hosts curl -L https://install.pivpn.io | bash sudo ufw allow ssh sudo ufw allow http sudo ufw allow https Next two needed to keep DNS/DHCP on internal network only if using ipv6 tunnel sudo ufw allow in on eth0 to any port 67 sudo ufw allow in on eth0 to any port 53 # Default policy sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw enable

Splunk Notes

November 8, 2019 - 4 mins read

Splunk Components Indexer - Process, stores and creates events. Does this via time stamped directories. Search Head - Front End, consolidate and enrich results Forwarder - Agent that sends data to indexer These three represent the minimal install of splunk. Deployment Server Cluster Master License Master Roles Admin Can install apps, and create knowledge objects Power Can create and share knowledge objects for app users and do realtime searches. User Will only see own knowledge objects and those shared with them.

Notes from AWS Security Maturity Roadmap by Scott Piper (summitroute.com)

L.J. Hanson - November 2, 2019 - 1 min read

TODO: Subscribe to recommended keeping up to dates TODO: Buy/Read Securing DevOPS: Security in the Cloud Most common security incidents Public S3 buckets Leaked access keys Comprised IAM roles from EC2 allowing access to metadata service at 169.254.169.254

Docker Commands Reference

October 8, 2019 - 2 mins read

Command Description start Start Container stop Stops Container restart Restart Container kill Kill Container attach Attach terminal to running container exec Excutes command within a running container inspect Detail output about running container in JSON history Shows history of container image Dockerfile Commands Command Reference FROM Base image, usually first WORKDIR Set’s working directory ADD Adds file from source to destination. Can be URL, Will Unzip COPY Copy from host machine.