Closed AmitKumarDas closed 1 year ago
// https://www.loginradius.com/blog/async/environment-variables-in-golang/
//
// include your environment files in .gitignore
// packages: os, godotenv, viper
// dns // dnsmasq //
// https://www.tecmint.com/setup-a-dns-dhcp-server-using-dnsmasq-on-centos-rhel/
// vi /etc/dnsmasq.conf
# define the upstream DNS server for non-local domains using the server option
# Google's nameservers
server=8.8.8.8
server=8.8.4.4
# force your local domain to an IP address(es) using the address option as shown.
address=/tecmint.lan/127.0.0.1
address=/tecmint.lan/192.168.56.10
# The listen-address the option is used to set the IP address, where dnsmasq will listen on
# To use your CentOS/RHEL server to listen for DHCP and DNS requests on the LAN
# set the listen-address option to its LAN IP addresses (remember to include 127.0.0.1) as shown
# Note that the server IP must be static
listen-address=::1,127.0.0.1,192.168.56.10
# you can restrict the interface dnsmasq listens on using the interface option
# add more lines for more than one interface
interface=eth0
# If you want to have a domain automatically added to simple names in a hosts-file
# uncomment the expand-hosts option
expand-hosts
# To set the domain for dnsmasq, which means DHCP clients will have fully qualified
# domain names as long as the set domain is matched, and sets the “domain” DHCP option for all clients
domain=tecmint.lan
# test dnsmasq conf for syntax errors
dnsmasq --test
// k3d // registry // local // port
k3d registry create local-registry --port 12345
INFO[0000] Creating node 'k3d-local-registry'
INFO[0004] Pulling image 'docker.io/library/registry:2'
INFO[0007] Successfully created registry 'k3d-local-registry'
INFO[0008] Starting Node 'k3d-local-registry'
INFO[0008] Successfully created registry 'k3d-local-registry'
# You can now use the registry like this (example):
# 1. create a new cluster that uses this registry
k3d cluster create --registry-use k3d-local-registry:12345
# 2. tag an existing local image to be pushed to the registry
docker tag nginx:latest k3d-local-registry:12345/mynginx:v0.1
# 3. push that image to the registry
docker push k3d-local-registry:12345/mynginx:v0.1
# 4. run a pod that uses this image
kubectl run mynginx --image k3d-local-registry:12345/mynginx:v0.1
// k3d // cluster // local registry // network // load balancer // coredns // configmap // /etc/hosts
k3d cluster create e2e --registry-use k3d-local-registry:12345
INFO[0000] Prep: Network
INFO[0000] Created network 'k3d-e2e' (83fb8d388f32d21e590de86c2d2c97210e346d95cf8f745bf656c7b48a23ce3b)
INFO[0000] Created volume 'k3d-e2e-images'
INFO[0001] Creating node 'k3d-e2e-server-0'
INFO[0001] Creating LoadBalancer 'k3d-e2e-serverlb'
INFO[0001] Starting cluster 'e2e'
INFO[0001] Starting servers...
INFO[0001] Starting Node 'k3d-e2e-server-0'
INFO[0007] Starting agents...
INFO[0007] Starting helpers...
INFO[0007] Starting Node 'k3d-e2e-serverlb'
INFO[0008] (Optional) Trying to get IP of the docker host and inject it into the cluster as 'host.k3d.internal' for easy access
INFO[0011] Successfully added host record to /etc/hosts in 2/2 nodes and to the CoreDNS ConfigMap
INFO[0012] Cluster 'e2e' created successfully!
INFO[0012] --kubeconfig-update-default=false --> sets --kubeconfig-switch-context=false
INFO[0012] You can now use it like this:
kubectl config use-context k3d-e2e
kubectl cluster-info
// cluster info // debug // troubleshoot // coredns // metrics-server
kubectl cluster-info
Kubernetes control plane is running at https://0.0.0.0:51763
CoreDNS is running at https://0.0.0.0:51763/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://0.0.0.0:51763/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
// ansible vault
// encrypts variables and files // protect sensitive content such as passwords or keys
// to use Ansible Vault you need one or more passwords to encrypt and decrypt content
//
// https://docs.ansible.com/ansible/latest/user_guide/vault.html#encrypting-individual-variables-with-ansible-vault
// linkerd // config // policy
#kubectl get cm -n linkerd linkerd-config -oyaml
apiVersion: v1
data:
values: |
clusterDomain: cluster.local
clusterNetworks: 10.0.0.0/8,100.64.0.0/10,172.16.0.0/12,192.168.0.0/16
cniEnabled: false
controlPlaneTracing: false
controlPlaneTracingNamespace: linkerd-jaeger
controllerImage: cr.l5d.io/linkerd/controller
controllerLogFormat: plain
controllerLogLevel: info
controllerReplicas: 3
controllerResources:
cpu:
limit: ""
request: 100m
memory:
limit: 250Mi
request: 50Mi
controllerUID: 2103
debugContainer:
image:
name: cr.l5d.io/linkerd/debug
pullPolicy: ""
version: ""
destinationResources:
cpu:
limit: ""
request: 100m
memory:
limit: 250Mi
request: 50Mi
disableHeartBeat: false
enableEndpointSlices: false
enableH2Upgrade: true
enablePodAntiAffinity: true
heartbeatResources:
cpu:
limit: ""
request: 100m
memory:
limit: 250Mi
request: 50Mi
identity:
issuer:
clockSkewAllowance: 20s
crtExpiry: "2022-04-01T15:57:46Z"
issuanceLifetime: 24h0m0s
scheme: linkerd.io/tls
tls:
crtPEM: |
-----BEGIN CERTIFICATE-----
XXXX
-----END CERTIFICATE-----
identityResources:
cpu:
limit: ""
request: 100m
memory:
limit: 250Mi
request: 10Mi
identityTrustAnchorsPEM: |
-----BEGIN CERTIFICATE-----
XXXX
-----END CERTIFICATE-----
identityTrustDomain: cluster.local
imagePullPolicy: IfNotPresent
imagePullSecrets: []
installNamespace: true
linkerdVersion: stable-2.10.2
namespace: linkerd
nodeSelector:
beta.kubernetes.io/os: linux
omitWebhookSideEffects: false
podAnnotations: {}
podLabels: {}
profileValidator:
caBundle: ""
crtPEM: ""
externalSecret: false
namespaceSelector:
matchExpressions:
- key: config.linkerd.io/admission-webhooks
operator: NotIn
values:
- disabled
proxy:
cores: 0
enableExternalProfiles: false
image:
name: cr.l5d.io/linkerd/proxy
pullPolicy: ""
version: ""
inboundConnectTimeout: 100ms
logFormat: plain
logLevel: warn,linkerd=info
opaquePorts: 25,443,587,3306,5432,11211
outboundConnectTimeout: 1000ms
ports:
admin: 4191
control: 4190
inbound: 4143
outbound: 4140
requireIdentityOnInboundPorts: ""
resources:
cpu:
limit: ""
request: 100m
memory:
limit: 250Mi
request: 20Mi
uid: 2102
waitBeforeExitSeconds: 0
proxyInit:
closeWaitTimeoutSecs: 0
ignoreInboundPorts: ""
ignoreOutboundPorts: ""
image:
name: cr.l5d.io/linkerd/proxy-init
pullPolicy: ""
version: v1.3.11
resources:
cpu:
limit: 100m
request: 10m
memory:
limit: 50Mi
request: 10Mi
xtMountPath:
mountPath: /run
name: linkerd-proxy-init-xtables-lock
proxyInjector:
caBundle: ""
crtPEM: ""
externalSecret: false
namespaceSelector:
matchExpressions:
- key: config.linkerd.io/admission-webhooks
operator: NotIn
values:
- disabled
proxyInjectorResources:
cpu:
limit: ""
request: 100m
memory:
limit: 250Mi
request: 50Mi
spValidatorResources:
cpu:
limit: ""
request: 100m
memory:
limit: 250Mi
request: 50Mi
webhookFailurePolicy: Fail
kind: ConfigMap
metadata:
annotations:
linkerd.io/created-by: linkerd/helm stable-2.10.2
meta.helm.sh/release-name: wonderland-mesh
meta.helm.sh/release-namespace: default
labels:
app.kubernetes.io/managed-by: Helm
linkerd.io/control-plane-component: controller
linkerd.io/control-plane-ns: linkerd
name: linkerd-config
namespace: linkerd
// fully qualified resource name
kubectl get horizontalpodautoscalers.v1.autoscaling -A
// tag // build // make // script // shell
#!/bin/bash
set -e
# credit: https://github.com/cli/cli/blob/trunk/script/changelog
# credit: https://github.com/fastly/go-fastly/blob/main/scripts/
function previous_tag() {
current_tag="$(git describe --tags HEAD^ --abbrev=0)"
start_ref="HEAD"
# Find the previous release on the same branch, skipping prereleases if the
# current tag is a full release
previous_tag=""
while [[ -z $previous_tag || ( $previous_tag == *-* && $current_tag != *-* ) ]]; do
previous_tag="$(git describe --tags "$start_ref"^ --abbrev=0)"
start_ref="$previous_tag"
done
echo $previous_tag
}