Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/eumel8/10-kleine-helferlein
Hilfreiche Kommandos für den Alltag in der Cloud.
https://github.com/eumel8/10-kleine-helferlein
Last synced: 21 days ago
JSON representation
Hilfreiche Kommandos für den Alltag in der Cloud.
- Host: GitHub
- URL: https://github.com/eumel8/10-kleine-helferlein
- Owner: eumel8
- Created: 2021-03-14T16:51:44.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-11-01T11:06:11.000Z (about 2 months ago)
- Last Synced: 2024-11-01T12:17:46.064Z (about 2 months ago)
- Size: 72.3 KB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# 195 Kleine Helferlein
Manche Shell-Einzeiler braucht man irgendwie immer wieder, egal in welche Tastatur man seine Finger steckt. Es wird Zeit, diese kleinen Helferlein mal aufzulisten.
Weiterführung der [Blog-Seite](https://blog.eumelnet.de/blogs/blog8.php/10-kleine-helferlein)
Schönere Ansicht mit [Github Pages](https://eumel8.github.io/10-kleine-helferlein/)
[Bash](#bash) | [MySQL](#mysql) | [Git](#git) | [OpenSSL](#openssl) | [Docker](#docker) | [Kubernetes](#kubernetes) | [Rancher](#rancher) | [Containerd](#containerd) | [Terraform](#terraform) | [Helm](#helm) | [Anything Else](#anything) | [Mac](#Mac)
## Bash
#### find all files in a directory, copy them in another, and keep all properties.
```
find . -depth | cpio -pvdm /new_data
```#### replace a string in a file with another (here: linebreak \r)
```
perl -p -i -e 's/\r//g' datei
```#### decode a base64 string in a file
```
perl -MMIME::Base64 -0777 -ne 'print decode_base64($_)' datei
```#### loop within some server and execute command there (here: "date")
```
for i in 51 52 53 61 62 63; do ssh [email protected].$i "hostname; date";done
```#### out of loop devices
```
#!/bin/bash
for i in {8..30};
do
/bin/mknod -m640 /dev/loop$i b 7 $i
/bin/chown root:disk /dev/loop$i
done
```### rpm/deb cheats:
#### To which package owns a file
```
# rpm -qif /path/to/file
# dpkg -S /path/to/file
```#### Which files owns by an installed package
```
# rpm -qil paket-name
# dpk -L paket-name
```#### Check dependencies of a package
```
# rpm -qpR ./paket.rpm
# dpkg -I ./paket.deb
```#### Dependencies of an installed package
```
# rpm -qR paket-name
# apt-cache depends
```#### copy & paste in vi
prevent zeilen misch masch
```
:set paste
```#### bash script debug with line numbers
```
PS4='Line ${LINENO}: ' bash -x script
```#### git-crypt list current key
```
for key in .git-crypt/keys/default/0/* ; do gpg -k $(echo $(basename $key) | sed -e 's/.gpg//') ; done ;
```#### get gitlab environment variables and convert to shell variables
```
curl -sq --header "PRIVATE-TOKEN: " "https://gitlab.com/api/v4/projects/188/variables" | jq -r '"export " + .[].key + "=" + .[].value'
```[Top](#top)
## MySQL
#### Grant user permissions
```
GRANT File, Process,suprt,replication client,select on *.* TO 'depl_mon'@'192.168.0.100' identified by 'poddfsdkfskflpr934r1';
```#### Revoke user permissions
```
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'hans'@'192.168.100.%'
```#### Setup replication with SQL-Shell
```
mysql>
CHANGE MASTER TO
MASTER_HOST='master2.mycompany.com',
MASTER_USER='replication',
MASTER_PASSWORD='bigs3cret',
MASTER_PORT=3306,
MASTER_LOG_FILE='master2-bin.001',
MASTER_LOG_POS=4,
MASTER_CONNECT_RETRY=10;
```#### MySQL replication: skip a error counter (e.g. "Duplicate entry")
```
mysql> slave stop; set global sql_slave_skip_counter=1; slave start ; show slave status\G
```#### Query-log switch on:
```
mysql> show global variables like '%general%';
+------------------+------------+
| Variable_name | Value |
+------------------+------------+
| general_log | OFF |
| general_log_file | mysqld.log |
+------------------+------------+mysql> set global general_log = 1;
```#### Dump MySQL Datenbank
```
mysqldump --master-data --all-databases > /tmp/mysql.sql
```#### MySQl too many connection:
```
mysql> select @@max_connections;+-------------------+
| @@max_connections |
+-------------------+
| 151 |
+-------------------+
1 row in set (0.00 sec)mysql> set global max_connections = 500;
```#### Anzahl Einttraege pro Tabelle anzeigen:
```
mysql> SELECT table_name, table_rows FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'my_schema' order by table_rows;
oder
mysql> SELECT TABLE_ROWS,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = “mydb”
```[Top](#top)
## Git
#### Git: Eine Datei in 2 Branches vergleichen:
```
git diff reference live -- modules/deploy/manifests/init.pp
```#### Git: Eine Datei aus einem anderen Branch in den aktuellen kopieren:
```
git checkout reference -- modules/deploy/manifests/init.pp
```#### lokales git repo mit remote git repo syncen:
```
git remote add mygithub https://github.com/eumel8/ansible-otc
git pull mygithub master
git push
```#### nice git log
```
git log --graph --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%an%C(reset)%C(bold yellow)%d%C(reset) %C(dim white)- %s%C(reset)' --all
```#### re-sign commits
```
git rebase HEAD~5 --signoff
git push --force-with-lease origin fix/configcheck
```#### work with http(s) git service
create a file $HOME/.netrc with login credentials/token:
```
machine gitlab.devops.telekom.de login oauth2 password glpat-xxxxx
```#### Git Merge Request + multiline comment
```
git commit -m "abc: migrate storage" -m "related to JIRA-1234"
git push -o merge_request.create -o merge_request.remove_source_branch -o merge_request.squash -o merge_request.title="Migrate storage cluster abc" origin storage_migrate/abc
```#### Git push to an existing branch and overwrite remote
```
git push --force-with-lease
```[Top](#top)
## OpenSSL
#### Openssl: SSL-Zertifikat anlegen (fuer apache, postfix usw.)
```
openssl req -new -x509 -days 730 -nodes -out hostname1.pem -keyout hostname1.pem
```#### SSL-Zertifkat angucken:
```
openssl x509 -in eumelnetde.pem -noout -text
```#### Encrypt and Decrypt files with a key
```
openssl enc -aes256 -a -pass pass:$AES_KEY -in values.yaml -out values.yaml.enc
openssl enc -aes256 -a -d -pass pass:$AES_KEY -in values.yaml.enc -out values.yaml
```#### Überprüfen, ob ein SSL-Zertifikat zum Key passt:
```
openssl x509 -noout -modulus -in server.crt| openssl md5
openssl rsa -noout -modulus -in server.key| openssl md5die checksum sollte gleich sein
```#### Which Ciphers are offered from a TLS connection
```
nmap --script ssl-enum-ciphers -p 443 cloud.telekom.de
```#### CA in Kubernetes Secret is valid or show me
```
kubectl get secrets thanos-mtls-ca -o yaml |yq '.data."ca.crt"'|base64 -d | openssl x509 -in /dev/stdin -text -noout
```#### Decode a secret with a dot file
```
kubectl -n infra get secret infra-fluentbit -o jsonpath="{.data['fluent-bit\.conf']}" | base64 -d
```[Top](#top)
## Docker
#### read Docker logs
```
docker logs kubelet 2>&1| less
```#### Loesche alle Docker Container
```
for i in `docker ps --all |awk '{print $1}'`;do docker rm --force $i;done
```#### Loesche alle Docker Images
```
for i in `docker images |awk '{print $3}'`;do docker image rm $i;done
```#### which overlay id belongs to which container
```
for container in $(docker ps --all --quiet --format '{{ .Names }}'); do echo "$(docker inspect $container --format '{{.GraphDriver.Data.MergedDir }}' | \
grep -Po '^.+?(?=/merged)' ) = $container"; donecat /etc/mtab | grep "^overlay"| awk -F/ '{print $6}'| sort | uniq -c | sort -nr
```#### overlay mounts, which have the most ones
```
cat /etc/mtab |awk '{print $1}' | sort | uniq -c | sort -n
```[Top](#top)
## OpenStack
#### unbenutze volumes loeschen
```
for i in `openstack volume list --status available -f value| awk '{print $1}'`;do openstack volume delete $i;done
```#### bestimte Sorte VMs loeschen
```
for i in `openstack server list | grep k8s-00 | grep ranchermaster | awk '{print $2}'`;do openstack server delete $i;done
```#### create floating ip with fixed ip
```
openstack floating ip create --floating-ip-address 80.158.7.232 admin_external_net
```#### get a token on scope to query user list
authfile
```
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"name": "user",
"password": "password",
"domain": {
"name": "OTC-EU-DE-00000000001000050075"
}
}
}
},
"scope": {
"domain": {
"name": "OTC-EU-DE-00000000001000050075"
}
}
}
}
```get the token
```
$ export OS_TOKEN=$(curl -i -X POST -H "Content-Type: application/json" -d @auth.txt https://iam.eu-de.otc.t-systems.com/v3/auth/tokens | awk '/X-Subject-Token/ { print $2 }')
```query user list
```
$ curl -H "X-Auth-Token:$OS_TOKEN" -H 'Content-Type:application/json;charset=utf8' -X GET https://iam.eu-de.otc.t-systems.com/v3/users | jq -r .users[].name
```#### on which openstack version runs my VM
```
dmidecode
```[Top](#top)
## Kubernetes
#### kubectl bash complition
```
source <(kubectl completion bash)
```#### list all workload like pods,deployments,services
```
kubectl get all --all-namespaces -o wide
```#### tail -f pod log
```
kubectl -n cattle-system logs pod/rancher-7bdd99ccd4-dhpcq --tail=10 -f
```#### delete all evicted pods from all namespaces
```
kubectl get pods --all-namespaces --field-selector 'status.phase==Failed' -o json| kubectl delete -f -
kubectl get pods --all-namespaces | grep Evicted | awk '{print $2 " --namespace=" $1}' | xargs kubectl delete pod
```#### delete all containers in ImagePullBackOff state from all namespaces
```
kubectl get pods --all-namespaces | grep 'ImagePullBackOff' | awk '{print $2 " --namespace=" $1}' | xargs kubectl delete pod
```#### delete all containers in ImagePullBackOff or ErrImagePull or Evicted state from all namespaces
```
kubectl get pods --all-namespaces | grep -E 'ImagePullBackOff|ErrImagePull|Evicted' | awk '{print $2 " --namespace=" $1}' | xargs kubectl delete pod
```#### scale up deployment
```
kubectl scale --replicas=1 deployment/rancher -n cattle-system
```#### describe pod
```
kubectl -n cattle-system describe pod rancher-7bdd99ccd4-v9rjm
```#### delete pod
```
kubectl -n cattle-system delete pod/rancher-7bdd99ccd4-4qgt5
```#### delete pod in state Terminating
```
kubectl -n cattle-system delete pod/rancher-7bdd99ccd4-4qgt5 --force
```#### list deployments
```
kubectl get deployments --all-namespaces
```#### list daemonsets
```
kubectl get daemonsets --all-namespaces
```#### get detailed status of a pod (failure)
```
kubectl -n cattle-system get pod cattle-node-agent-44xnn -o json
```#### get events
```
kubectl -n cattle-system get events
```#### check openstack elb service
```
kubectl -n ingress-nginx describe service openstack-lb
```#### get all pod logs
```
kubectl get pods --all-namespaces | awk '{print "kubectl logs "$2" -n "$1}' | sh
```#### exec shell into pod (where is a sh bin exists)
```
kubectl exec -it mypod -- /bin/sh
```#### cert-manager show certs
```
kubectl get certificates --all-namespaces
```#### cert-manager show challenges
```
kubectl get challenges --all-namespaces
```#### copy files into pods
```
kubectl cp demo.html default/demoapp-glusterfs-66bcdf58d4-bxfbv:/usr/share/nginx/html/demo.html
```#### get service endpoints (and describe & edit)
```
kubectl -n glusterstorage get ep heketi
```#### follow all events
```
kubectl get events -A -w=true
```#### show cpu/memory usage of a POD
```
kubectl top pod prometheus-cluster-monitoring-0 -n cattle-prometheus
```#### setup tiller
```
kubectl --namespace kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller
```#### kubectl verbose
```
kubectl -v=8
```#### in which ClusterRoleBinding is a ServiceAccount
```
SA=cluster-monitoring; for i in `kubectl get clusterrolebindings | awk '{print $1}'`;do kubectl get clusterrolebinding $i -o yaml|grep -q $SA;if [[ "$?" -eq 0 ]];then echo $i;fi;done
```#### run Ubuntu/Busybox in a POD
```
kubectl run -i --tty ubuntu --image=ubuntu --restart=Never -- bash
kubectl run -i --tty busybox --image=busybox --restart=Never -- sh
```#### deploy a Busybox POD
```
kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/admin/dns/busybox.yaml
```#### dns debug in cluster
```
kubectl apply -f https://k8s.io/examples/admin/dns/dnsutils.yaml
kubectl exec -i -t dnsutils -- nslookup kubernetes.default
```#### deploy a priviledged POD on each node as a daemonset
```
kubectl apply -f debug-shell.yaml
```#### health status of nodes
```
kubectl get nodes --no-headers | awk '{print $1}' | xargs -I {} sh -c 'echo {}; kubectl describe node {} | grep Allocated -A 5 | grep -ve Event -ve Allocated -ve percent -ve -- ; echo'
```#### list all container images
```
kubectl get pods --all-namespaces -o jsonpath="{..containers..image}" | tr -s '[[:space:]]' '\n'
```#### where are PVCs connected
```
kubectl get pods -A -o=json | jq -c \
'.items[] | {name: .metadata.name, namespace: .metadata.namespace, claimName:.spec.volumes[] | select( has ("persistentVolumeClaim") ).persistentVolumeClaim.claimName }'
```#### list pod name/resources
```
kubectl get pods -o json | jq '.items[].spec.containers[] | .name,.resources.limits'
```#### set a new default namespace
```
kubectl config set-context quickstart-cluster --namespace product-api
```#### set a new context in KUBECONFIG
```
kubectl config set-context mycontext --cluster quickstart-cluster --namespace product-api --user=myaccount
```#### full example of KUBECONFIG settings
```
kubectl config set-cluster mycluster --server=https://raseed.eumel.de/k8s/clusters/c-npp6v
kubectl config set-credentials rancher-userXX --token=kubeconfig-user-token
kubectl config set-context mycontext --cluster mycluster --namespace product-api --user=rancher-userXX
```#### create a deployment
```
kubectl create deployment blog --image eumel8/nginx-none-root
```#### etcd show member
```
ETCDCTL_API=3 etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --endpoints=https://10.23.142.108:2379 member list
```#### Restore etcd [in Rancher cluster](https://rancher.com/docs/rancher/v2.x/en/cluster-admin/restoring-etcd/)
```
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock mtr.external.otc.telekomcloud.com/mcsps/runlike:latest etcd
# save output
docker stop etcd
docker rename etcd etcd-old
# remove all other etcd nodes from --initial-cluster in output
# add --force-new-cluster in output
# run the output script
# add addtional etcd nodes
```#### Restore etcd [from file](https://etcd.io/docs/v3.4/op-guide/recovery/)
```
unzip /opt/rke/etcd-snapshots/c-tg2bh-rs-8bggs_2022-03-09T09\:25\:42Z.zip
mv backup/c-tg2bh-rs-8bggs_2022-03-09T09\:25\:42Z /var/lib/etcd
docker run --name=etcdrestore --hostname=vm-frank-test-k8s-00-ranchermaster-1 --env=ETCDCTL_API=3 --env=ETCDCTL_ENDPOINTS=https://127.0.0.1:2379 --env=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --volume=/var/lib/etcd/r3:/var/lib/rancher/etcd/ --network=host --workdir=/ --detach=true mtr.external.otc.telekomcloud.com/rancher/mirrored-coreos-etcd:v3.4.16-rancher1 /usr/local/bin/etcdctl snapshot restore /var/lib/rancher/etcd/c-tg2bh-rs-8bggs_2022-03-09T09\:25\:42Z --initial-advertise-peer-urls=https://10.9.3.92:2380 --initial-cluster-token=etcd-cluster-1 --name=etcd-vm-frank-test-k8s-00-ranchermaster-1 --initial-cluster=etcd-vm-frank-test-k8s-00-ranchermaster-1=https://10.9.3.92:2380 --data-dir=/var/lib/rancher/etcd/data
mv /var/lib/etc/r3/data/member /var/lib/etc
```make the etcd recovery with initial-cluster as above
#### Explain Custome Resource Defintions
```
kubectl explain alertmanagerconfig.spec.receivers
```#### Set a StorageClass as default
```
kubectl edit sc sata
metadata:
annotations:
storageclass.kubernetes.io/is-default-class: "true"
```#### List allocated resources on all Kubernetes Nodes
```
for i in `kubectl get nodes --no-headers --output=name`;do echo $i; kubectl describe $i | grep "Allocated resources" -A 5;done
```#### Which ServiceAccount is defined in Workloads
```
kubectl -n kube-system get deployments -o json | jq -r '"name :",.items[].metadata.name,"container :",.items[].spec.template.spec.containers[].name,"serviceAccount :",.items[].spec.template.spec.serviceAccountName'
```#### Which ServiceAccount used which (Cluster)RoleBindings
```
wget -qO- https://github.com/FairwindsOps/rbac-lookup/releases/download/v0.7.1/rbac-lookup_0.7.1_Linux_x86_64.tar.gz | tar xfz - rbac-lookup
./rbac-lookup database-operator -k serviceaccount -o wide
tar xvfz
```#### Which permissions have I
```
kubectl auth can-i 'patch' 'rdss' -n rds3
```#### Which nodes are in which AZ
```
kubectl get nodes -o json | jq -r '.items[]| .metadata.labels."topology.kubernetes.io/zone" + " - " + .metadata.labels."kubernetes.io/hostname"' | sort
```#### K3S Recover cluster failed due the cluster api authentication failure
https://github.com/k3s-io/k3s/issues/2788```
kubectl get secrets -A|grep service-account-token | awk '{print "kubectel -n "$1 " delete secret "$2}'
kubectl get pods -A| awk '{print "kubectel -n "$1 " delete pod "$2}'remove all secrets and restart pods with fresh service account token
```#### Grab information from K8S resource description
```
kubectl get pods --namespace cognigy -l "app=prometheus-redis-exporter,release=prometheus-redis-persistent-exporter" -o jsonpath="{.items[0].metadata.name}"
```#### Scale down all resources
```
kubectl -n default scale all --all --replicas=0
```#### Force delete PODs in state Terminating
```
kubectl delete pod --grace-period=0 --force broken_pod
```#### Which (Cluster)RoleBindings are associated to a ServiceAccount
```
kubectl get clusterrolebindings -o json | jq -r '.items[] | select( .subjects // [] | .[] | [.kind,.namespace,.name] == ["ServiceAccount","cert-manager","cert-manager"]) | .metadata.name'
```#### Which deprecated API are in use
using Kube No Trouble (kubent)
```
curl -L https://git.io/install-kubent | sh -
kubent -o json | jq -r '.[] | select (."ApiVersion"| contains("networking"))'
```#### Who requested cpu/memory resources in the cluster
```
kubectl get pods -A -o json | jq -r '.items[] |"\(.spec.containers[].resources.requests.cpu);\(.spec.containers[].resources.requests.memory);\(.metadata.namespace);\(.metadata.name);"'| sort -nr | grep -v "^null"
```#### Check if all certificates of application are valid
```
kubectl get certificates -A -o json | jq -r '.items[] | .status.notAfter + " => " + .metadata.namespace + "/" + .metadata.name' | sort -n
```#### Show PODs in state 'Pending'
```
kubectl get pods --no-headers -A --field-selector=status.phase=Pending
```#### Expande Persistant Volume Claim (PVC) with cinder volume expander
```
# scale down workload
kubectl -n cms scale --replicas=0 statefulset management-solr-master
# increase volume size
kubectl -n cms edit pvc management-solr-master-pv-claim
# scale up workload
kubectl -n cms scale --replicas=0 statefulset management-solr-master
# show results
kubectl -n cms describe pvc management-solr-master-pv-claim
```#### Show taint values on all nodes
```
kubectl get nodes -o json| jq -r '.items[]| .metadata.name + " - " + .spec.taints[]?.value'
```#### Update kubectl.kubernetes.io/last-applied-configuration annotation (used by kubent for API deprecation)
```
kubectl -n mcsps-certs get ingress mcsps-certs -o yaml |kubectl apply -f -
```#### Remove finalizer with cli (on batch mode)
```
kubectl patch volumesnapshot redis-persistent-1622552970 -p '{"metadata":{"finalizers":null}}' --type=merge
```#### top consumer per ip-address on ingress-nginx controller logs
```
for i in `kubectl -n ingress-nginx get pod -lapp=ingress-nginx --no-headers=true| awk '{print $1}'`; do kubectl -n ingress-nginx logs $i | awk '{print $1}' | grep "^[0-9]*\.";done | sort | uniq -c | sort -nr | head -100
```#### which flavor have my nodes
```
kubectl get nodes -o json|jq -r '.items[]| .metadata.name + " - " + .metadata.labels."node.kubernetes.io/instance-type"' | sort --version-sort
```#### copy data from different PODs and different Cluster
```
kubectl --context=cl01 exec mysql-client-0 -- tar cf - /mysql | kubectl --context=cl02 exec -i mysql-client-0 -- tar xvf - -C /
```
#### Helm, why uninstalling failed:```
helm -n cattle-logging-system status rancher-logging --show-resources
```#### Helm keep resources after install
```
kind: Secret
metadata:
annotations:
"helm.sh/resource-policy": keep
```#### Kubectl raw access
```
kubectl get --raw '/apis/custom.metrics.k8s.io/v1beta1/namespaces/default/pods/*/buffer_space_usage_ratio'
```#### Get users with specific columns
```
kubectl get users -o=custom-columns=PRINCIPALIDS:.principalIds
```#### Show Secrets with empty Fields
```
kubectl get secrets -o json -A | jq -r '.items[]| select ( [.type] == ["helm.sh/release.v1"]) | select (.data.release | length) == 0'
```#### Show timestamps of Ingress creation
```
kubectl get ingress -o json -A | jq -r '.items[]| {time: .metadata.creationTimestamp, namespace: .metadata.namespace,name: .metadata.name}'
```#### Kubectl in Windows Powershell
```
# download with browser https://dl.k8s.io/release/v1.26.0/bin/windows/amd64/kubectl.exe
$Env:KUBECONFIG="kube-config.yml"
.\kubectl.exe get nodes
```#### Get ServiceAccount token content
```
kubectl -n cattle-prometheus-p-kjbkq get secrets project-monitoring-token-fw4zr -o jsonpath='{.data.token}' | base64 --decode
```#### Copy files from POD with kubectl without tar
```
kubectl -n prod exec -it deployment-7459dbbbc6-2tptq -- cat /config/values.yaml > values.yaml
```#### kubectl which pods have emptyDir volume with memory medium
```
kubectl get pods -A -o=json | jq -c '.items[] | {kubectln: .metadata.namespace, deletepod: .metadata.name, volumes:.spec.volumes[]?.emptyDir |select( has ("medium")).Memory }'
```#### kubectl loop to grep in a pod file
```
for i in `kubectl -n kube-system get pods | grep mcsps-agent |awk '{print $1}'`; do kubectl -n kube-system exec -it $i -- bash -c 'grep "no space" /node/var/log/syslog';echo $i;done
```#### kubectl replace a job
```
kubectl get job "your-job" -o json | kubectl replace --force -f -
```#### kubectl show deployment history and diff
```
diff <(kubectl -n lab rollout history deployment db-deployment --revision=34) <(kubectl -n lab rollout history deployment db-deployment --revision=33)
```#### kubectl cp alternative
```
tar -cf - vcluster-backup | kubectl -n kunde2 exec --stdin kunde2-vcluster-0 -- sh -c "cat > /tmp/vcluster-backup.tar"
```#### kubectl decode secret with dot file name
```
kubectl get secret -n -o jsonpath='{.data.csi-vsphere\.conf}' | base64 --decode
```[Top](#top)
## Helm
#### Delete Helm deployment with deprecated API
```
PATCH_DATA=$(kubectl -n test get secrets sh.helm.release.v1.my-app-test.v1 -o json | jq .data.release -r | base64 -d | base64 -d | gunzip | sed 's|networking.k8s.io/v1beta1|networking.k8s.io/v1|' | gzip -c | base64 | base64)
kubectl -n fd-test patch secret sh.helm.release.v1.my-app-test.v1 --type='json' -p="[{\"op\":\"replace\",\"path\":\"/data/release\",\"value\":\"$PATCH_DATA\"}]"
helm -n test delete my-app-test
release "my-app-test" uninstalled
```#### Curl some service/pod endpoints with kubectl
```
curl -ks https://`kubectl get svc frontend -o=jsonpath="{.status.loadBalancer.ingress[0].ip}"`/version
```#### PreStop hook of a Pod
```
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- until [ -f /opt/exit-signals/SIGTERM ]; do sleep 1; done;
```#### create a secret from stdin
```
cat age.agekey |
kubectl create secret generic sops-age \
--namespace=flux-system \
--from-file=age.agekey=/dev/stdin
```[Top](#top)
## Rancher
#### Reset admin password
```
kubectl -n cattle-system exec -it -- reset-password
```#### Snapshot Restore in progres??
```
kubectl get clusters c-lvjds -o json | jq -r '. | select(.spec.rancherKubernetesEngineConfig.restore.restore==true)'
```#### delete namespace in state Terminating (in Rancher)
```
kubectl get ns glusterstorage -o json > gl.json # delete entries in finalizers list
curl -k -H "Content-Type: application/json" -H "authorization: Bearer xxxx" -X PUT --data-binary @gl.json https://raseed-test.external.otc.telekomcloud.com/k8s/clusters/c-bsc65/api/v1/namespaces/glusterstorage/finalizekubectl get namespace "cattle-system" -o json \
| tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" \
| kubectl replace --raw /api/v1/namespaces/cattle-system/finalize -f -
```#### delete namespace in state Terminating without extra Bearer token
```
kubectl proxy &
curl -k -H "Content-Type: application/yaml" -X PUT --data-binary @tmp.yaml http://127.0.0.1:8001/api/v1/namespaces/delete-me/finalize
kubectl proxy &
PID=$!
```or
```
curl -X PUT http://localhost:8001/api/v1/namespaces/delete-me/finalize -H "Content-Type: application/json" --data-binary @ns-without-finalizers.json
kill $PID
```#### delete resources without controller anymore
```
kubectl -n diagnostic patch projectalertgroups.management.cattle.io projectalert-workload-alert -p '{"metadata":{"finalizers":null}}' --type=merge
kubectl -n diagnostic delete projectalertgroups.management.cattle.io projectalert-workload-alert
```#### RKE bad handshake
```
rke cert rotate --rotate-ca --config cluster.yml
```#### Can't remove nodes from UI which are already removed but still there
```
# get a list of nodes for the cluster
kubectl -n c-lvjds get nodes.management.cattle.io
# edit specific node and remove "Finalizer" and the keys behind, which caused the blocking state
kubectl -n c-lvjds edit nodes.management.cattle.io m-a65b8ee3055b
```#### Get RKE system images
```
kubectl -n cattle-global-data get rkek8ssystemimages
```#### Node Cleanup
* https://gist.githubusercontent.com/superseb/2cf186726807a012af59a027cb41270d/raw/eaa2d235e7693c2d1c5a2a916349410274bb95a9/cleanup.sh
#### CloudController Manager LoadBalancer wrong selector:
remove lb ingress selector io.cattle.field/appId: mcsps-openstack-cloud-controller-manager (ref: https://github.com/rancher/rancher/issues/28275)
```
kubectl -n ingress-nginx edit service openstack-lb
```#### Check if cluster certificates are still valid in Rancher
```
curl -s -H "Content-Type: application/json" -H "authorization: Bearer xxxxxxxxxxxxxxx" https://raseed-test.external.otc.telekomcloud.com/v3/clusters/local | jq -c '.certificatesExpiration|to_entries[] | select(.value.expirationDate <= '\"`date -d "+ 1 month" -I`\"') | [.key, .value.expirationDate']
```#### rancher-webhhok x509: certificate has expired or is not yet valid
```
kubectl -n cattle-system edit deployments.apps rancher-webhook
```downgrade image tag from v0.2.1 to v0.1.1 and back
#### Check cert validation on K3S cluster
```
cd /var/lib/rancher/k3s/server/tls
for i in `ls *.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done
```#### Downstream cluster can't connect to Rancher
```
kubectl -n cattle-system edit deployment cattle-cluster-agentremove cattle ca checksum value
- name: CATTLE_CA_CHECKSUM
value: 7a727981d669aa65eb5c2b869eb976011e4dc63cf5eb9f9e9736a4338e578ce9
```#### Get Admin Credentials from Rancher downstream cluster
```
docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.label-schema.vcs-url=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml get configmap -n kube-system full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .currentState.certificatesBundle.\"kube-admin\".config | sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://127.0.0.1:6443\"_"' > kubeconfig_admin.yaml
```newer:
```
docker run --rm --net=host -v $(docker inspect kubelet --format '{{ range .Mounts }}{{ if eq .Destination "/etc/kubernetes" }}{{ .Source }}{{ end }}{{ end }}')/ssl:/etc/kubernetes/ssl:ro --entrypoint bash $(docker inspect $(docker images -q --filter=label=org.opencontainers.image.source=https://github.com/rancher/hyperkube.git) --format='{{index .RepoTags 0}}' | tail -1) -c 'kubectl --kubeconfig /etc/kubernetes/ssl/kubecfg-kube-node.yaml get configmap -n kube-system full-cluster-state -o json | jq -r .data.\"full-cluster-state\" | jq -r .currentState.certificatesBundle.\"kube-admin\".config | sed -e "/^[[:space:]]*server:/ s_:.*_: \"https://127.0.0.1:6443\"_"' > kubeconfig_admin.yaml
```#### Get API token on local Rancher controlnode
```
TOKEN=$(kubectl -n cattle-system get secret `kubectl -n cattle-system get sa cattle -o jsonpath={.secrets[0].name}` -o jsonpath={.data.token} | base64 -d)
curl -v -k -H "Authorization: Bearer $TOKEN" https://127.0.0.1:6443/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy
curl -v -k -H "Authorization: Bearer $TOKEN" https://127.0.0.1:6443/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-alertmanager:9093/proxy
```#### Debug Banzaicloud Logging Operator in Rancher
```
kubectl -n cattle-logging-system exec -it rancher-logging-fluentd-0 -- cat /fluentd/log/out
```#### Banzaicloud fluentd loglevel
```
kubectl -n cattle-logging-system edit loggings.logging.banzaicloud.io rancher-loggingfluentd:
logLevel: debug
```#### Banzeicloud check config
```
kubectl -n cattle-logging-system get secrets rancher-logging-fluentd-app -o jsonpath="{.data['fluentd\.conf']}" | base64 --decode
```#### Banzeicloud logging flow - ignore unknown fields
```
- parser:
emit_invalid_record_to_error: true
parse:
keep_time_key: true
type: json
remove_key_name_field: true
reserve_data: true
```#### Replace deprecates kubectl componentstatus
```
kubectl get clusters.management.cattle.io local -o json | jq '.status.componentStatuses[] | .name,.conditions[].message'
``````
curl -s -H "Content-Type: application/json" -H "authorization: Bearer " https://raseed-test.external.otc.telekomcloud.com/k8s/clusters/local/apis/management.cattle.io/v3/clusters/local| jq '.status.componentStatuses[] | .name,.conditions[].message'
```#### Search in Rancher audit logs for sso users
```
audit.user.extra.username
```#### Set Rancher in debug mod
```
kubectl -n cattle-system exec -it rancher-yyyy loglevel --set debug
or
kubectl -n cattle-system exec -it rancher-yyyy loglevel --set trace
```#### Websocket Disconnect Error in 2.6.8 UI
In Browser Dev Console, Live Filter Expression
```
var element = document.getElementsByClassName("growl-container"); while(element[0]) { element[0].parentNode.removeChild(element[0]); }
```#### Reconnect Cattle Cluster agents
```
kubectl patch clusters.management.cattle.io -p '{"status":{"agentImage":"dummy"}}' --type merge
```#### Which user has many tokens
```
kubectl get tokens.management.cattle.io -o json | jq -r '.items[].userId' | sort | uniq -c | sort -nr |head -10
```#### Which customer I have
```
kubectl get projects.management.cattle.io -A -o json | jq -r '.items[]| .spec.clusterName + "/" + .spec.displayName' | sort | grep -v Default | grep -v System
```#### Dirty Secrets from Helm installs
```
#!/bin/bashhelm3_releases=$(kubectl get secrets -A --field-selector type=helm.sh/release.v1 -o=jsonpath='{range .items[*]}{.metadata.namespace}{","}{.metadata.name}{"\n"}{end}')
for release in $helm3_releases; do
ns=$(echo $release | cut -f1 -d,)
name=$(echo $release | cut -f2 -d,)
kubectl get secret -n $ns $name -o jsonpath='{.data.release}' | base64 -d | base64 -d | gunzip > /dev/null
if [[ $? != "0" ]]; then
echo "Got a dirty data: $ns--$name"
fi
done
```#### Generate temporary token
```
curl -s -X POST https://caas-portal-test.telekom.de/v3/tokens -H "Authorization: Bearer kubeconfig-u-xxx" -H "Content-Type: application/json" -d '{"type":"token","metadata":{},"description":"test delete after 5 minutes","clusterId":"c-fxzb9","ttl":300000}' | jq -r .
``````
curl -s -X POST https://caas-portal-test.telekom.de/v3/tokens -H "Authorization: Bearer kubeconfig-u-xxxxx" -H "Content-Type: application/json" -d '{"type":"token","metadata":{},"description":"test delete after 5 minutes","clusterId":"c-fxzb9","ttl":300000}' | jq -r '"apiVersion: v1\nkind: Config:\nclusters:\n- name: \"t02\"\n user:\n token: "+.token+"contexts:\n- name: \"t02\"\n context:\n user: \"t02\" cluster: \"t02\"current-context: \"t02\"\n"'
```#### Which Goroutines handle errors
```
while true; do
for pod in $(kubectl get pods -n cattle-system --no-headers -l app=rancher | cut -d ' ' -f1); do
kubectl exec -n cattle-system $pod -- curl -s http://localhost:6060/debug/pprof/goroutine -o goroutine
kubectl cp cattle-system/${pod}:goroutine ./goroutine
go tool pprof -top -cum ./goroutine | grep returnErr
done
sleep 3
done
```other queries for other services:
- go tool pprof -top http://127.0.0.1:8080/debug/pprof/heap
- go tool pprof -top http://127.0.0.1:8080/debug/pprof/allocs#### Rancher diagnostic
see https://k3s.otc.mcsps.de/dashboard/diagnostic
[Top](#top)
#### Containterd list containers
```
ctr c list
```#### Containterd list containers within k3s
```
k3s crictl ps
```#### Containterd list images within k3s
```
k3s crictl images
```[Top](#top)
## Terraform
#### Use local provider instead remote (or snapshot version)
```
cat ~/.terraformrc
plugin_cache_dir = "$HOME/.terraform.d/plugin-cache"
disable_checkpoint = trueprovider_installation {
filesystem_mirror {
path = "/home/ubuntu/.terraform.d/plugin-cache"
}
}
```The plugin location on Linux will be ` ~/.terraform.d/plugin-cache/registry.terraform.io/opentelekomcloud/opentelekomcloud/1.25.3-SNAPSHOT-09496217/linux_amd64/terraform-provider-opentelekomcloud_v1.25.3-SNAPSHOT-09496217` to use
a snapshot version from https://zuul.otc-service.com/t/eco/project/github.com/opentelekomcloud/terraform-provider-opentelekomcloud[Top](#top)
## Mac
#### Can't start unsigned programms in zsh
```
sudo spctl --master-disable
```### Search for apps with network problems
```
sudo lsof -i -n| grep -i micros| grep -i syn
```[Top](#top)
#### Virtual Console with virt-viewer
```
virt-viewer -c qemu+ssh://[email protected]/system test
```#### ZFS set automatic mountpoints (lxd story)
```
zfs get mountpoint lxd00/containers/dns
zfs set mountpoint=/var/lib/lxd/containers/dns.zfs lxd00/containers/dns
zfs mount lxd00/containers/jump
cd /var/lib/lxd/containers
ln -s /var/lib/lxd/containers/dns.zfs dnsused by rollback lxd 2.2 to 2.0
```#### SMTP connect test with curl
```
curl -v smtp://out-cloud.mms.t-systems-service.com:25 --mail-from [email protected] --mail-rcpt [email protected] --upload-file /etc/os-release
oder
openssl s_client -connect securesmtp.t-online.de:465
```#### My current permissions in Windows
```
rundll32.exe keymgr.dll KRShowKeyMgr
```#### Linux Logfile Expire
```
journalctl –vacuum-time=3d
```#### My current Internet ip-address
```
curl https://ipinfo.io/ip
```#### kubeadm create token with join command
```
kubeadm token create --print-join-command
```#### Find dead links on bash (Too many levels of symbolic links)
```
find -L -xtype l
```#### Github Action - show secrets
```
echo ${{ secrets.DOCKER_USERNAME }} | sed 's/./& /g'
```#### Create repos in Quay Registry, based on another Quay Registry
requires API App Token with repo admin permissions
```
for i in `curl -s -H "Authorization: Bearer xxxxx" "https://mtr.external.otc.telekomcloud.com/api/v1/repository?namespace=coremedia" | jq -r ".[][].name"`; do curl -s -X POST -H 'Authorization: Bearer xxxxx' https://mtr.devops.telekom.de/api/v1/repository -d '{"repo_kind": "image", "namespace": "coremedia", "visibility": "private", "repository": "'$i'", "description": "autogenerated repo"}' -H 'Content-Type: application/json';done
```#### Test POST commands in curl
```
curl https://httpbin.org/post -d "firstname=john&lastname=doe"
```#### Nginx Ingress Real-IP
```
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |-
proxy_set_header X-Original-Forwarded-Host $http_x_forwarded_host;
```#### Ubuntu unmet dependency in packages
```
sudo apt -o Dpkg::Options::="--force-overwrite" --fix-broken install
```#### Prometheus top metrics
```
topk(20, count by (__name__)({__name__=~'.+'}))
```#### Prometheus API Query
```
curl -v 'http://10.42.41.246:9090/api/v1/query?query=container_cpu_usage_seconds_total'
```#### Prometheus federate endpoint query
```
export TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token`
curl -v -X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" http://prometheus-operated.cattle-prometheus:9090/federate?
match[]=%7B__name__=~%22.%2B%22%7D
```#### Status of Helmchart resources
```
kubectl describe helmcharts,helmreleases -n cattle-monitoring-system -l helm.cattle.io/projectId=p-9krzc
```#### Watch Events for Helmcharts
```
kubectl get helmcharts -n cattle-monitoring-system --watch -o=jsonpath="{.metadata.name} {.status}"
```#### Watch Events for Helmreleases
```
kubectl get helmreleases -n cattle-monitoring-system --watch -o=jsonpath="{.metadata.name} {.status}"
```#### Get all Helmreleases
```
kubectl -n cattle-monitoring-system get helmreleases.helm.cattle.io
```#### Prometheus defensive 1
```
sum by(username, resource)(rate(apiserver_request_total{resource=~"secrets|configmaps",code=~"401|403"}[5m]))
```#### Prometheus defensive 2
```
rate(apiserver_request_total{verb=~"CREATE|UPDATE|PATCH|DELETE",scope=~"cluster"}[5m])
```#### Ubuntu Kernel Pinning
```
apt-get update
apt install -y linux-image-4.15.0-65-generic
apt-mark hold linux-image-generic linux-headers-generic linux-image-4.15.0-65-generic
```#### Create a GCP Cluster with Cloud Shell
```
export my_region=us-east1
export my_cluster=autopilot-cluster-1
gcloud container clusters create-auto $my_cluster --region $my_region
gcloud container clusters get-credentials $my_cluster --region $my_region
kubectl get nodes
```or
```
gcloud container clusters create bootcamp \
--machine-type e2-small \
--num-nodes 3 \
--scopes "https://www.googleapis.com/auth/projecthosting,storage-rw"
```#### Copy stuff in GCP
```
gsutil -m cp -r gs://spls/gsp053/orchestrate-with-kubernetes .
cd orchestrate-with-kubernetes/kubernetes
```#### Show GCP audit log
```
gcloud logging read \
"logName=projects/$DEVSHELL_PROJECT_ID/logs/cloudaudit.googleapis.com%2Fdata_access"
``````
gcloud logging read \
"logName=projects/$DEVSHELL_PROJECT_ID/logs/cloudaudit.googleapis.com%2Factivity"#### Launch VM in GCP
```
gcloud compute instances create www1 \
--zone=us-east1-d \
--tags=network-lb-tag \
--machine-type=e2-small \
--image-family=debian-11 \
--image-project=debian-cloud \
--metadata=startup-script='#!/bin/bash
apt-get update
apt-get install apache2 -y
service apache2 restart
echo "Web Server: www1
" | tee /var/www/html/index.html'
```#### ssh copy id for your ssh key to target system
```
ssh-copy-id -i ./id_rsa
```#### how many threads running per process (and which one)
```
ps -eo s,user,cmd | grep ^[RD] | sort | uniq -c | sort -nbr | head -20
1 R root ps -eo s,user,cmd
ps -eo s,user | grep ^[RD] | sort | uniq -c | sort -nbr | head -20
```#### see the content of a iso file (as user)
```
isoinfo -i /httpboot/redfish/boot-dd23e88e-036b-4b67-91ed-ce2b31388958.iso -l
```[Top](#top)