GitLab Projects

kupfer plugins

kubernetes Federation

link to docu

# go to your gopath
cd /opt/go/src/
systemctl start docker
git clone
cd federation-v2
export PATH=$PATH:/root/federation-v2/bin
# setup kubectl.conf with contexts of each cluster
# install federation to one of the clusters with helm []
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
  name: tiller
  namespace: kube-system
kind: ClusterRoleBinding
  name: tiller
  kind: ClusterRole
  name: cluster-admin
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system
helm init --service-account tiller --upgrade -c

install with helm

helm repo add kubefed-charts
helm search kubefed
helm install kubefed-charts/kubefed --name kubefed --version=0.1.0-rc6 --namespace kube-federation-system

for each cluster you running kubernetes create a cluster in federation make sure you set the kubeconfig context to the cluster which runs the federation

# kubefedctl join <name of cluster> --cluster-context <name of context in your kubeconfig> --host-cluster-context <name of context which holds the federation control plane>
kubefedctl join cluster1 --cluster-context ams1 --host-cluster-context ams1 --v=2
kubefedctl join cluster2 --cluster-context fra1 --host-cluster-context ams1 --v=2

kubectl -n kube-federation-system get
# make sure all clusters are ready

enable api groups on federation

# the core type will be always enabled
kubefedctl enable <your type>

kubectl --context=cluster1 api-resources

create namespace and federate it

kubectl create namespace federatednamespace
kubefedctl federate namspace federatednamespace
# federation a namespace without --contents will only enable federation types on namespace and doesn't distribute all contents to other clusters

# federate deployment to all clusters
kubefedctl -n federatednamespace federate deployments.apps nginx

boot livecd

loadkeys de-latin1
loadskeys /usr/share/kbd/keymaps/i386/qwertz/
gdisk /dev/sda
fdisk /dev/sda

3 partitions

/boot  => ext4
/      => cryptsetup
/swap  => swap

dhcpcd enp4s0

connect wlan

wpa_passphrase  SSID  Passwort  > /etc/wpa_supplicant/wpa_supplicant.conf
wpa_supplicant -i wlp0s1 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf -B
dhcpcd wlp0s1

disk encryption

cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sda2
cryptsetup open --type luks /dev/sda2 cryptroot

btrfs filesystem

mkfs.btrfs -L thorko /dev/sda2
mount /dev/mapper/cryptroot /mnt

btrfs subvolume create /dev/mapper/cryptroot/opt
btrfs subvolume create /dev/mapper/cryptroot/home
btrfs subvolume create /dev/mapper/cryptroot/var
btrfs subvolume create /dev/mapper/cryptroot/root
umount /mnt
mount -o subvol=root /dev/mapper/cryptroot /mnt
mkdir /mnt/{home,opt,var,boot}
mount -o subvol=home /dev/mapper/cryptroot /mnt/home
mount /dev/sda1 /mnt/boot


proc /proc proc nosuid,noexec,nodev 0 0
sysfs /sys sysfs nosuid,noexec,nodev 0 0
tmpfs /run tmpfs defaults 0 0
/dev/sda1 /boot ext3 rw,relatime,data=ordered 0 0
/dev/mapper/root / btrfs rw,relatime,ssd,space_cache,discard,autodefrag,compress=lzo,subvol=_active/rootvol 1 1                       
/dev/mapper/root /home btrfs rw,acl,relatime,ssd,space_cache,discard,autodefrag,compress=lzo,subvol=_active/home 0 0
/dev/mapper/root /var btrfs rw,relatime,ssd,space_cache,discard,autodefrag,compress=lzo,subvol=_active/var 0 0
/dev/mapper/root /opt btrfs rw,acl,relatime,ssd,space_cache,discard,autodefrag,compress=lzo,subvol=_active/opt 0 0

install system

pacstrap /mnt base base-devel wpa_supplicant

create fstab

genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
hwclock --systohc

echo LANG=en_US.UTF-8 > /etc/locale.conf
echo LC_COLLATE=C >> /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf

echo KEYMAP=de-latin1 > /etc/vconsole.conf
echo FONT=lat9w-16 >> /etc/vconsole.conf

vim /etc/hostname

vim /etc/hosts localhost.localdomain localhost
::1   localhost.localdomain localhost myhostname.localdomain  myhostname

create crypttab

vim /etc/crypttab

# <target name>  <source device>         <key file>      <options>
root /dev/sda2  none    luks



HOOKS="... keyboard keymap block encrypt ... filesystems ..."
mkinitcpio -p linux

root password



pacman -Sy grub vim sudo
vim /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg

check for insmod luks in grub.cfg

grub-install --target=i386-pc /dev/sda

set up network

ip link set eth0 up
pacman -S xorg-server xorg-xinit
pacman -S xorg-drivers
pacman -S xf86-input-synaptics
vim /etc/resolv.conf
vim /etc/pacman.d/mirrorlist
useradd -m -g users -s /bin/bash thorstek

pacman -S acpid ntp dbus avahi cups cronie
systemctl enable acpid
systemctl enable ntpd
systemctl enable avahi-daemon
systemctl enable org.cups.cupsd.service

localectl set-x11-keymap de pc105 de_nodeadkeys
pacman -S ttf-dejavu
cp /etc/X11/xinit/xinitrc ~/.xinitrc


pacman -S plasma kde-l10n-de
pacman -S plasma-wayland-session
pacman -S kde-applications
pacman -S sddm
pacman -S sddm-kcm
systemctl enable sddm


remove package

pacman -R <package>


pacman -Ss <package>
pacman -Ss '^vim-'


pacman -Syu

list installed

pacman -Q

search file in package

pacman -Fs <file>


skip from upgrade Warning: Be careful in skipping packages, since partial upgrades are unsupported.



add splash to /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash loglevel=3"


HOOKS=(...udev plymouth .. keyboard keymap block plymouth-encrypt filesystems...)

install plymouth

set theme plymouth-set-default-theme -l plymouth-set-default-theme

search for postfix mail transactions

postfix/* | rex field=_raw "[^:]+:[^:]+:[^:]+: (?<MaybeUnique>\w+):" | transaction MaybeUnique | search ""


tar -xzvf <splunk.tar.gz> -C /opt
cd /opt/splunk/bin
./splunk start

enable at boot

cd /opt/splunk/bin
./splunk enable boot-start

setup new receiver

Settings->Forwarding and Receiving New Receiver port 8334

add monitor

./splunk add monitor /var/log/messages

set custom resolution on external monitors

cvt <width> <height> <refresh rate>
xrandr --newmode "1680x1050_60.00"  146.25  1680 1784 1960 2240  1050 1053 1059 1089 -hsync +vsync
xrandr --addmode VGA-0 1680x1050_60.00
xrandr --output VGA-0 --mode 1680x1050_60.00



kubectl run -i --tty busybox --image=busybox --restart=Never -- sh   

get the source

in scripts/k8s/sensu-go

kubectl create namespace monitoring

deploy the kube-state-metrics

kubectl apply -f kubernetes/

install sensuctl


install sensu-backend

kubectl create -f sensu-backend.yaml

port-forward to your machine

kubectl port-forward sensu-backend-.... 8080:8080 8081:8081 3000:3000

install sensuctl bash completion

source <(sensuctl completion bash)

install sensu agents and influxdb

kubectl -n monitoring create configmap influxdb-config --from-file influxdb.conf
kubectl create -f influxdb.sensu.yaml

setup sensu pipeline to store metrics in influxdb

sensuctl namespace create rzneo
sensuctl config set-namespace rzneo
sensuctl create --file influxdb-handler.yaml
sensuctl create --file influxdb.yaml

create asset to get kubernetes metrics

sensuctl create --file prometheus-collector.yaml

deploy grafana

kubectl -n monitoring create configmap grafana-provisioning-datasources --from-file=grafana-provisioning-datasources.yaml
kubectl -n monitoring create configmap grafana-provisioning-dashboards --from-file=grafana-provisioning-dashboards.yaml
kubectl apply -f grafana.sensu.yaml

deploy sensu-agent daemonset

kubectl apply -f sensu-agent-daemonset.yaml
sensuctl create --file kube-state-prometheus.yaml

add vm monitoring

create checks

sensuctl asset create sensu-ruby-runtime --url "" --sha512 "7b254d305af512cc524a20a117c601bcfae0d51d6221bbfc60d8ade180cc1908081258a6eecfc9b196b932e774083537efe748c1534c83d294873dd3511e97a3"
sensuctl asset create sensu-plugins-cpu-checks --url "" --sha512 "518e7c17cf670393045bff4af318e1d35955bfde166e9ceec2b469109252f79043ed133241c4dc96501b6636a1ec5e008ea9ce055d1609865635d4f004d7187b"
sensuctl check create metrics-cpu --command 'metrics-cpu-pcnt-usage.rb' --interval 60 --subscriptions system --runtime-assets sensu-plugins-cpu-checks,sensu-ruby-runtime


sensuctl asset create sensu-plugins-memory-checks --url "" --sha512 "ea297a85aa3612da7f78d948f9784443fffac511040c5130a2dcde7191a0004044c2ef881e665520cbc64431955ab19920d84de6b5fed85c63da7091c4b93bf0"
sensuctl check create metrics-memory --command 'metrics-memory.rb' --interval 60 --subscriptions system --runtime-assets sensu-plugins-memory-checks,sensu-ruby-runtime

set check output metric handler

sensuctl check set-output-metric-handlers metrics-cpu influxdb
sensuctl check set-output-metric-format metrics-cpu graphite_plaintext
sensuctl check set-output-metric-handlers metrics-memory influxdb
sensuctl check set-output-metric-format metrics-memory graphite_plaintext

demo app monitoring

create user with admin

sensuctl namespace create odd
sensuctl config set-namespace odd
sensuctl role create dev --verb get,list,create,update,delete --resource \* --namespace odd
sensuctl role-binding create dev --role dev --group dev
sensuctl user create odd --password odd12345 --namespace odd -g dev

change user

sensuctl configure -n --password 'odd12345' --username odd --url http://localhost:8080 --format tabular --namespace odd

create demo app

kubectl create namespace odd
kubectl apply -f dummy.sensu.yaml

create asset

sensuctl create --file check-plugins.yaml

create check

sensuctl create --file dummy-app-healthz.yaml

docker doesn't start

rm -rf /var/lib/docker/*

list images

docker images

list images in registry

curl -k https://myregistry:5000/v2/_catalog | jq

list tags

curl -k https://myregistry:5000/v2/base/alpine/tags/list | jq
export DOCKER_HOST=tcp://
docker build - < Jenkins_Docker

build image from Dockerfile

docker build --tag=test -f ./Dockerfile .apiVersion: v1
kind: PersistentVolume
  name: nfs-pgdata-prod
    app: postgresql
    env: default
    storage: 2G
    - ReadWriteOnce
    path: "/mnt/nfs-ng-fra1-part2/postgres/production/pg-master"

list all containers

docker ps -a

run new container

docker run <image>

start existing container

docker start <containerid>

map host network (even localhost) to container

docker run --net="host" <image>
docker exec -it <container> /bin/sh
docker run --entrypoint "/usr/bin/top" -it <image>
docker delete image
docker rm $(docker ps -a -q)
docker rmi <image>

remove stopped containers

docker container ls -a --filter status=exited --filter status=created
# remove all stopped containers
docker container prune

remove docker volumes

docker volume ls
docker volume rmi 4e678419bf18adddc3c7a4b23457512af8913af888ba7243dec4b6db64293163

expose port

docker exec -ti <container_name> bash

docker own registry

# copy your cert to /etc/docker/certs.d/<docker registry name>
mkdir -p /etc/docker/certs.d/
cp docker-registry.crt /etc/docker/certs.d/

push image

docker commit <container> <image>
docker tag <image> <registry image>
docker push <registry image>

docker commit eb46aefe135c ipnanny/ipnanny:1.0
docker tag ipnanny/ipnanny:1.0
docker push

show mounted path

docker inspect -f "{{ .Mounts }}" <container>

delete registry

curl -i -k -X GET

docker Xorg
xhost +
docker run -ti --memory 2gb --rm -e DISPLAY=unix:0 -v /tmp/.X11-unix:/tmp/.X11-unix  -v=/dev/dri:/dev/dri:rw myimage mycmd


docker registry cleanup

enable ipv6

(c) 2014 by