Saturday, December 28, 2019
Fedora: containers registries file
registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.
/etc/containers/registries.conf
mounts.conf
/usr/share/containers/mounts.conf and optionally /etc/containers/mounts.conf
The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the podman run or podman build commands.
Good resource: https://github.com/containers/libpod/blob/master/install.md
/etc/containers/registries.conf
mounts.conf
/usr/share/containers/mounts.conf and optionally /etc/containers/mounts.conf
The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the podman run or podman build commands.
Good resource: https://github.com/containers/libpod/blob/master/install.md
Adding a new machine as default gateway
1) Enable IP forwarding (server machine)
# echo 1 > /proc/sys/net/ipv4/ip_forward
To make the change permanent insert or edit the following line in edit /etc/sysctl.conf:
net.ipv4.ip_forward = 1
2) Iptables initial settings (server machine)
# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
# iptables -X
3) Forward/Masquerade (server machine)
# iptables -A POSTROUTING -s 192.168.1.0/24 -o tun+ -j MASQUERADE -t nat
# iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT
# iptables -I FORWARD -d 192.168.1.0/24 -j ACCEPT
4) In the client machine, add the new default gateway
# ip route del default
# ip route add default via 192.168.1.66
# echo 1 > /proc/sys/net/ipv4/ip_forward
To make the change permanent insert or edit the following line in edit /etc/sysctl.conf:
net.ipv4.ip_forward = 1
2) Iptables initial settings (server machine)
# iptables -F
# iptables -t nat -F
# iptables -t mangle -F
# iptables -X
3) Forward/Masquerade (server machine)
# iptables -A POSTROUTING -s 192.168.1.0/24 -o tun+ -j MASQUERADE -t nat
# iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT
# iptables -I FORWARD -d 192.168.1.0/24 -j ACCEPT
4) In the client machine, add the new default gateway
# ip route del default
# ip route add default via 192.168.1.66
kubernetes: ingress - error when applying yml: apiVersion: extensions/v1beta1
Replace:
apiVersion: extensions/v1beta1
With:
apiVersion: networking.k8s.io/v1beta1
Example:
# helm install ./helmchart --name netdata -f netdata-chart-values.yaml
Error: validation failed: unable to recognize "": no matches for kind "Ingress" in version "policy/v1beta1"
Reference: https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
apiVersion: extensions/v1beta1
With:
apiVersion: networking.k8s.io/v1beta1
Example:
# helm install ./helmchart --name netdata -f netdata-chart-values.yaml
Error: validation failed: unable to recognize "": no matches for kind "Ingress" in version "policy/v1beta1"
Reference: https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
Tuesday, December 24, 2019
Friday, December 20, 2019
Kubernetes: Deprecated APIs Removed In 1.16
$ kubectl apply -f metallb.yaml
unable to recognize "metallb.yaml": no matches for kind "PodSecurityPolicy" in version "extensions/v1beta1"
unable to recognize "metallb.yaml": no matches for kind "DaemonSet" in version "apps/v1beta2"
unable to recognize "metallb.yaml": no matches for kind "Deployment" in version "apps/v1beta2"
Solution:
# diff -ruN 1.15/metallb.yaml metallb.yaml
--- 1.15/metallb.yaml 2019-12-13 20:50:14.210740259 -0500
+++ metallb.yaml 2019-12-17 11:00:40.524374144 -0500
@@ -5,7 +5,7 @@
labels:
app: metallb
---
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
namespace: metallb-system
@@ -148,7 +148,7 @@
kind: Role
name: config-watcher
---
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: metallb-system
@@ -210,7 +210,7 @@
"beta.kubernetes.io/os": linux
---
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: Deployment
metadata:
namespace: metallb-system
More info: https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
unable to recognize "metallb.yaml": no matches for kind "PodSecurityPolicy" in version "extensions/v1beta1"
unable to recognize "metallb.yaml": no matches for kind "DaemonSet" in version "apps/v1beta2"
unable to recognize "metallb.yaml": no matches for kind "Deployment" in version "apps/v1beta2"
Solution:
# diff -ruN 1.15/metallb.yaml metallb.yaml
--- 1.15/metallb.yaml 2019-12-13 20:50:14.210740259 -0500
+++ metallb.yaml 2019-12-17 11:00:40.524374144 -0500
@@ -5,7 +5,7 @@
labels:
app: metallb
---
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
namespace: metallb-system
@@ -148,7 +148,7 @@
kind: Role
name: config-watcher
---
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: metallb-system
@@ -210,7 +210,7 @@
"beta.kubernetes.io/os": linux
---
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: Deployment
metadata:
namespace: metallb-system
More info: https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
Thursday, December 12, 2019
Kubernetes: Failed to list *v1.Pod: Unauthorized
During the deploy, I got:
1) on node:
# rm -fr /var/lib/kubelet/pki/kubelet-client*
2) Restart the deploy
Related discussion: https://github.com/kubernetes/kubernetes/issues/69973
Kubespray from master github
Kubernetes: 1.16.x
# tail -f /var/log/messages
Dec 12 15:02:06 nuc02 kubelet: E1212 15:02:06.616219 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:06 nuc02 kubelet: E1212 15:02:06.716516 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:06 nuc02 kubelet: E1212 15:02:06.807940 14119 reflector.go:123] k8s.io/client-go/informers/factory.go:134: Failed to list *v1beta1.RuntimeClass: Unauthorized
Dec 12 15:02:06 nuc02 kubelet: E1212 15:02:06.816840 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:06 nuc02 kubelet: E1212 15:02:06.917208 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.008060 14119 reflector.go:123] k8s.io/client-go/informers/factory.go:134: Failed to list *v1beta1.CSIDriver: Unauthorized
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.017483 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.117833 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.207991 14119 reflector.go:123] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:46: Failed to list *v1.Pod: Unauthorized
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.218048 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.318227 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.407474 14119 reflector.go:123] k8s.io/kubernetes/pkg/kubelet/kubelet.go:450: Failed to list *v1.Service: Unauthorized
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.418525 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.518741 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.609924 14119 reflector.go:123] k8s.io/kubernetes/pkg/kubelet/kubelet.go:459: Failed to list *v1.Node: Unauthorized
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.619005 14119 kubelet.go:2267] node "nuc02" not found
Dec 12 15:02:07 nuc02 kubelet: E1212 15:02:07.719284 14119 kubelet.go:2267] node "nuc02" not found
1) on node:
# rm -fr /var/lib/kubelet/pki/kubelet-client*
2) Restart the deploy
Related discussion: https://github.com/kubernetes/kubernetes/issues/69973
Kubespray from master github
Kubernetes: 1.16.x
Wednesday, December 11, 2019
Tuesday, December 10, 2019
UniFi LTE discussion
A good resource about UniFi LTE topic: UniFi LTE on reddit.com
More about UniFi LTE: https://store.ui.com/collections/wireless/products/unifi-lte
More about UniFi LTE: https://store.ui.com/collections/wireless/products/unifi-lte
Friday, December 6, 2019
keybase.io: Set a DNS TXT record in Google Domains
Go to your google domains account and select: DNS -> Custom resource records
- Set Name as @
- Set Type as TXT - Set TTL leave as 1H
- Set Text as (The-string-from-keybase-site-verification)
- Save and wait until the DNS servers propagate, keybase.io will automatically detect the new entry.
- Set Name as @
- Set Type as TXT - Set TTL leave as 1H
- Set Text as (The-string-from-keybase-site-verification)
- Save and wait until the DNS servers propagate, keybase.io will automatically detect the new entry.
Fedora: Upgrade from 30 to 31
sudo dnf upgrade --refresh
sudo dnf install dnf-plugin-system-upgrade
sudo dnf system-upgrade download --releasever=31
sudo dnf system-upgrade reboot
https://fedoramagazine.org/upgrading-fedora-30-to-fedora-31/
sudo dnf install dnf-plugin-system-upgrade
sudo dnf system-upgrade download --releasever=31
sudo dnf system-upgrade reboot
https://fedoramagazine.org/upgrading-fedora-30-to-fedora-31/
Thursday, December 5, 2019
ip route: adding new default gateway
ifconfig and route are deprecated tools on Linux, here how to add new default gw using ip route
# ip route del default
# ip route add default via 192.168.1.239
# ip route del default
# ip route add default via 192.168.1.239
Wednesday, December 4, 2019
Subscribe to:
Posts (Atom)