### Kubernetes Node Setup Commands Source: https://github.com/instantlinux/docker-tools/blob/main/ansible/README.md Sequence of make commands to set up Kubernetes control plane and nodes. Ensure to navigate to the k8s directory for the install step. ```bash make k8s-cplane cd ../k8s ; make install make k8s-node ``` -------------------------------- ### Setup MythTV Frontend with Ansible Source: https://github.com/instantlinux/docker-tools/blob/main/images/mythtv-backend/README.md Configure MythTV frontends using an Ansible script provided in the docker-tools repository. This involves setting up a hosts file and running the setup script. ```bash cd ansible cat <>hosts [mythfrontends] frontend.your.hostdomain EOT make mythfrontend-setup ``` -------------------------------- ### Install and Configure Cert-Manager Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Installs cert-manager as part of the overall Kubernetes setup and then invokes a make target to start the issuer. Ensure your email is set in CERT_MGR_EMAIL. ```bash CERT_MGR_EMAIL= make install/cert-manager ``` -------------------------------- ### Postfix Configuration Example Source: https://github.com/instantlinux/docker-tools/blob/main/images/postfix/README.md Defines local settings for Postfix main.cf. These key-value pairs are processed by postconf. ```postfix alias_database = lmdb:/etc/postfix/aliases ``` -------------------------------- ### Kubernetes OpenID Setup Commands Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Configure kubectl for OpenID login using Google as the OIDC issuer. Ensure you have downloaded krew and added it to your PATH. ```bash CLIENT_ID= CLIENT_SECRET= kubectl krew install oidc-login kubectl oidc-login setup --oidc-issuer-url=https://accounts.google.com \ --oidc-client-id=$CLIENT_ID --oidc-client-secret=$CLIENT_SECRET ``` -------------------------------- ### Install Kubernetes Core Components Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Invokes the Makefile to install essential Kubernetes components like flannel networking and nginx ingress. This command should be run from the k8s directory. ```bash make install ``` -------------------------------- ### Kubernetes Service Port Configuration Example Source: https://github.com/instantlinux/docker-tools/blob/main/images/mariadb-galera/README.md An example of how to configure a Kubernetes service to publish a specific port from a container. This is useful for exposing the MariaDB port to the ingress network. ```yaml services: db: ... ports: - target: 3306 published: protocol: tcp mode: host ``` -------------------------------- ### Environment Variables for Kubernetes Setup Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Set essential environment variables for Kubernetes deployment, including domain, namespace, and node definitions. ```bash export DOMAIN=domain.com export EDITOR=vi export K8S_NAMESPACE=mynamespace export K8S_NODES="kube1.$DOMAIN kube2.$DOMAIN" export TZ=America/Los_Angeles ``` -------------------------------- ### MySQL Client Configuration Source: https://github.com/instantlinux/docker-tools/blob/main/images/blacklist/README.md Create a .my.cnf file with database credentials for the honeypot-ip.py script. Ensure the host, database, user, and password match your MySQL setup. ```ini [client] host=xdb00 database=blacklist user=blacklist password=xxx ``` -------------------------------- ### Nagios Plugin Usage Example Source: https://github.com/instantlinux/docker-tools/blob/main/images/nut-upsd/README.md This command shows how to use the Nagios plugin to check UPS status from a monitoring server. Replace placeholders with your specific host, name, and optionally port. ```bash /usr/lib/nagios/plugins/check_ups -H -u [ -p ] ``` -------------------------------- ### Ansible Host Inventory Example Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Define your Kubernetes control plane and worker nodes in an Ansible inventory file. ```ini [k8s_cplane] cp.domain.com [k8s_nodes] kube1.domain.com kube2.domain.com kube3.domain.com ``` -------------------------------- ### LUKS Volume Configuration Example Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Define LUKS encrypted volume configurations, including inode count, path, size, and volume group. ```yaml luks_vg: vg01 luks_volumes: volkube: inodes: 10000 path: /var/lib/docker/k8s-volumes size: 100000 vg: "{{ luks_vg }}" ``` -------------------------------- ### Ansible Playbook Execution Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Execute the Ansible playbook to install Docker and configure the Kubernetes control plane. ```bash ansible-playbook k8s-cplane.yml ``` -------------------------------- ### Helm Overrides and Environment Variables Example Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Define site-specific Helm overrides and environment variables in a local admin repository's values.yaml file. ```yaml authelia fqdn: authtotp.mydomain.com domain: mydomain.com serviceAccount: name: instantlinux-privileged tz: America/Los_Angeles ``` -------------------------------- ### Clone and Build Docker Tools Source: https://github.com/instantlinux/docker-tools/blob/main/images/proftpd/README.md Clones the docker-tools repository and builds the ProFTPD image using make. This is a common starting point for customizing the image. ```shell git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make proftpd ``` -------------------------------- ### Start mt-daapd with Docker Compose Source: https://github.com/instantlinux/docker-tools/blob/main/images/mt-daapd/README.md Launch the mt-daapd container in detached mode using Docker Compose. Ensure environment variables are set beforehand. ```bash docker-compose up -d ``` -------------------------------- ### Clone Docker Tools and Build vsftpd Source: https://github.com/instantlinux/docker-tools/blob/main/images/vsftpd/README.md Clones the docker-tools repository and builds the vsftpd image using make. This is a common setup for deploying in a Kubernetes cluster. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make vsftpd ``` -------------------------------- ### Obtain Access Token and Verify User Info via Keycloak Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Retrieves an access token from a Keycloak OIDC provider using username and password, then fetches user information. Ensure \'jq\' is installed for JSON parsing. Replace \'\' with your actual password and client secret. ```bash PW= export TOKEN=$(curl -d username=$USER -d "password=$PW" \ -d grant_type=password \ -d client_id=k8s-access \ -d client_secret=$CLIENT_SECRET \ https://oidc.instantlinux.net/realms/k8s/protocol/openid-connect/token | \ jq -r '.access_token') echo $TOKEN curl -X GET https://oidc.instantlinux.net/realms/k8s/protocol/openid-connect/userinfo \ -H "Accept: application/json" \ -H "Authorization: Bearer $TOKEN" | jq . ``` -------------------------------- ### Building and Deploying Postfix Docker Image with Helm Source: https://github.com/instantlinux/docker-tools/blob/main/images/postfix-python/README.md Instructions for cloning the docker-tools repository and building the postfix image using Helm. Customize variables via Makefile.vars. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make postfix ``` -------------------------------- ### Set Up Persistent Directories and Node Labels Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Iterates through specified nodes to create persistent volume directories and optionally sets node-affinity labels. Ensure the K8S_NODES environment variable is set. ```bash for node in $K8S_NODES; do NODE=$node make persistent_dirs done make node_labels ``` -------------------------------- ### Display Liebert Driver Help Source: https://github.com/instantlinux/docker-tools/blob/main/images/nut-upsd/README.md Execute this command to display the help information for the Liebert driver, including available options and parameters. ```bash MYDRIVER=liebert docker run --rm --entrypoint /usr/lib/nut/$MYDRIVER instantlinux/nut-upsd -h ``` -------------------------------- ### Add OIDC User to Kubeconfig Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Configures ~/.kube/config to use kubectl oidc-login for authentication. Ensure \'kubectl-oidc-login\' is installed and configured. ```yaml - name: oidc-google user: exec: apiVersion: client.authentication.k8s.io/v1beta1 command: kubectl args: - oidc-login - get-token - --oidc-issuer-url=https://accounts.google.com - --oidc-client-id= - --oidc-client-secret= - context: cluster: kubernetes namespace: mynamespace user: oidc name: user@kubernetes ``` -------------------------------- ### Set Samba User Password Source: https://github.com/instantlinux/docker-tools/blob/main/images/samba/README.md Adds a user to the Samba password database after the container has started. This command is executed interactively. ```bash docker exec -it samba_app_1 smbpasswd -a myself New SMB password: Retype new SMB password: Added user myself. ``` -------------------------------- ### Build MythTV Backend with Ansible Source: https://github.com/instantlinux/docker-tools/blob/main/images/mythtv-backend/README.md Clone the docker-tools repository and use make to build the MythTV backend image within a Kubernetes cluster. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make mythtv-backend ``` -------------------------------- ### Build and Deploy ez-ipupdate with Make Source: https://github.com/instantlinux/docker-tools/blob/main/images/ez-ipupdate/README.md Clone the docker-tools repository and use the make command to build and deploy the ez-ipupdate service in a Kubernetes environment. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make ez-ipupdate ``` -------------------------------- ### Building nut-upsd Instance with Make Source: https://github.com/instantlinux/docker-tools/blob/main/images/nut-upsd/README.md This make command, defined in Makefile.instances, builds a specific instance of the nut-upsd service (e.g., nut-01). Ensure Makefile.vars is customized beforehand. ```bash make nut-01 ``` -------------------------------- ### Verify Kubernetes Node Status Source: https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md Checks the status of Kubernetes nodes and system pods using the 'sudo' context. This is useful for verifying a successful installation. ```bash $ kubectl get nodes NAME STATUS ROLES AGE VERSION cp.domain.com Ready control-plane 27m v1.31.2 kube1.domain.com Ready 16m v1.31.2 kube2.domain.com Ready 16m v1.31.2 $ kubectl get pods -n kube-system --context=sudo NAME READY STATUS RESTARTS AGE cdotsns-86c58d9df4-7fzf7 1/1 Running 0 16m cdotsns-86c58d9df4-qs8rc 1/1 Running 0 16m etcd-cp.domain.com 1/1 Running 0 26m kube-apiserver-cp.domain.com 1/1 Running 0 26m kube-controller-manager-cp.domain.com 1/1 Running 0 25m kube-flannel-ds-amd64-24h7l 1/1 Running 0 16m kube-flannel-ds-amd64-94fpx 1/1 Running 1 26m kube-flannel-ds-amd64-hkmv2 1/1 Running 0 16m kube-proxy-2lp59 1/1 Running 0 16m kube-proxy-bxtsm 1/1 Running 0 16m kube-proxy-wk6qw 1/1 Running 0 26m kube-scheduler-cp.domain.com 1/1 Running 0 25m logspout-nq95g 1/1 Running 0 26m logspout-tbz65 1/1 Running 0 16m logspout-whmhb 1/1 Running 0 16m ``` -------------------------------- ### Create Kea Database and User Source: https://github.com/instantlinux/docker-tools/blob/main/images/dhcpd-dns-pxe/README.md SQL commands to create the 'kea' database and a user with privileges for storing DHCP reservations. Replace '' with a strong secret. ```sql CREATE DATABASE kea; GRANT USAGE ON *.* TO `kea`@`%` IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON `kea`.* TO `kea`@`%`; ``` -------------------------------- ### Build and Deploy Blacklist Docker Image Source: https://github.com/instantlinux/docker-tools/blob/main/images/blacklist/README.md Clone the Docker tools repository and use 'make' to build the blacklist Docker image. This assumes you are in the 'k8s' directory after cloning. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make blacklist ``` -------------------------------- ### Kubernetes Secret for MySQL Credentials Source: https://github.com/instantlinux/docker-tools/blob/main/images/mysqldump/README.md Example of defining MySQL backup credentials as a Kubernetes Secret. This secret is referenced by the mysqldump deployment to authenticate with the database. ```yaml apiVersion: v1 kind: Secret metadata: name: mysql-backup-creds type: Opaque data: mysql-backup-creds: | password=yourmileagemayvary user=backupallthethings ``` -------------------------------- ### Run MythTV Backend Directly with Docker Source: https://github.com/instantlinux/docker-tools/blob/main/images/mythtv-backend/README.md Launch the MythTV backend Docker image directly, specifying network mode, environment variables, and volume mounts for media and secrets. ```bash docker run -d --name mythtv \ --network=host \ -e DBNAME='mythtv' \ -e DBSERVER='' \ -v :/dvr \ -v /mythtv-db-password:/run/secrets/mythtv-db-password:ro \ -v /mythtv-user-password:/run/secrets/mythtv-user-password:ro \ instantlinux/mythtv-backend:latest ``` -------------------------------- ### Clone and Build Docker Tools Source: https://github.com/instantlinux/docker-tools/blob/main/images/git-dump/README.md Clone the docker-tools repository and navigate to the k8s directory to build the git-dump image. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make git-dump ``` -------------------------------- ### Get Application URL with NodePort Service Source: https://github.com/instantlinux/docker-tools/blob/main/images/rsyslogd/helm/templates/NOTES.txt This snippet retrieves the NodePort and Node IP to construct the application URL for a NodePort service. It assumes the service type is 'NodePort'. ```go-template {{- else if contains "NodePort" .Values.service.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "local.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- end }} ``` -------------------------------- ### List Supported NUT Drivers Source: https://github.com/instantlinux/docker-tools/blob/main/images/nut-upsd/README.md Run this command to list all supported Network UPS Tools drivers available in the container. ```bash docker run --rm --entrypoint /bin/ls instantlinux/nut-upsd /usr/lib/nut ``` -------------------------------- ### Clone and Build Kubernetes Cluster Source: https://github.com/instantlinux/docker-tools/blob/main/images/mariadb-galera/README.md Clone the docker-tools repository and use make targets to build a Kubernetes cluster. Customize variables in Makefile.vars before building. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s # This make target is defined in Makefile.instances make db00 ``` -------------------------------- ### Get LoadBalancer Service URL Source: https://github.com/instantlinux/docker-tools/blob/main/images/mythtv-backend/helm/subcharts/keepalived/templates/NOTES.txt For LoadBalancer services, this retrieves the LoadBalancer IP and constructs the application URL. Note that it may take time for the IP to become available. ```bash export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "local.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}) echo http://$SERVICE_IP:{{ .Values.service.port }} ``` -------------------------------- ### Host Setup for HAProxy Keepalived Source: https://github.com/instantlinux/docker-tools/blob/main/images/haproxy-keepalived/README.md Configure the host system to load the ip_vs kernel module and enable non-local binding for IP addresses. This is required for Keepalived to function correctly. ```bash echo ip_vs >>/etc/modules.conf echo net.ipv4.ip_nonlocal_bind=1 >/etc/sysctl.d/99-haproxy.conf sysctl -p /etc/sysctl.d/99-haproxy.conf ``` -------------------------------- ### Clone and Deploy Data Sync with Kubernetes Source: https://github.com/instantlinux/docker-tools/blob/main/images/data-sync/README.md Clone the docker-tools repository and use 'make data-sync' to deploy the data-sync service in a Kubernetes cluster. Customize deployment using Makefile.vars. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make data-sync ``` -------------------------------- ### Get Application URL with LoadBalancer Service Source: https://github.com/instantlinux/docker-tools/blob/main/images/rsyslogd/helm/templates/NOTES.txt This snippet retrieves the LoadBalancer IP and constructs the application URL. It notes that the LoadBalancer IP may take time to become available and provides a command to watch its status. ```go-template {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "local.fullname" . }}"' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "local.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}) echo http://$SERVICE_IP:{{ .Values.service.port }} {{- end }} ``` -------------------------------- ### Honeypot IP Parser Script (Procmail) Source: https://github.com/instantlinux/docker-tools/blob/main/images/blacklist/README.md Example of using the honeypot-ip.py script with procmail to parse incoming emails and insert spam source IPs into the MySQL blacklist table. Customize the honeypot address and relay regex as needed. ```bash :0fw #| /usr/local/bin/honeypot-ip.py --db-config ~/.my.cnf -q \ --honeypot honeyforbees@instantlinux.net \ --relay 'by mx-caprica.?\.easydns\.com' --cidr-min-size 32 ``` -------------------------------- ### Ingress Hosts and Paths Source: https://github.com/instantlinux/docker-tools/blob/main/images/davite/helm/templates/NOTES.txt Iterates through Ingress hosts and paths to construct the application URL. Requires Ingress to be enabled. ```go-template {{- if hasKey .Values "ingress" }} {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} {{- range .paths }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} {{- end }} {{- end }} ``` -------------------------------- ### Add Obscure DNS Entry for New DC Source: https://github.com/instantlinux/docker-tools/blob/main/images/samba-dc/README.md Use this command to add a necessary DNS entry for a new domain controller when samba-tool does not set it up automatically. It requires the new DC's hostname and retrieves an object GUID. ```bash export LDB_MODULES_PATH=/usr/lib/samba/ldb ldbsearch -H /var/lib/samba/private/sam.ldb "(invocationid=*)" --cross-ncs objectguid|grep -i -B 1 -A 1 samba-tool dns add dc01 _msdcs.ether.ci.net \ CNAME -UAdministrator ``` -------------------------------- ### Clone Docker Tools Repository and Build mysqldump Source: https://github.com/instantlinux/docker-tools/blob/main/images/mysqldump/README.md Clone the docker-tools repository and navigate to the k8s directory to build the mysqldump image. Customize build variables using Makefile.vars. ```bash git clone https://github.com/instantlinux/docker-tools.git cd docker-tools/k8s make mysqldump ``` -------------------------------- ### Configure Udev Rules for USB Permissions Source: https://github.com/instantlinux/docker-tools/blob/main/images/nut-upsd/README.md Create a udev rule to set permissions for USB devices, allowing the NUT container to access them. Reload rules and trigger them after creation. ```bash cat >/etc/udev/rules.d/99-usb-serial.rules <