-
(My) rsync cheatsheet
Table of Contents
Sync folder using 5 parallel threads
ls -1 /testdata/testdb | xargs -I {} -P 5 -n 1 rsync -avh /testdata/testdb/{} root@10.64.4.3:/testdata/testdb_from_aio01/Sync content from folder A to folder B
If you want the contents of folders A and B to be the same, put /home/user/A/ (with the slash) as source. By doing so, all folder A’s content will end up into folder B.
Like this:
rsync --progress -avuzp --delete "/home/user/A/" "/home/user/B"
Arguments:
-a Do the sync preserving all filesystem attributes -v run verbosely -u only copy files with a newer modification time (or size difference if the times are equal) --delete delete the files in target folder that do not exist in the sourceSync content (including symlinks) from source to destination host via SSH
rsync --progress -avuzhp /source/dir root@DESTINATION_HOST_IP_ADDRESS:/destination/dir
-
(My) kubectl cheatsheet
Table of Contents
General purpose
# Lists all configured contexts kubectl config get-contexts # Changes the default namespace kubectl config set-context --current --namespace=namespace_name # Elects a node as worker kubectl label node node_name node-role.kubernetes.io/worker=worker # Removes taint from node, the "-" at end of node role means "untaint" rather than "taint" kubectl taint node node_name node-role.kubernetes.io/control-plane-
Fetching objects info
# lists all pods on default namespace showing only their name Kubectl get pods -o=name # lists all pods on default namespace showing a custom list of attributes and setting columns names k get pods -o=custom-columns="NAME:.metadata.name,STATUS:.status.phase"
Executing pods
# Creates and outputs to the console (as YAML) the code to create a pod running image-nginx kubectl run --image=nginx --dry-run=client -o yaml mypod # Gives you access to the shell (bash) of container container_name running into pod pod_name kubectl exec -it [container_name] pod_name -- bash # Creates and runs a pod with container image = nginx kubectl run --image=nginx mypod
Networking
# forwards requests from port 16686 (node) to port 16686 (cluster) accepting requests from all network interfaces (param --address 0.0.0.0 kubectl port-forward --address 0.0.0.0 $(kubectl get pods -l=app="jaeger" -o name) 16686:16686
Accessing pod logs
# stream logs from pod pod_name on namespace ns kubectl logs -f -n ns pods/pod_name # stream logs from pod pod_name on namespace ns newer than a relative duration kubectl logs --since=1h -n ns pods/pod_name # return logs after a specific date (pod=pod_name, namespace=ns) kubectl logs --since-time=2020-08-13T10:46:00.000000000Z -n ns pods/pod_name # print the logs for the previous instance of the container (pod=pod_name, namespace=ns) kubectl logs --previous -n ns pods/pod_name # print the logs of this container (pod=pod_name, namespace=ns) kubectl logs -c -n ns pods/pod_name # print all events in chronological order (pod=pod_name, namespace=ns) kubectl get events --sort-by=’.metadata.creationTimestamp’ -n ns pods/pod_name # print pod details like status or recent events (pod=pod_name, namespace=ns) kubectl describe pod -n ns pods/pod_name # multi-container pod, selects logs from a specific container (pod=pod_name, namespace=ns) kubectl logs -c container_name pod_name -n ns pods/pod_name
-
Kubernetes Distributed Tracing (Jaeger)
Table of Contents
Overview
Jaeger is a tool to trace requests within an application distributed over a kubernetes cluster.
It requires to deploy a sidecar container within each pod running the application we want to monitor.
The sidecar container (jaeger-agent) will collect data from the pod and send the same to the jaeger-server (running on a dedicated pod).
Installation
Requirements
- Deploy an ingress-controller
helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespa
- Deploy a cert-manager (check latest release available here: https://github.com/cert-manager/cert-manager)
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.6.3/cert-manager.yaml
- Create namespace observability
kubectl create namespace observability
- Deploy observability operator (check latest version available here: https://github.com/jaegertracing/jaeger-operator/tree/main)
kubectl create -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.36.0/jaeger-operator.yaml -n observability
- Create a resource implementing the operator created on step above
kubectl apply -f - <<EOF apiVersion: jaegertracing.io/v1 kind: Jaeger metadata: name: simplest EOF
The following objects must be available in the cluster once installation is successfully completed:
[root@mr-k8s-demo1 ~]# k get all -n observability NAME READY STATUS RESTARTS AGE pod/jaeger-operator-f9d5b7569-9px49 2/2 Running 0 2d23h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/jaeger-operator-metrics ClusterIP 10.98.4.211 <none> 8443/TCP 2d23h service/jaeger-operator-webhook-service ClusterIP 10.97.240.143 <none> 443/TCP 2d23h NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/jaeger-operator 1/1 1 1 2d23h NAME DESIRED CURRENT READY AGE replicaset.apps/jaeger-operator-f9d5b7569 1 1 1 2d23h
Configuring app to be monitored
The app that needs to be monitored must implement open-tracing tracer initialization.
Implementation differs depending on the language/framework in use.
Jaeger agent, running as sidecar, can be injected by adding the following annotation:
apiVersion:apps/v1 kind:Deployment metadata:name:test-app labels:name:test-app annotations:"sidecar.jaegertracing.io/inject":"true"
Accessing jaeger web console
Jaeger server is by default available on port 16686.
For testing / occasional monitoring purposes, the port can be made available using kubernetes’ built-in port-forward:
kubectl port-forward --address 0.0.0.0 $(kubectl get pods -l=app="jaeger" -o name) 16686:16686
From this moment, jaeger web UI is accessible at http://k8s_host_ip_address:16686
-
Nginx tips
Table of contents
Redirect rules
Setting up maintenance page based on file presence
First of all, determine which configuration file is being used by checking the main nginx configuration file.
This can be retrieved by looking into nginx service startup arguments. Typically: /etc/nginx/nginx.conf
Extract from nginx.conf:
. . . include /etc/nginx/sites-enabled/*; . . .
Based on the configuration statement above, we need to look into all files into folder /etc/nginx/sites-enabled
Sample configuration file:
... server { listen 10.64.4.7:443 ssl; client_max_body_size 1024M; server_name test.demo test; root /opt/customer/test/apps/angular/angular; if (-f $document_root/themes/components/login/maintenance.html) { return 503; } error_page 503 @maintenance; expires 168h; add_header Content-Security-Policy "frame-ancestors 'self'"; add_header Cache-Control "no-cache"; add_header X-Frame-Options SAMEORIGIN; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "same-origin"; index index.html index.htm; ssl_certificate /etc/nginx/cert/test.crt; ssl_certificate_key /etc/nginx/cert/test.key; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2; ssl_ciphers " ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256 "; ssl_prefer_server_ciphers on; ssl_dhparam /etc/ssl/certs/dhparam.pem; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log; rewrite ^/$ /webconnect; location @maintenance { rewrite ^(.*)$ /themes/components/login/maintenance.html break; } ...Sections on lines 8 – 11 and 33 – 35 state what must be done whenever a given file on a path is available or not. If positive, nginx will redirect all requests to the @maintenance location (a maintenance page).
Logging
Log rotation settings
Configuration file: /etc/logrotate.d/nginx
Sample configuration (keeps last 30 days):
/var/log/nginx/*log { daily <--- rotates on a daily basis rotate 30 <--- last 30 logs missingok notifempty compress sharedscripts postrotate /bin/kill -USR1 $(cat /var/run/nginx.pid 2>/dev/null) 2>/dev/null || : endscript } -
find (Linux OS utility)
Find, excluding a single directory:
find . -path ./dir1 -prune -false -o -name "*"Find, excluding a list of directories:
find . \( -path ./dir1 -o -path ./dir2 \) -prune -false -o -name "*"Find files with creation date on a range:
find -newermt "2017-11-06 17:30:00" ! -newermt "2017-11-06 22:00:00" -ls
