Various minor updates (amnesia)

2020-09-29 20:42:00 +02:00
parent 31f5b7f953
commit deb41300a6
12 changed files with 118 additions and 3 deletions
--- a/bootstrap/config/cluster-issuer.yaml
+++ b/bootstrap/config/cluster-issuer.yaml
@@ -7,13 +7,15 @@ spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: @acme_email@
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
    - http01:
        ingress:
          class: nginx
 ---
 apiVersion: cert-manager.io/v1alpha2
--- a/clusters/kube0/default.nix
+++ b/clusters/kube0/default.nix
@@ -4,6 +4,7 @@ let
    clusterName = "kube0";
    master = {
      name = "k0-0"; address = "10.253.18.100";
      extraSANs = [ "k0.itpartner.no" ];
    };
    workers = [
      { name = "k0-1"; address = "10.253.18.101"; }
--- a/clusters/kube1/default.nix
+++ b/clusters/kube1/default.nix
@@ -4,12 +4,13 @@ let
    clusterName = "kube1";
    master = {
      name = "k1-0"; address = "10.253.18.109";
      extraSANs = [ "k1.itpartner.no" ];
    };
    workers = [
      { name = "k1-1"; address = "10.253.18.110"; }
      { name = "k1-2"; address = "10.253.18.111"; }
      { name = "k1-3"; address = "10.253.18.108"; }
-      { name = "k1-4"; address = "10.253.18.107"; }
+      # { name = "k1-4"; address = "10.253.18.107"; }
    ];
    cidr = "10.11.0.0/16";
    initca = ./ca;
--- a/clusters/kube2/default.nix
+++ b/clusters/kube2/default.nix
@@ -4,6 +4,7 @@ let
    clusterName = "kube2";
    master = {
      name = "k2-0"; address = "10.253.18.114";
      extraSANs = [ "k2.itpartner.no" ];
    };
    workers = [
      { name = "k2-1"; address = "10.253.18.115"; }
--- a/lib/k8s.nix
+++ b/lib/k8s.nix
@@ -109,6 +109,7 @@ let
        securePort = 4443;
        insecurePort = 8080;
        extraOpts = "--requestheader-client-ca-file ${pki.ca.cert}";
        extraSANs = settings.master.extraSANs;
        # verbosity = 4;
      };
--- a/old/scripts/copy-score-backups.sh
+++ b/old/scripts/copy-score-backups.sh
@@ -0,0 +1,8 @@
 #!/usr/bin/env bash
 pod=`kubectl get pods -n mssql | grep Running | grep consto-ks | cut -d' ' -f1`
 bak=`kubectl exec -n mssql $pod ls -- -1 /var/opt/mssql/data/ | grep '.bak$'`
 for i in $bak; do
    kubectl cp mssql/$pod:/var/opt/mssql/data/$i .
 done
--- a/old/scripts/docker-prune-stopped.fish
+++ b/old/scripts/docker-prune-stopped.fish
@@ -0,0 +1 @@
 for i in (seq 2 5); ssh k0- docker system prune -a;end
--- a/old/scripts/gitlab-prune-registry.sh
+++ b/old/scripts/gitlab-prune-registry.sh
@@ -0,0 +1,49 @@
 #!/usr/bin/env bash
 token=UTjgSspYQcX-BVUd1UsC
 api=https://gitlab.itpartner.no/api/v4
 prune () {
    id=$1
    reg=$(curl -s --header "PRIVATE-TOKEN: $token" \
        "$api/projects/$id/registry/repositories" \
        | json_pp | sed -n 's/^ *"id" *: *\([0-9]\+\).*/\1/p')
    for i in $reg; do
        curl -s --request DELETE --data 'keep_n=10' \
            --data 'name_regex=.*[0-9].*' \
            --header "PRIVATE-TOKEN: $token" \
            "$api/projects/$id/registry/repositories/$i/tags"
    done
 }
 gc () {
    pod=$(kubectl get pod -n gitlab -lapp=registry | tail -1 | cut -d' ' -f1)
    kubectl exec -n gitlab $pod -- \
      registry garbage-collect /etc/docker/registry/config.yml -m
 }
 all () {
    groups=$(curl -s --header "PRIVATE-TOKEN: $token" "$api/groups" \
        | json_pp | sed -n 's/^ *"id" *: *\([0-9]\+\).*/\1/p')
    for g in $groups; do
        proj=$(curl -s --header "PRIVATE-TOKEN: $token" \
            "$api/groups/$g/projects?simple=true&include_subgroups=true" \
            | json_pp | sed -n 's/^ \{6\}"id" *: *\([0-9]\+\).*/\1/p')
        for p in $proj; do
            prune $p
        done
    done
 }
 projects () {
    for i in $@; do
      prune $(echo $i | sed 's,/,%2F,g')
    done
 }
 case $1 in
    --all) all ;;
    *) projects $@
 esac
 gc
--- a/old/scripts/install-namespace.sh
+++ b/old/scripts/install-namespace.sh
@@ -0,0 +1,33 @@
 #!/usr/bin/env bash
 TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
 if [ x$1 = x ]; then
    ehco "usage: install-namespace.sh {namespace}"
    exit 1
 fi
 namespace=$1
 tmpfile=/tmp/new-$namespace.$$
 cat << EOF > $tmpfile
 apiVersion: v1
 kind: Namespace
 metadata:
  labels:
    name: $namespace
  name: $namespace
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: gitlab-registry-auth
  namespace: $namespace
 data:
  .dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL3JlZ2lzdHJ5Lml0cGFydG5lci5ubyI6eyJ1c2VybmFtZSI6ImpvbmFzIiwicGFzc3dvcmQiOiJTRldwLVk0bkVfdXpNZFJxeHp6SyIsImF1dGgiOiJhbTl1WVhNNlUwWlhjQzFaTkc1RlgzVjZUV1JTY1hoNmVrcz0ifX19
 type: kubernetes.io/dockerconfigjson
 EOF
 kubectl apply -f $tmpfile
 rm $tmpfile
--- a/old/scripts/reset-sa-tokens.sh
+++ b/old/scripts/reset-sa-tokens.sh
@@ -0,0 +1,3 @@
 #!/usr/bin/env bash
 kubectl delete secrets --all-namespaces --field-selector='type=kubernetes.io/service-account-token'
--- a/old/scripts/taint-node-no-schedule.sh
+++ b/old/scripts/taint-node-no-schedule.sh
@@ -0,0 +1,3 @@
 #!/bin/sh
 kubectl taint node $1 ClusterService="true":NoSchedule
--- a/old/scripts/ws-curl.sh
+++ b/old/scripts/ws-curl.sh
@@ -0,0 +1,12 @@
 #!/bin/sh
 host=$1; shift
 curl -i -N \
    -H "Connection: upgrade"\
    -H "Upgrade: websocket"\
    -H "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ=="\
    -H "Sec-WebSocket-Version: 13"\
    -H "Origin: http://foo.com/"\
    -H "Host: $host" $@
		`@@ -0,0 +1 @@`
							`for i in (seq 2 5); ssh k0- docker system prune -a;end`
		`@@ -0,0 +1,3 @@`
							`#!/usr/bin/env bash`

							`kubectl delete secrets --all-namespaces --field-selector='type=kubernetes.io/service-account-token'`
		`@@ -0,0 +1,3 @@`
							`#!/bin/sh`

							`kubectl taint node $1 ClusterService="true":NoSchedule`