From ece1b22711c52da2a03ff6d51e7a8b178c86ef98 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Fri, 19 Aug 2022 15:30:50 +0200 Subject: [PATCH] Moved scripts to modules/k8s. --- scripts/docker-prune-stopped.fish | 1 - scripts/etcd-snapshot.sh | 7 --- scripts/get-admin-token.sh | 5 -- scripts/gitlab-prune-registry.sh | 49 -------------------- scripts/inject-linkerd.sh | 24 ---------- scripts/inject-sa-pull-secrets.sh | 29 ------------ scripts/install-namespace.sh | 76 ------------------------------- scripts/k8s-all | 13 ------ scripts/lost-sock.sh | 16 ------- scripts/reset-sa-tokens.sh | 3 -- scripts/restart-flannel.sh | 21 --------- scripts/restart-kubernetes.sh | 20 -------- scripts/taint-node-no-schedule.sh | 3 -- scripts/update-helm-repos.sh | 20 -------- scripts/ws-curl.sh | 12 ----- scripts/zap-crashing-pods.sh | 3 -- scripts/zap-evicted-pods.sh | 3 -- scripts/zap-node-exporters.sh | 5 -- 18 files changed, 310 deletions(-) delete mode 100755 scripts/docker-prune-stopped.fish delete mode 100644 scripts/etcd-snapshot.sh delete mode 100755 scripts/get-admin-token.sh delete mode 100755 scripts/gitlab-prune-registry.sh delete mode 100755 scripts/inject-linkerd.sh delete mode 100755 scripts/inject-sa-pull-secrets.sh delete mode 100755 scripts/install-namespace.sh delete mode 100755 scripts/k8s-all delete mode 100755 scripts/lost-sock.sh delete mode 100755 scripts/reset-sa-tokens.sh delete mode 100755 scripts/restart-flannel.sh delete mode 100755 scripts/restart-kubernetes.sh delete mode 100755 scripts/taint-node-no-schedule.sh delete mode 100755 scripts/update-helm-repos.sh delete mode 100755 scripts/ws-curl.sh delete mode 100755 scripts/zap-crashing-pods.sh delete mode 100755 scripts/zap-evicted-pods.sh delete mode 100755 scripts/zap-node-exporters.sh diff --git a/scripts/docker-prune-stopped.fish b/scripts/docker-prune-stopped.fish deleted file mode 100755 index e83a66c..0000000 --- a/scripts/docker-prune-stopped.fish +++ /dev/null @@ -1 +0,0 @@ -for i in (seq 2 5); ssh k0- docker system prune -a;end diff --git a/scripts/etcd-snapshot.sh b/scripts/etcd-snapshot.sh deleted file mode 100644 index a13bf89..0000000 --- a/scripts/etcd-snapshot.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -ETCDCTL_API=3 etcdctl --endpoints https://etcd.local:2379 \ ---cacert=/var/lib/kubernetes/secrets/ca.pem \ ---cert=/var/lib/kubernetes/secrets/kube-apiserver-etcd-client.pem \ ---key=/var/lib/kubernetes/secrets/kube-apiserver-etcd-client-key.pem \ -snapshot save snapshot.db diff --git a/scripts/get-admin-token.sh b/scripts/get-admin-token.sh deleted file mode 100755 index e6f9e79..0000000 --- a/scripts/get-admin-token.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -token=$(kubectl get secret -n kube-system | grep cluster-admin-token | cut -d' ' -f1) -kubectl get secret -n kube-system $token -o yaml | \ - grep ' token:' | cut -d' ' -f4 | base64 -d diff --git a/scripts/gitlab-prune-registry.sh b/scripts/gitlab-prune-registry.sh deleted file mode 100755 index a079d59..0000000 --- a/scripts/gitlab-prune-registry.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env bash - -token=UTjgSspYQcX-BVUd1UsC -api=https://gitlab.com/api/v4 - -prune () { - id=$1 - reg=$(curl -s --header "PRIVATE-TOKEN: $token" \ - "$api/projects/$id/registry/repositories" \ - | json_pp | sed -n 's/^ *"id" *: *\([0-9]\+\).*/\1/p') - for i in $reg; do - curl -s --request DELETE --data 'keep_n=10' \ - --data 'name_regex=.*[0-9].*' \ - --header "PRIVATE-TOKEN: $token" \ - "$api/projects/$id/registry/repositories/$i/tags" - done -} - -gc () { - pod=$(kubectl get pod -n gitlab -lapp=registry | tail -1 | cut -d' ' -f1) - kubectl exec -n gitlab $pod -- \ - registry garbage-collect /etc/docker/registry/config.yml -m -} - -all () { - groups=$(curl -s --header "PRIVATE-TOKEN: $token" "$api/groups" \ - | json_pp | sed -n 's/^ *"id" *: *\([0-9]\+\).*/\1/p') - for g in $groups; do - proj=$(curl -s --header "PRIVATE-TOKEN: $token" \ - "$api/groups/$g/projects?simple=true&include_subgroups=true" \ - | json_pp | sed -n 's/^ \{6\}"id" *: *\([0-9]\+\).*/\1/p') - for p in $proj; do - prune $p - done - done -} - -projects () { - for i in $@; do - prune $(echo $i | sed 's,/,%2F,g') - done -} - -case $1 in - --all) all ;; - *) projects $@ -esac - -gc diff --git a/scripts/inject-linkerd.sh b/scripts/inject-linkerd.sh deleted file mode 100755 index 6a4f3ba..0000000 --- a/scripts/inject-linkerd.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash -TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" - -linkerd=$(which kubectl 2> /dev/null) - -if [ -z "$linkerd" ]; then - echo "linkerd cli is not available" - exit 1 -fi - -inject () { - for i in $@; do - kubectl get ns $i -o yaml | linkerd inject - | kubectl apply -f- - kubectl rollout restart daemonsets -n $i - kubectl rollout restart statefulsets -n $i - kubectl rollout restart deployments -n $i - done -} - -if [ $# > 0 ]; then - inject $@ -else - inject $(kubectl get ns | sed "1d; /kube-system/d; s/ .*//") -fi diff --git a/scripts/inject-sa-pull-secrets.sh b/scripts/inject-sa-pull-secrets.sh deleted file mode 100755 index 15bfdd9..0000000 --- a/scripts/inject-sa-pull-secrets.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" - -if [ $# != 2 ]; then - echo "usage: inject-sa-pull-secrets.sh {namespace} {all|serviceaccount}" - exit 1 -fi - -namespace=$1 -sa=$2 - -inject () { - kubectl patch serviceaccount $1 \ - -n $namespace \ - -p "{\"imagePullSecrets\": [ \ - {\"name\": \"docker-pull-secret\"}, \ - {\"name\": \"gitlab-pull-secret\"} \ - ]}" -} - -if [ $sa = all ]; then - for i in $(kubectl get sa -n $namespace | sed '1d;s/\([^ ]\+\).*/\1/'); do - inject $i - done -else - inject $sa -fi - diff --git a/scripts/install-namespace.sh b/scripts/install-namespace.sh deleted file mode 100755 index 3024e8e..0000000 --- a/scripts/install-namespace.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env bash - -set +e - -TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" - -if [ x$1 = x ]; then - ehco "usage: install-namespace.sh {namespace|all}" - exit 1 -fi - -namespace=$1 - -setup_namespace () { - local namespace - namespace=$1 - cat << EOF | kubectl apply -f - -apiVersion: v1 -kind: Namespace -metadata: - annotations: - linkerd.io/inject: enabled - labels: - name: $namespace - name: $namespace -EOF -} - -create_docker_secret () { - local namespace - namespace=$1 - kubectl get secret docker-pull-secret -n $namespace >/dev/null 2>&1 - [ $? = 0 ] && kubectl delete secret docker-pull-secret -n $namespace - - kubectl create secret docker-registry docker-pull-secret \ - -n $namespace \ - --docker-username=juselius \ - --docker-password=ed584a31-c7ff-47ba-8469-3f0f4db6402c \ - --docker-email=jonas.juselius@gmail.com -} - -create_gitlab_secret () { - local namespace - namespace=$1 - cat << EOF | kubectl apply -f - -apiVersion: v1 -metadata: - name: gitlab-pull-secret - namespace: $namespace -kind: Secret -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJyZWdpc3RyeS5naXRsYWIuY29tIjogewoJCQkiYXV0aCI6ICJaMmwwYkdGaUsyUmxjR3h2ZVMxMGIydGxiaTB4T1Rnd01qQTZPRmxqU0VoMFZIaENSVUZUTFZKUWRsSnJXbGM9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy4xMiAobGludXgpIgoJfQp9Cg== -EOF -} - -inject_pull_secrets () { - local namespace - namespace=$1 - $TOP/inject-sa-pull-secrets.sh $namespace all -} - -configure_namespace () { - setup_namespace $1 - create_docker_secret $1 - create_gitlab_secret $1 - inject_pull_secrets $1 -} - -if [ "x$namespace" = "xall" ]; then - for i in $(kubectl get ns | sed '1d;/^kube-system/d;s/\([^ ]\+\).*/\1/'); do - configure_namespace $i - done -else - configure_namespace $namespace -fi diff --git a/scripts/k8s-all b/scripts/k8s-all deleted file mode 100755 index 980395b..0000000 --- a/scripts/k8s-all +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -# Simple script for fetching all resources from a namespace, might include some -# clutter - -[ $# -ne 1 ] && echo "Usage: k8s-all [namespace]" && exit 1 - -for r in $(kubectl api-resources --verbs=list --namespaced -o name) -do - echo "=== Resource: $r ==="; echo \ - && kubectl get $r -n $1 --ignore-not-found \ - && echo -done diff --git a/scripts/lost-sock.sh b/scripts/lost-sock.sh deleted file mode 100755 index a9b3d2c..0000000 --- a/scripts/lost-sock.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - -pods=$(kubectl get po -A -l linkerd.io/control-plane-ns -ojsonpath="{range .items[*]}{.metadata.name} {.metadata.namespace}{'\n'}{end}") - -IFS=" " - -while read name namespace; do - tcp=$(kubectl exec -n $namespace $name -c linkerd-proxy -- cat /proc/net/tcp) - close_wait=$(echo $tcp | awk 'BEGIN {cnt=0} $4==08 {cnt++} END {print cnt}') - fin_wait_2=$(echo $tcp | awk 'BEGIN {cnt=0} $4==05 {cnt++} END {print cnt}') - if [ "$close_wait" -gt "0" -o "$fin_wait_2" -gt "0" ]; then - echo "$name.$namespace has $close_wait sockets in CLOSE_WAIT and $fin_wait_2 sockets in FIN_WAIT_2" - else - echo "$name.$namespace is okay" - fi -done <<< "$pods" diff --git a/scripts/reset-sa-tokens.sh b/scripts/reset-sa-tokens.sh deleted file mode 100755 index 62e8a73..0000000 --- a/scripts/reset-sa-tokens.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -kubectl delete secrets --all-namespaces --field-selector='type=kubernetes.io/service-account-token' diff --git a/scripts/restart-flannel.sh b/scripts/restart-flannel.sh deleted file mode 100755 index 359e1f0..0000000 --- a/scripts/restart-flannel.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -# master="etcd.service" -master="" -node="flannel.service" - -nodes="@nodes@" -master_node="@master@" -# nodes=$(kubectl get nodes --no-headers | cut -d' ' -f1) -# master_node=$(echo $nodes | cut -d' ' -f1) - -echo "$master_node: systemctl restart $master" -sudo systemctl restart $master - -for n in $nodes; do - echo "$n: systemctl restart $node" - ssh root@$n systemctl restart $node & -done - -echo "Waiting..." -wait diff --git a/scripts/restart-kubernetes.sh b/scripts/restart-kubernetes.sh deleted file mode 100755 index 8e392c4..0000000 --- a/scripts/restart-kubernetes.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -master="kube-apiserver kube-scheduler kube-controller-manager" -node="kube-proxy kubelet kube-certmgr-apitoken-bootstrap" - -nodes="@nodes@" -master_node="@master@" -# nodes=$(kubectl get nodes --no-headers | cut -d' ' -f1) -# master_node=$(echo $nodes | cut -d' ' -f1) - -echo "$master_node: systemctl restart $master" -sudo systemctl restart $master - -for n in $nodes; do - echo "$n: systemctl restart $node" - ssh root@$n systemctl restart $node & -done - -echo "Waiting..." -wait diff --git a/scripts/taint-node-no-schedule.sh b/scripts/taint-node-no-schedule.sh deleted file mode 100755 index 34e2431..0000000 --- a/scripts/taint-node-no-schedule.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -kubectl taint node $1 ClusterService="true":NoSchedule diff --git a/scripts/update-helm-repos.sh b/scripts/update-helm-repos.sh deleted file mode 100755 index 4f58e76..0000000 --- a/scripts/update-helm-repos.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -repos=( - "stable=https://charts.helm.sh/stable" - "ingress-nginx=https://kubernetes.github.io/ingress-nginx" - "prometheus-community=https://prometheus-community.github.io/helm-charts" - "hashicorp=https://helm.releases.hashicorp.com" - "bitnami=https://charts.bitnami.com/bitnami" - "minio=https://helm.min.io/" - "anchore=https://charts.anchore.io" - "linkerd=https://helm.linkerd.io/stable" -) - -for i in ${repos[@]}; do - IFS="=" - set $i - helm repo add $1 $2 -done - -helm repo update diff --git a/scripts/ws-curl.sh b/scripts/ws-curl.sh deleted file mode 100755 index 81166b5..0000000 --- a/scripts/ws-curl.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -host=$1; shift - -curl -i -N \ - -H "Connection: upgrade"\ - -H "Upgrade: websocket"\ - -H "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ=="\ - -H "Sec-WebSocket-Version: 13"\ - -H "Origin: http://foo.com/"\ - -H "Host: $host" $@ - diff --git a/scripts/zap-crashing-pods.sh b/scripts/zap-crashing-pods.sh deleted file mode 100755 index b41cff3..0000000 --- a/scripts/zap-crashing-pods.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -for i in (kubectl get pods -A |grep CrashLoop | sed 's/^\([^ ]\+\) \+\([^ ]\+\) .*/kubectl delete pod -n \1 \2 --force=true/'); eval $i; end diff --git a/scripts/zap-evicted-pods.sh b/scripts/zap-evicted-pods.sh deleted file mode 100755 index f874124..0000000 --- a/scripts/zap-evicted-pods.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -kubectl delete pods --field-selector 'status.phase==Failed' -A diff --git a/scripts/zap-node-exporters.sh b/scripts/zap-node-exporters.sh deleted file mode 100755 index 327d5d8..0000000 --- a/scripts/zap-node-exporters.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -for i in $(kubectl get nodes | sed -nr 's/^(k[^ ]+) .*/\1/p'); do - ssh root@$i pkill node_exporter -done