docs

content/docs/Devops/IaC/_index.md

@@ -0,0 +1,5 @@
+---
+title: IaC
+linkTitle: IaC # The title of left navigation, optional.
+navWeight: 1000 # Upper weight gets higher precedence, optional.
+---

content/docs/Devops/IaC/terraform.md

@@ -0,0 +1,51 @@
+---
+date: 2023-08-01T21:00:00+08:00
+title: 🐢 Terraform
+navWeight: 50 # Upper weight gets higher precedence, optional.
+series:
+  - IaC
+  - Terraform
+categories:
+  - Devops
+---
+
+
+### Validate Terraform code
+
+```bash
+dirs -c
+for DIR in $(find ./examples -type d); do
+   pushd $DIR
+   terraform init
+   terraform fmt -check
+   terraform validate
+   popd
+ done
+```
+
+### Execute Terraform
+
+```bash
+export DO_PAT="dop_v1_xxxxxxxxxxxxxxxx"
+doctl auth init --context rkub
+
+# inside a dir with a tf file 
+terraform init
+terraform validate
+terraform plan -var "do_token=${DO_PAT}"
+terraform apply -var "do_token=${DO_PAT}" -auto-approve
+
+# clean apply
+terraform plan -out=infra.tfplan -var "do_token=${DO_PAT}"
+terraform apply infra.tfplan
+
+# Control
+terraform show terraform.tfstate
+
+# Destroy
+terraform plan -destroy -out=terraform.tfplan -var "do_token=${DO_PAT}"
+terraform apply terraform.tfplan
+```
+
+* Connect to Droplet with private ssh key
+ssh root@$(terraform output -json ip_address_workers | jq -r '.[0]') -i .key

content/docs/Devops/Registry/quay.io.md

@@ -45,7 +45,6 @@ curl -u init: https://quay01.example.local:8443/v2/_catalog | jq
 curl -u root:password https://<url>:<port>/v2/ocp4/openshift4/tags/list | jq
 ```
 
-
 ### unlock user init/admin
 
 ```bash

content/docs/Devops/Repository/github.md

@@ -8,6 +8,15 @@ categories:
   - Devops
 ---
 
+### Get tag_name from latest
+
+```bash
+export RKE_VERSION=$(curl -s https://update.rke2.io/v1-release/channels | jq -r '.data[] | select(.id=="stable") | .latest' | awk -F"+" '{print $1}'| sed 's/v//')
+export CERT_VERSION=$(curl -s https://api.github.com/repos/cert-manager/cert-manager/releases/latest | jq -r .tag_name)
+export RANCHER_VERSION=$(curl -s https://api.github.com/repos/rancher/rancher/releases/latest | jq -r .tag_name)
+export LONGHORN_VERSION=$(curl -s https://api.github.com/repos/longhorn/longhorn/releases/latest | jq -r .tag_name)
+export NEU_VERSION=$(curl -s https://api.github.com/repos/neuvector/neuvector-helm/releases/latest | jq -r .tag_name)
+```
 
 ### Install gh
 ```bash

content/docs/Devops/SCM/git.md

@@ -34,11 +34,16 @@ git add -A
 ## Branches
 
 ```bash
-# List 
+# List local branch
 git branch
 master
 * new_branch
 
+# List remote branch
+git branch -r
+master
+* new_branch
+
 # Switch
 git checkout new_branch
 Switched to branch 'new_branch'

content/docs/Kubernetes/k3s.md

@@ -40,4 +40,23 @@ sudo systemctl status k3s-agent
 sudo podman run --privileged -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
 sudo podman ps 
 sudo podman logs 74533d50d991  2>&1 | grep "Bootstrap Password:"
-```
+```
+
+## Check Certificates 
+
+```bash
+# Get CA from K3s master
+openssl s_client -connect localhost:6443 -showcerts < /dev/null 2>&1 | openssl x509 -noout -enddate
+openssl s_client -showcerts -connect 193.168.51.103:6443 < /dev/null 2>/dev/null|openssl x509 -outform PEM
+openssl s_client -showcerts -connect 193.168.51.103:6443 < /dev/null 2>/dev/null|openssl x509 -outform PEM | base64 | tr -d '\n'
+
+# Check end date:
+for i in `ls /var/lib/rancher/k3s/server/tls/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done
+
+# More efficient: 
+cd /var/lib/rancher/k3s/server/tls/
+for crt in *.crt; do printf '%s: %s\n' "$(date --date="$(openssl x509 -enddate -noout -in "$crt"|cut -d= -f 2)" --iso-8601)" "$crt"; done | sort
+
+# Check CA issuer
+for i in $(find . -maxdepth 1 -type f -name "*.crt"); do  openssl x509 -in ${i} -noout -issuer; done
+```

content/docs/Kubernetes/network.md

@@ -0,0 +1,92 @@
+---
+date: 2023-08-01T21:00:00+08:00
+title: 🐙 Network troubleshooting
+navWeight: 50 # Upper weight gets higher precedence, optional.
+series:
+  - Infrastructure
+categories:
+  - Kubernetes
+---
+
+## Troubleshoot DNS
+
+* `vi dns.yml`
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dnsutils
+  namespace: default
+spec:
+  containers:
+  - name: dnsutils
+    image: registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3
+    command:
+      - sleep
+      - "infinity"
+    imagePullPolicy: IfNotPresent
+  restartPolicy: Always
+```
+
+* deploy dnsutils 
+
+```bash
+k apply -f dns.yml
+pod/dnsutils created
+
+kubectl get pods dnsutils
+NAME       READY   STATUS    RESTARTS   AGE
+dnsutils   1/1     Running   0          36s
+```
+
+* Troubleshoot with dnsutils
+
+```bash
+kubectl exec -i -t dnsutils -- nslookup kubernetes.default
+;; connection timed out; no servers could be reached
+command terminated with exit code 1
+
+kubectl exec -ti dnsutils -- cat /etc/resolv.conf
+search default.svc.cluster.local svc.cluster.local cluster.local psflab.local
+nameserver 10.43.0.10
+options ndots:5
+
+kubectl get endpoints kube-dns --namespace=kube-system
+NAME       ENDPOINTS                                  AGE
+kube-dns   10.42.0.6:53,10.42.0.6:53,10.42.0.6:9153   5d1h
+
+kubectl get svc kube-dns --namespace=kube-system
+NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
+kube-dns   ClusterIP   10.43.0.10   <none>        53/UDP,53/TCP,9153/TCP   5d1h
+```
+
+## CURL
+
+```bash
+cat << EOF > curl.yml 
+apiVersion: v1
+kind: Pod
+metadata:
+  name: curl
+  namespace: default
+spec:
+  containers:
+  - name: curl
+    image: curlimages/curl
+    command:
+      - sleep
+      - "infinity"
+    imagePullPolicy: IfNotPresent
+  restartPolicy: Always
+EOF
+
+k apply -f curl.yml 
+
+#Test du DNS
+kubectl exec -i -t curl -- curl -v telnet://10.43.0.10:53
+kubectl exec -i -t curl -- curl -v telnet://kube-dns.kube-system.svc.cluster.local:53
+kubectl exec -i -t curl -- nslookup kube-dns.kube-system.svc.cluster.local
+
+curl -k -I --resolve subdomain.domain.com:52.165.230.62 https:/subdomain.domain.com/
+```

content/news/wsl-beauty/index.md

@@ -52,31 +52,30 @@ wsl --unregister Ubuntu
 
 WSL is your Linux VM on windows, you can also use *Windows Terminal* for your own confort.
 
-Here some shortcut in *Windows Terminal* but not only 😉 : 
+Here some shortcut in *Windows Terminal* but not only 😉 :
 
-  - `alt + enter`      :  mode full ecran 
-  - `ctrl shift t`     :  terminal 
+  - `alt + enter`      :  mode full ecran
+  - `ctrl shift t`     :  terminal
   - `ctrl shift n`     :  new windows
-  - `ctrl alt 1 2 3`   :  changer de fenetre 
-  - `Windows + v`      :  see the paste buffer 
-  - `Alt Shift`   +    :  split vertical 
+  - `ctrl alt 1 2 3`   :  changer de fenetre
+  - `Windows + v`      :  see the paste buffer
+  - `Alt Shift`   +    :  split vertical
   - `Alt shit`    -    :  split horizontal
   - `Alt arrow`        :  to change panel
-  - `code .`           :  open VSCode from your current directory 
+  - `code .`           :  open VSCode from your current directory
 
-
-## Free some space on your WSL 
+## Free some space on your WSL
 
 * checks which directory contains the most data:
 
 ```bash
 du -h --max-depth 1
 ```
 
-* Activate Hyper-V module in windows features:   
+* Activate Hyper-V module in windows features:  
 
-  Inside the **control-panel** -> Turn windows features on or off -> activate Hyper-v -> restart.     
-  This is required to activate optimize-vhd command.   
+  Inside the **control-panel** -> Turn windows features on or off -> activate Hyper-v -> restart.  
+  This is required to activate optimize-vhd command.  
 
 
 * Let's shrink - As admin in powershell:
@@ -88,7 +87,6 @@ wsl --shutdown
 optimize-vhd -Path C:\Users\<USER>\AppData\Local\Packages\AlmaLinuxOSFoundation.AlmaLinux8WSL_xxxxxxxxxxxxxx\LocalState\ext4.vhdx -Mode full
 ```
 
-
 ## Export/Import your WSL
 
 ```powershell