Skip to content

Instantly share code, notes, and snippets.

View flrichar's full-sized avatar
Gitops Platform Curation

Fred Richards flrichar

Gitops Platform Curation
45 followers · 45 following
View GitHub Profile
@flrichar
flrichar / systemd-cpulimit.md
Created February 6, 2026 14:18
stupid service cpu limit

CPULimit for systemd service

Sometimes it is necessary and cannot be avoided.

vi /etc/systemd/system/something.service

[service]
CPUQuota=50%
...
@flrichar
flrichar / remote-pprof.md
Last active February 5, 2026 19:30
go pprof profile from k8s vm node

Remote golang pprof

  • Enable pprof & optional debug in config.yaml for k3s
  • kubectl proxy, shoud choose port 8001 by default
  • go tool pprof http://localhost:8001/debug/pprof/profile for interactive funtimes
# k3s config ...
debug: true
enable-pprof: true
@flrichar
flrichar / postrouting-snat.md
Created January 13, 2026 16:18
plab postrouting snat table rules

Output of PLab PostRouting for NAT Table, CNI, Bridge, SNAT-1022

$ iptables -t nat -L POSTROUTING -vn --line
Chain POSTROUTING (policy ACCEPT 3159 packets, 581K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     4217  663K CNI-HOSTPORT-MASQ  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* CNI portfwd requiring masquerade */
2     1058 81606 CNI-8d379e8c80a1fb6e997fb316  all  --  *      *       10.4.0.2             0.0.0.0/0            /* name: "bridge" id: "moby-0b65d5a522417587f04a5f4429c5b63ec2fca1065291d12c7f91b158cf18f8e1" */
3        0     0 MASQUERADE  all  --  *      eth0.87  10.16.22.0/24       !10.0.0.0/8           /* SNAT 1022 through eth0.87 via fiber-inetgw */
@flrichar
flrichar / ipchange-rke2-clusterreset.md
Last active January 13, 2026 16:07
RKE2 IP Change

2025-1201 IP-Change Restore Example

  • Always use S3 for backups
  • Enable adequate, constant, consistent backups
  • Single-Nodes for Development, ensure quick turnaround

Example ...

Address changed from .147 to .180 ... Verified the timestamp was the same from 11/21 locally & in S3. Do not require full-path for S3 bucket data.

  • sudo systemctl disable --now rke2-server
@flrichar
flrichar / mini-gwapi-istio.md
Last active January 13, 2026 16:07
Mini GwAPI Istio

Mini GwAPI

Control-plane only Istio for gateway api, installing latest 1.3.0 CRDs. Simple adjustments for newer api versions and istio releases.

kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.3.0" | kubectl apply -f -;

helm install -n istio-system upstream-istio istio/istiod --set gateway.enabled=true --set istiod.profile=minimal --version 1.27.0 --create-namespace
@flrichar
flrichar / leapmicro-ml.md
Last active January 13, 2026 16:13
leap-micro mainline kernel

Mainline Testing Kernel

transactional-update shell

zypper ar -f http://download.opensuse.org/repositories/Kernel:/HEAD/standard/ kernel-repo
zypper ref
zypper dist-upgrade --allow-vendor-change --from kernel-repo

# zypper dup
@flrichar
flrichar / fleet-metrics.md
Last active January 13, 2026 16:12
fleet metrics

Some Fleet Metrics

  • would prefer curl, but okay
  • more recent fleet versions use deploy/fleet-agent instead of a statefulset
k exec -it -n cattle-fleet-local-system fleet-agent-0 -- wget -qO - monitoring-fleet-controller.cattle-fleet-system.svc.cluster.local:8080/metrics

k exec -it -n cattle-fleet-local-system fleet-agent-0 -- wget -qO - monitoring-gitjob.cattle-fleet-system.svc.cluster.local:8081/metrics
@flrichar
flrichar / fleet-bundle-lint.md
Last active October 6, 2025 13:58
Lint Fleet Bundles

Lint Fleet.yaml Bundle Definitions

  • nctl command is a local alias for nervctl with options/flags
nctl run -v $(pwd):/tmp/pwd --rm rancher/fleet:v0.11.9 -- /usr/bin/fleet apply BUNDLE100 /tmp/pwd/ -o -

### or ...

podman run -v $(pwd):/tmp/pwd --rm docker.io/rancher/fleet:v0.11.9 /usr/bin/fleet apply BUNDLE100 /tmp/pwd/ -o -
@flrichar
flrichar / rancher-proxy-jwt.md
Last active May 30, 2025 19:25
rancher jwt proxy

Proxy the Entire Path

Example

kubectl get --raw /k8s/clusters/c-m-abc123xyz456/.well-known/openid-configuration
kubectl get --raw /k8s/clusters/c-m-abc123xyz456/openid/v1/jwks

...

@flrichar
flrichar / ingress-nightmare.yaml
Created March 25, 2025 13:47
Ingress Nightmare Mitigation
---
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-ingress-nginx
namespace: kube-system
spec:
valuesContent: |-
controller:
admissionWebhooks: