josecastillolema · September 7, 2024 10:07 · Sep 7, 2024 · Sep 7, 2024 · May 30, 2024 · May 2, 2024
diff --git a/tricks.md b/tricks.md
@@ -205,7 +205,7 @@ spec:
     ```
 - Find bandwidth usage from oc debug pod:
     ```
-    # watch 'ifstat | egrep "ens2f1|br-ex"'
+    # watch 'ifstat | egrep "Interface|ens2f1|br-ex"'
     Interface        RX Pkts/Rate    TX Pkts/Rate    RX Data/Rate    TX Data/Rate
     ens2f1            207410 0        302468 0       198718K 0       373721K 0
     br-ex              87834 0         73934 0       186289K 0       358096K 0

diff --git a/tricks.md b/tricks.md
@@ -178,28 +178,35 @@ spec:
 
 ## Network
 
-Limit bandwidth:
+- Limit bandwidth:
 
-```
-nsenter -n -t 1740238 tc qdisc add dev net1 root tbf rate 10Gbit latency 9999ms burst 2G
-```
+    ```
+    nsenter -n -t 1740238 tc qdisc add dev net1 root tbf rate 10Gbit latency 9999ms burst 2G
+    ```
 
-tcpdump:
-```
-tcpdump -i net1 -c 40 "tcp and src 192.168.216.1"
-```
- - [What and how length is determined in tcpdump](https://unix.stackexchange.com/questions/473594/what-and-how-length-is-determined-in-tcpdump)
- - When generating TCP packets gith a given size (i.e.: with uperf) you won't see the specific packet size in the dumps because the TCP stack aggregates TCP packets up to the MTU size (without TCP segmentation offload) and even bigger than the MTU size (with TCP segmentation offload)
- - UDP generated packets will show the appropiate size in the dumps:
+- tcpdump:
     ```
-    11:27:56.800634 IP 192.168.216.1.57293 > 10.129.2.125.33735: UDP, length 1500
+    tcpdump -i net1 -c 40 "tcp and src 192.168.216.1"
     ```
+    - [What and how length is determined in tcpdump](https://unix.stackexchange.com/questions/473594/what-and-how-length-is-determined-in-tcpdump)
+    - When generating TCP packets gith a given size (i.e.: with uperf) you won't see the specific packet size in the dumps because the TCP stack aggregates TCP packets up to the MTU size (without TCP segmentation offload) and even bigger than the MTU size (with TCP segmentation offload)
+    - UDP generated packets will show the appropiate size in the dumps:
+        ```
+        11:27:56.800634 IP 192.168.216.1.57293 > 10.129.2.125.33735: UDP, length 1500
+       ```
     
-Find NIC model:
-```
-# realpath /sys/class/net/ens2f0
-/sys/devices/pci0000:97/0000:97:02.0/0000:98:00.0/net/ens2f0
+- Find NIC model:
+    ```
+    # realpath /sys/class/net/ens2f0
+    /sys/devices/pci0000:97/0000:97:02.0/0000:98:00.0/net/ens2f0
 
-# lspci | grep 98:00.0
-98:00.0 Ethernet controller: Mellanox Technologies MT2892 Family [ConnectX-6 Dx]
-```
+    # lspci | grep 98:00.0
+    98:00.0 Ethernet controller: Mellanox Technologies MT2892 Family [ConnectX-6 Dx]
+    ```
+- Find bandwidth usage from oc debug pod:
+    ```
+    # watch 'ifstat | egrep "ens2f1|br-ex"'
+    Interface        RX Pkts/Rate    TX Pkts/Rate    RX Data/Rate    TX Data/Rate
+    ens2f1            207410 0        302468 0       198718K 0       373721K 0
+    br-ex              87834 0         73934 0       186289K 0       358096K 0
+    ```
diff --git a/tricks.md b/tricks.md
@@ -25,7 +25,7 @@ oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson
 ### Admin service account
 ```
 $ oc create sa clusteradmin
-$  oc adm policy add-cluster-role-to-user -z clusteradmin cluster-admin
+$ oc adm policy add-cluster-role-to-user -z clusteradmin cluster-admin
 ```
 
 ### Nginx

diff --git a/tricks.md b/tricks.md
@@ -2,21 +2,26 @@
 
 ### One liners
 
-Create a debug pod:
+Create a **debug pod**:
 ```
 $ kubectl run -it --tty --rm debug --image=alpine --restart=Never -- sh -n <namespace>
 ```
 
-Create a pod:
+Create a **pod**:
 ```
 $ kubectl run nginx --image=nginx --port=80 --restart=Never
 ```
 
-Create a deployment:
+Create a **deployment**:
 ```
 $ kubectl create deployment kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1
 ```
 
+Change **pull secret** of a running cluster:
+```
+oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=pull-secret.txt
+```
+
 ### Admin service account
 ```
 $ oc create sa clusteradmin

diff --git a/tricks.md b/tricks.md
@@ -118,6 +118,12 @@ oc get machinesets
 oc delete bmh <host_name> -n openshift-machine-api 
 ```
 
+### Define a % of nodes to be rebooted at the same time
+
+ - mcp
+    - under spec
+        - maxUnavailable: 50%
+
 ### Enter container network namespace:
 ```
 [root@openshift-worker-1 /]# NAME=nginx-web-app-5dbd5f5cb5-rz7l4

diff --git a/tricks.md b/tricks.md
@@ -102,6 +102,22 @@ $ oc get po -o yaml ovnkube-master-b96q7 -n openshift-ovn-kubernetes | grep imag
     image: quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
 ```
 
+### Scale down baremetal nodes
+```
+oc get nodes
+oc adm cordon <node_name>
+oc adm drain <node_name> --force=true
+
+oc get machinesets -n openshift-machine-api
+oc scale --replicas=1 machineset <machineset> -n openshift-machine-api
+
+# Check active worker nodes, it would have been reduced to 1
+oc get nodes  
+oc get machinesets
+
+oc delete bmh <host_name> -n openshift-machine-api 
+```
+
 ### Enter container network namespace:
 ```
 [root@openshift-worker-1 /]# NAME=nginx-web-app-5dbd5f5cb5-rz7l4

diff --git a/tricks.md b/tricks.md
@@ -17,6 +17,12 @@ Create a deployment:
 $ kubectl create deployment kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1
 ```
 
+### Admin service account
+```
+$ oc create sa clusteradmin
+$  oc adm policy add-cluster-role-to-user -z clusteradmin cluster-admin
+```
+
 ### Nginx
 
 Nginx pod with customizable HTTP object length:

diff --git a/tricks.md b/tricks.md
@@ -9,7 +9,7 @@ $ kubectl run -it --tty --rm debug --image=alpine --restart=Never -- sh -n <name
 
 Create a pod:
 ```
-kubectl run nginx --image=nginx --port=80 --restart=Never
+$ kubectl run nginx --image=nginx --port=80 --restart=Never
 ```
 
 Create a deployment:

diff --git a/tricks.md b/tricks.md
@@ -7,6 +7,11 @@ Create a debug pod:
 $ kubectl run -it --tty --rm debug --image=alpine --restart=Never -- sh -n <namespace>
 ```
 
+Create a pod:
+```
+kubectl run nginx --image=nginx --port=80 --restart=Never
+```
+
 Create a deployment:
 ```
 $ kubectl create deployment kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1

diff --git a/tricks.md b/tricks.md
@@ -1,7 +1,20 @@
 ## K8s / OpenShift
 
-Nginx pod with customizable HTTP object length:
+### One liners
+
+Create a debug pod:
+```
+$ kubectl run -it --tty --rm debug --image=alpine --restart=Never -- sh -n <namespace>
+```
 
+Create a deployment:
+```
+$ kubectl create deployment kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1
+```
+
+### Nginx
+
+Nginx pod with customizable HTTP object length:
 ```
 apiVersion: v1
 kind: Pod
@@ -26,8 +39,7 @@ spec:
       privileged: true
 ```
 
-Uperf pod:
-
+### Uperf
 ```
 kind: Pod
 apiVersion: v1
@@ -48,8 +60,7 @@ spec:
     kubernetes.io/hostname: worker003-fc640
 ```
 
-Working nodePort service:
-
+### nodePort service
 ```
 apiVersion: v1
 kind: Service
@@ -70,8 +81,7 @@ spec:
     name: nginx
 ```
 
-Change OVN image:
-
+### Change OVN image
 ```
 $ oc get po -o yaml ovnkube-master-45gw8 -n openshift-ovn-kubernetes | grep image | head -n1
     image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0254ef7bc2c26538a56f4f57f140aff0d101b896b0702d76653d6ec4ad7056dd
@@ -81,8 +91,7 @@ $ oc get po -o yaml ovnkube-master-b96q7 -n openshift-ovn-kubernetes | grep imag
     image: quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
 ```
 
-Enter container network namespace:
-
+### Enter container network namespace:
 ```
 [root@openshift-worker-1 /]# NAME=nginx-web-app-5dbd5f5cb5-rz7l4
 [root@openshift-worker-1 /]# NAMESPACE=spk-app
@@ -91,7 +100,7 @@ Enter container network namespace:
 [root@openshift-worker-1 /]# nsenter -n -t $pid -- ip a
 ```
 
-Sysctl tunnings:
+### Sysctl tunnings
 ```
 apiVersion: tuned.openshift.io/v1
 kind: Tuned

diff --git a/tricks.md b/tricks.md
@@ -146,4 +146,13 @@ tcpdump -i net1 -c 40 "tcp and src 192.168.216.1"
  - UDP generated packets will show the appropiate size in the dumps:
     ```
     11:27:56.800634 IP 192.168.216.1.57293 > 10.129.2.125.33735: UDP, length 1500
-    ```
+    ```
+    
+Find NIC model:
+```
+# realpath /sys/class/net/ens2f0
+/sys/devices/pci0000:97/0000:97:02.0/0000:98:00.0/net/ens2f0
+
+# lspci | grep 98:00.0
+98:00.0 Ethernet controller: Mellanox Technologies MT2892 Family [ConnectX-6 Dx]
+```
diff --git a/tricks.md b/tricks.md
@@ -141,4 +141,9 @@ tcpdump:
 ```
 tcpdump -i net1 -c 40 "tcp and src 192.168.216.1"
 ```
- - [What and how length is determined in tcpdump](https://unix.stackexchange.com/questions/473594/what-and-how-length-is-determined-in-tcpdump)
+ - [What and how length is determined in tcpdump](https://unix.stackexchange.com/questions/473594/what-and-how-length-is-determined-in-tcpdump)
+ - When generating TCP packets gith a given size (i.e.: with uperf) you won't see the specific packet size in the dumps because the TCP stack aggregates TCP packets up to the MTU size (without TCP segmentation offload) and even bigger than the MTU size (with TCP segmentation offload)
+ - UDP generated packets will show the appropiate size in the dumps:
+    ```
+    11:27:56.800634 IP 192.168.216.1.57293 > 10.129.2.125.33735: UDP, length 1500
+    ```
diff --git a/tricks.md b/tricks.md
@@ -114,6 +114,20 @@ spec:
     priority: 10
     profile: openshift-ingress
 ```
+- A number of sysctls are namespaced in today's Linux kernels
+  - [Using sysctls in a Kubernetes Cluster](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#setting-sysctls-for-a-pod)
+  - To confirm, rsh into the pod and list i.e.: `/proc/net`:
+    ```
+    sh-5.1# ls /proc/net/
+    anycast6      icmp           ip6_mr_vif         mcfilter             packet     rpc        sockstat6     udp6
+    arp           icmp6          ip_mr_cache        mcfilter6            protocols  rt6_stats  softnet_stat  udplite
+    dev           if_inet6       ip_mr_vif          netfilter            psched     rt_acct    stat          udplite6
+    dev_mcast     igmp           ip_tables_matches  netlink              ptype      rt_cache   tcp           unix
+    dev_snmp6     igmp6          ip_tables_names    netstat              raw        snmp       tcp6          xfrm_stat
+    fib_trie      ip6_flowlabel  ip_tables_targets  nf_conntrack         raw6       snmp6      tls_stat
+    fib_triestat  ip6_mr_cache   ipv6_route         nf_conntrack_expect  route      sockstat   udp
+    ```
+    Anything not in the directory, should be consider as namespaced.
 
 ## Network
 

diff --git a/tricks.md b/tricks.md
@@ -127,4 +127,4 @@ tcpdump:
 ```
 tcpdump -i net1 -c 40 "tcp and src 192.168.216.1"
 ```
- - https://unix.stackexchange.com/questions/473594/what-and-how-length-is-determined-in-tcpdump
+ - [What and how length is determined in tcpdump](https://unix.stackexchange.com/questions/473594/what-and-how-length-is-determined-in-tcpdump)
diff --git a/tricks.md b/tricks.md
@@ -126,4 +126,5 @@ nsenter -n -t 1740238 tc qdisc add dev net1 root tbf rate 10Gbit latency 9999ms
 tcpdump:
 ```
 tcpdump -i net1 -c 40 "tcp and src 192.168.216.1"
-```
+```
+ - https://unix.stackexchange.com/questions/473594/what-and-how-length-is-determined-in-tcpdump
diff --git a/tricks.md b/tricks.md
@@ -1,3 +1,5 @@
+## K8s / OpenShift
+
 Nginx pod with customizable HTTP object length:
 
 ```
@@ -89,8 +91,39 @@ Enter container network namespace:
 [root@openshift-worker-1 /]# nsenter -n -t $pid -- ip a
 ```
 
+Sysctl tunnings:
+```
+apiVersion: tuned.openshift.io/v1
+kind: Tuned
+metadata:
+  name: ingress
+  namespace: openshift-cluster-node-tuning-operator
+spec:
+  profile:
+  - data: |
+      [main]
+      summary=A custom OpenShift ingress profile
+      include=openshift-control-plane
+      [sysctl]
+      net.netfilter.nf_conntrack_tcp_timeout_close=10
+      net.netfilter.nf_conntrack_tcp_timeout_close_wait=10
+    name: openshift-ingress
+  recommend:
+  - match:
+    - label: node-role.kubernetes.io/worker
+    priority: 10
+    profile: openshift-ingress
+```
+
+## Network
+
 Limit bandwidth:
 
 ```
 nsenter -n -t 1740238 tc qdisc add dev net1 root tbf rate 10Gbit latency 9999ms burst 2G
+```
+
+tcpdump:
+```
+tcpdump -i net1 -c 40 "tcp and src 192.168.216.1"
 ```
diff --git a/tricks.md b/tricks.md
@@ -71,7 +71,7 @@ spec:
 Change OVN image:
 
 ```
-$ oc get -o yaml ovnkube-master-45gw8 -n openshift-ovn-kubernetes | grep image | head -n1
+$ oc get po -o yaml ovnkube-master-45gw8 -n openshift-ovn-kubernetes | grep image | head -n1
     image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0254ef7bc2c26538a56f4f57f140aff0d101b896b0702d76653d6ec4ad7056dd
 $ oc scale -n openshift-cluster-version deployment.apps/cluster-version-operator --replicas=0
 $ oc -n openshift-network-operator set env deployment.apps/network-operator OVN_IMAGE=quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix

diff --git a/tricks.md b/tricks.md
@@ -5,9 +5,8 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: nginxw42
-  namespace: served-ns-0
-  #namespace: nodeport
-  label:          # labels?
+  namespace: nodeport
+  labels:
     name: nginx
 spec:
     containers:
@@ -60,10 +59,10 @@ metadata:
 spec:
   type: NodePort
   ports:
-    - port: 80
-      targetPort: 80
-      protocol: TCP
-      nodePort: 30081
+  - port: 80
+    targetPort: 80
+    protocol: TCP
+    nodePort: 30081
   externalTrafficPolicy: Local
   selector:
     name: nginx

diff --git a/tricks.md b/tricks.md
@@ -25,6 +25,28 @@ spec:
       privileged: true
 ```
 
+Uperf pod:
+
+```
+kind: Pod
+apiVersion: v1
+metadata:    
+  name: uperf
+  namespace: served-ns-0
+spec:
+  containers:
+  - name: uperf
+    image: quay.io/cloud-bulldozer/uperf:latest
+    command: ["/bin/sh","-c"]
+    args: ["uperf -s -v -P 20000"]
+    ports:
+    - containerPort: 20000
+  securityContext:
+    privileged: true
+  nodeSelector:
+    kubernetes.io/hostname: worker003-fc640
+```
+
 Working nodePort service:
 
 ```

diff --git a/tricks.md b/tricks.md
@@ -58,6 +58,16 @@ $ oc get po -o yaml ovnkube-master-b96q7 -n openshift-ovn-kubernetes | grep imag
     image: quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
 ```
 
+Enter container network namespace:
+
+```
+[root@openshift-worker-1 /]# NAME=nginx-web-app-5dbd5f5cb5-rz7l4
+[root@openshift-worker-1 /]# NAMESPACE=spk-app
+[root@openshift-worker-1 /]# pod_id=$(chroot /host crictl pods --namespace ${NAMESPACE} --name ${NAME} -q)
+[root@openshift-worker-1 /]# pid=$(chroot /host bash -c "runc state $pod_id | jq .pid")
+[root@openshift-worker-1 /]# nsenter -n -t $pid -- ip a
+```
+
 Limit bandwidth:
 
 ```

diff --git a/tricks.md b/tricks.md
@@ -56,4 +56,10 @@ $ oc scale -n openshift-cluster-version deployment.apps/cluster-version-operator
 $ oc -n openshift-network-operator set env deployment.apps/network-operator OVN_IMAGE=quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
 $ oc get po -o yaml ovnkube-master-b96q7 -n openshift-ovn-kubernetes | grep image | head -n 1
     image: quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
+```
+
+Limit bandwidth:
+
+```
+nsenter -n -t 1740238 tc qdisc add dev net1 root tbf rate 10Gbit latency 9999ms burst 2G
 ```
diff --git a/tricks.md b/tricks.md
@@ -45,4 +45,15 @@ spec:
   externalTrafficPolicy: Local
   selector:
     name: nginx
+```
+
+Change OVN image:
+
+```
+$ oc get -o yaml ovnkube-master-45gw8 -n openshift-ovn-kubernetes | grep image | head -n1
+    image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0254ef7bc2c26538a56f4f57f140aff0d101b896b0702d76653d6ec4ad7056dd
+$ oc scale -n openshift-cluster-version deployment.apps/cluster-version-operator --replicas=0
+$ oc -n openshift-network-operator set env deployment.apps/network-operator OVN_IMAGE=quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
+$ oc get po -o yaml ovnkube-master-b96q7 -n openshift-ovn-kubernetes | grep image | head -n 1
+    image: quay.io/trozet/ovn-kubernetes:dceara-ecmp-symmetric-fix
 ```
diff --git a/tricks.md b/tricks.md
@@ -7,7 +7,7 @@ metadata:
   name: nginxw42
   namespace: served-ns-0
   #namespace: nodeport
-  label:
+  label:          # labels?
     name: nginx
 spec:
     containers:

diff --git a/tricks.md b/tricks.md
@@ -0,0 +1,48 @@
+Nginx pod with customizable HTTP object length:
+
+```
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginxw42
+  namespace: served-ns-0
+  #namespace: nodeport
+  label:
+    name: nginx
+spec:
+    containers:
+      - name: nginx
+        image: quay.io/jcastillolema/nginx 
+        ports:
+        - containerPort: 80
+        lifecycle:
+          postStart:
+            exec:
+              command: ["/bin/sh", "-c", "tr -dc A-Za-z0-9 </dev/urandom | head -c 512k > /usr/share/nginx/html/index.html"]
+    nodeSelector:
+      kubernetes.io/hostname: worker004-fc640
+    securityContext:
+      privileged: true
+```
+
+Working nodePort service:
+
+```
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-np
+  namespace: nodeport
+  labels:
+    name: nginx-np
+spec:
+  type: NodePort
+  ports:
+    - port: 80
+      targetPort: 80
+      protocol: TCP
+      nodePort: 30081
+  externalTrafficPolicy: Local
+  selector:
+    name: nginx
+```
No results found