Helm chart custom values

nginx-chart-files/
├── index.yaml
├── nginx-0.1.0.tgz
└── nginx-0.2.0.tgz

Generate manifest:

helm template ./direcotry  -f values.yaml --output-dir output_dir

helm template ./direcotry -f values.yml

#render in stdout

helm template ./direcotry  -f values.yaml --dry-run
  • Create helm package (.gz file)
helm package ./direcotry_path
apiVersion: {{ template "controller.apiVersion" . }}
kind: {{ .Values.controller.kind }}
metadata:
  labels:
{{ $labels | indent 4 }}
  name: {{ $name }}
  namespace: {{ $.Release.Namespace }}
---
    spec:
    {{- with .Values.controller.hostAliases }}
      hostAliases:
{{ toYaml . | indent 8 }}
    {{- end }}
---

values.yml

controller:
  create: true
  kind: Deployment


---
  terminationGracePeriodSeconds: 30
  hostAliases:
  - hostnames:
    - example.com
    ip: 127.0.0.1

index.html

apiVersion: v1
entries:
  nginx:
  - apiVersion: v2
    appVersion: 1.16.0
    created: "2021-07-03T21:59:00.34571153-04:00"
    digest: b22a325b03c8e88b6a6a8d1a8e79f5d0498813855174a983426466b6de5a5f71
    maintainers:
    - email: john@example.com
      name: John Smith
    name: nginx
    type: application
    urls:
    - https://example.com/charts/nginx-0.1.0.tgz
    version: 0.1.0
  - apiVersion: v2
    appVersion: 1.17.0
    created: "2021-07-03T21:59:00.34571153-04:00"
    digest: b22a325b03c8e88b6a6a8d1a8e79f5d0498813855174a983426466b6de5a5f71
    maintainers:
    - email: john@example.com
      name: John Smith
    name: nginx
    type: application
    urls:
    - https://example.com/charts/nginx-0.2.0.tgz
    version: 0.2.0

https://kodekloud.com/blog/uploading-a-helm-chart/

Remove weak Ciphers SSL – nginx

GCM is preferred over CBC

  • Verify with cipher is being used?
nmap --script ssl-enum-ciphers -p 443 example.com
  • update nginx.conf
ssl_ciphers         HIGH:!aNULL:!MD5!TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;

https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

https://stackoverflow.com/questions/62900667/aws-alb-prevent-usage-of-tls-ecdhe-rsa-with-aes-128-cbc-sha256

Backup and Restore etcd snapshot for Kubernetes

  1. Create a deployment to verify the restore in the end
k create deploy nginx-test --image=nginx

2. Update the cert path as per /etc/kubernetes/mainifest/etcd.yaml

ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
--cacert=<trusted-ca-file> \
--cert=<cert-file> --key=<key-file> \
  snapshot save /tmp/etcd.backup

2. Stop kubelet

systemctl stop kubelet

3. Stop kube-api and etcd

mv /etc/kubernetes/manifests/kube-apiserver.yaml /root/
mv /etc/kubernetes/manifests/etcd.yaml /root/

4. Restore the etcd.backup

ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 snapshot restore etcd.backup

It will create “default.etcd” directory in current directory

[root@lp-k8control-1 etcd]# ls default.etcd/
member

5. Look at /etc/kubernetes/manifests/etcd.yaml etcd-data (/var/lib/etcd) directory path

[root@lp-k8control-1 default.etcd]# ls /var/lib/etcd
member

6. Copy member directory content from default.etcd to /var/lib/etcd

7. Start kube-api and etcd

mv /root/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml
mv /root/etcd.yaml /etc/kubernetes/manifests/etcd.yaml

8. Restart kubelet service

systemctl restart kubelet

9. Verify if nginx deployment we created in step 1 is restored

k get deploy

Switch relay with Raspberry pi + Arduino Uno

The 5V Relay switch require that i have require around 52mA current to work properly.

  • Raspberry pi max GPIO current with 5v Relay = ?
  • Arduino pin 13 current with 5v Relay = 38.5mA
  • Arduino pin 13 + 12 current with 5v Relay = 45 mA
  • Arduino pin 13 + 12 + 2 current with 5v Relay = 47.3 mA ( This worked )

So Now i can use Arduino as a switch on/off. Also I needed this switching to be based on some external events. So I used Aurdino Pin 2 as INPUT pin and added one 2.7K ohm resistor to from pin2 to Ground.

int status = 0;

void setup() {
  pinMode(13, OUTPUT);
  pinMode(12, OUTPUT);
  pinMode(2, INPUT);
}

void loop() {
  status = digitalRead(2);
  if (status == HIGH) {
    digitalWrite(13, HIGH);
    digitalWrite(12, HIGH);
    digitalWrite(8, HIGH);
  }
  else {
    digitalWrite(13, LOW);
    digitalWrite(12, L0W);
    digitalWrite(8, LOW);
  }
}

Switch ON = 7PM
Switch OFF = 12AM

  • added Cronjob on Raspberry Pi 4
0 19 * * * /usr/bin/python3.8 /opt/led.py on
0 0 * * * /usr/bin/python3.8 /opt/led.py on

led.py

import RPi.GPIO as GPIO
from time import sleep 
import sys

GPIO.setwarnings(False)
GPIO.setmode(GPIO.BCM)
GPIO.setup(21, GPIO.OUT, initial=GPIO.LOW)

if sys.argv[1] == "on":
    GPIO.output(21, GPIO.HIGH)
    #print("on")
    exit()
elif sys.argv[1] == "off":
    GPIO.output(21, GPIO.LOW)
    #print("off")
    exit()

Raspberry Pi Max current with GPIO for LED

Note: withdrawing more current(~15mA) from GPIO can affect the Rpi
https://raspberrypi.stackexchange.com/questions/9298/what-is-the-maximum-current-the-gpio-pins-can-output

  • Use 5V Pin (2,4)
  • Use GPIO as Negative volt
  • Max current withdrawn was 23mA for my use case
import RPi.GPIO as GPIO
from time import sleep 
import sys

GPIO.setwarnings(False)
GPIO.setmode(GPIO.BCM)
GPIO.setup(21, GPIO.OUT, initial=GPIO.HIGH)

if sys.argv[1] == "on":
    GPIO.output(21, GPIO.LOW)
    #print("on")
    exit()

Fore More brightness:

  • Add multiple GPIO as GROUND
  • After adding GPIO20 as ground it was taking ~18mA from GPIO20
  • And Overall of ~36mA from both GPIO 20 and 21