ehlesp / smallab-k8s-pve-guide Goto Github PK

Pretty sure you meant TiB

When a user clicks the icon to copy the code to the clipboard, it includes the $ character and is not easily pasted to the command line. I can help with a PR for your guide, but I wanted to make sure you were ok first. For example.... The clipboard is filled with the text below

$ cd /usr/share/javascript/proxmox-widget-toolkit

for the first command from the Removing Subscriptions page.

Hi,
After launching Nextcloud, I've seen it complaining about the redis connection in the logs.

RedisException: WRONGPASS invalid username-password pair or user is disabled.

I've reread G033 and noticed a warning about the redis.pwd format. I updated the file by checking there are no line breaks and I switched to a way longer password without special characters (just in case).

After applying the change (kubectl apply -k), I noticed that if I go to my agent VM and browse to the config, the config.php hasn't changed.

$ sudo cat /mnt/nextcloud-ssd/html/k3smnt/config/config.php

'redis' =>
  array (
    'host' => '10.43.100.1',
    'password' => 'OLD_PASSWORD',
    'port' => 6379,
  ),

What is the correct way to have such files updated ?

Thank you for pulling this together. I am using this guide to attempt to bring K8s to my existing Proxmox setup. This has present problems where an existing setup typically doesn't have terabytes of empty disk space.

More clarity about how to resize existing partitions to match your recommendations in https://github.com/ehlesp/smallab-k8s-pve-guide/blob/main/G005%20-%20Host%20configuration%2003%20~%20LVM%20storage.md would be awesome.

Hey! This guide is absolutely awesome and incredibly thorough. One frustration when going through is that going from one "chapter" to the next is kind of a hassle - there's no "Next Page" or easily accessible table of contents to allow users to progress or get a sense of where they are in the entire thing.

Any thoughts on moving the content to the repo wiki, GitHub Pages, or even just a "Next Section" link at the bottom of each file?

I'd be happy to help contribute if needed!

Where's the issue located

• Guides: G010 - Host hardening 04 ~ Enabling Fail2Ban
• Sections: https://github.com/ehlesp/smallab-k8s-pve-guide/blob/main/G010%20-%20Host%20hardening%2004%20~%20Enabling%20Fail2Ban.md#configuring-the-proxmox-ve-jail

What's the problem

regex failregex is failing when we test against daemon.log (journalctl compliancy):

root@pve:~# fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf

Running tests
=============

Use   failregex filter file : proxmox, basedir: /etc/fail2ban
ERROR: Unable to compile regular expression 'pvedaemon[.authentication (verification )?failure; rhost=(?:\[?(?:(?:::f{4,6}:)?(?P<ip4>(?:\d{1,3}\.){3}\d{1,3})|(?P<ip6>(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)))\]?|(?P<dns>[\w\-.^_]*\w)) user=. msg=.*':
unbalanced parenthesis at position 146

CURRENT REGEX block in /etc/fail2ban/filter.d/proxmox.conf:

[Definition]
failregex = pvedaemon\[.*authentication (verification )?failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

SHOULD BE INSTEAD in /etc/fail2ban/filter.d/proxmox.conf:

[Definition]
failregex = pvedaemon\[[0-9]+\]: authentication (verification )?failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

HO, and i cannot forget to THANK YOU for this wonderful guide !
You made a massive work, and much much appreciated.

.orig vs .bkp

Where's the issue located

• Guides: G015
• Sections: https://github.com/ehlesp/smallab-k8s-pve-guide/blob/main/G015%20-%20Host%20optimization%2001%20~%20Adjustments%20through%20sysctl.md?plain=1#L63

What's the problem

The net.ipv4.tcp_keepalive_time is off by a factor of ten. The comment says it should be set to 10 minutes, which is 600 seconds, and not 60.

Did you come across this issue, or you know what could be causing this it?

Where's the issue located

• G035 - Deploying services 04 ~ Monitoring stack - Part 4 - Prometheus server
• https://github.com/ehlesp/smallab-k8s-pve-guide/blob/main/G035%20-%20Deploying%20services%2004%20~%20Monitoring%20stack%20-%20Part%204%20-%20Prometheus%20server.md#configuration-file-prometheusyaml

What's the problem

The regex 'node-exporter' is not matching the endpoint name, which is "mntr-agent-prometheus-node-exporter".
The easy fix is to replace the regex with '.*node-exporter'.

- job_name: 'node-exporter'
    scrape_interval: 55s
    kubernetes_sd_configs:
      - role: endpoints
    relabel_configs:
    - source_labels: [__meta_kubernetes_endpoints_name]
      regex: 'node-exporter'
      action: keep

should be

- job_name: 'node-exporter'
    scrape_interval: 55s
    kubernetes_sd_configs:
      - role: endpoints
    relabel_configs:
    - source_labels: [__meta_kubernetes_endpoints_name]
      regex: '.*node-exporter'
      action: keep

Great guide by the way!