Cloud/Shahed/AA: Difference between revisions

Latest revision as of 00:01, 21 September 2025

SSH

ssh -qt shahed@shahed-aa.local bash

cat <<'EXE' | sudo bash
free -th && echo && systemd-analyze && echo
df -h    && echo && lsblk && echo
swapon --show
EXE

WOL

cat <<'EXE'| sudo bash
apt-get update;echo
apt list -a --upgradable;echo
apt-get install -y wakeonlan;echo
EXE

WOL » MAC » Find

WOL_HOST='shahed-an.local'
ping -q -c5 "${WOL_HOST}" >/dev/null
WOL_IPV4="$(getent hosts "${WOL_HOST}"|awk '{print $1}')"
WOL_MACA="$(arp -n "${WOL_IPV4}"|awk 'NR==2 {print $3}')"
printf '\n%s » %s » %s\n' "${WOL_HOST}" "${WOL_IPV4}" "${WOL_MACA}"

WOL » Shahed » AE

wakeonlan 8c:c6:81:94:70:91

WOL » Shahed » AN

wakeonlan 84:47:09:3c:3e:0a
wakeonlan 84:47:09:3c:3e:09

for((;;));do \
wakeonlan 84:47:09:3c:3e:0a;\
wakeonlan 84:47:09:3c:3e:09;\
sleep 600;\
done

WOL » Shahed » AO

wakeonlan 60:eb:69:95:76:4a

Attach » NFS » Volume

smb » shahed-an.local » shahed-aa
cat <<'EXE'\| sudo bash apt-get update;echo apt list -a --upgradable;echo apt-get install -y cifs-utils;echo EXE

cat <<'EXE'\| sudo bash cat <<'INI'\| tee /etc/default/nfs-shahed-aa >/dev/null username=shahed-aa password=sadaqah! INI chmod 600 /etc/default/nfs-shahed-aa chown root:root /etc/default/nfs-shahed-aa EXE

cat <<'EXE'\| sudo bash mkdir -p /var/nfs/backup mount -t cifs //shahed-an.local/shahed-aa /var/nfs/backup -o credentials=/etc/default/nfs-shahed-aa EXE

cat <<'EXE'\| sudo bash umount /var/nfs/backup mkdir -p /var/nfs/backup cat <<'FST'\| tee -a /etc/fstab >/dev/null # shahed-an » nfs » attach » shahed-aa » 7.2tb //shahed-an.local/shahed-aa /var/nfs/backup cifs credentials=/etc/default/nfs-shahed-aa,uid=1000,gid=1000,file_mode=0640,dir_mode=0750,nofail,x-systemd.automount,_netdev,soft 0 0 FST systemctl daemon-reload mount -a && dmesg\|tail -20 EXE

Cloudflare » VIRT

cat << INI | sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link add warp0 type dummy
ExecStartPost=/usr/sbin/ip addr add 10.20.40.1/32 dev warp0
ExecStartPost=/usr/sbin/ip link set warp0 up
ExecStop=/usr/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI

cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status       warp0.service
EXE

ip a

Cloudflare » Argo » Tunnel

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb

cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null

###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000

# 208 KiB Default RX Buffer
net.core.rmem_default=212992

# 208 KiB Default TX Buffer
net.core.wmem_default=212992

# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608

# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608

SYS

sudo sysctl -p

Skipped » Find More » 👈

Cloudflare » WARP » Forward

Implement Forward Routing
Name	Network	Subnets	Forward
Network » shahed-aj	`10.20.40.10/32`	`10.20.40.10/32 = 1`	⚪️
Network » shahed-ak	`10.20.40.11/32`	`10.20.40.11/32 = 1`	⚪️
Network » shahed-al	`10.20.40.12/32`	`10.20.40.12/32 = 1`	✅
Network » shahed-am	`10.20.40.13/32`	`10.20.40.13/32 = 1`	✅
Network » shahed-an	`10.20.40.14/32`	`10.20.40.14/32 = 1`	⚪️

Cloudflare » WARP » IP » Route » Service

sudo vim /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

sudo sysctl -p
net.ipv4.ip_forward = 1

ip route | grep default
default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 600

cat <<'INI' | sudo tee /etc/systemd/system/warp-route.service >/dev/null
[Unit]
Description=WARP Routes Over LAN
Wants=network-online.target
After=network-online.target

[Service]
Type=oneshot

ExecStartPre=/bin/sleep 15
ExecStart=/usr/sbin/ip route add 10.20.40.12/32 via 10.19.83.101
ExecStart=/usr/sbin/ip route add 10.20.40.13/32 via 10.19.83.100
ExecStop=/usr/sbin/ip  route del 10.20.40.12/32
ExecStop=/usr/sbin/ip  route del 10.20.40.13/32
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
INI

cat << EXE | sudo bash
systemctl daemon-reload
cat /etc/systemd/system/warp-route.service
systemctl enable  --now warp-route.service
systemctl status        warp-route.service
echo && ip route show
echo && sysctl -p
EXE

cat << EXE | bash
traceroute 10.20.40.12
traceroute 10.20.40.13
EXE

cat << EXE | sudo bash
systemctl daemon-reload
cat /etc/systemd/system/warp-route.service
systemctl disable --now warp-route.service
systemctl status        warp-route.service
echo && ip route show
echo && sysctl -p
EXE

LB » HAProxy » Install & Configure

Skipped » Find More » 👈

sudo ufw status numbered
sudo iptables -S

cat << EXE | sudo bash
ufw       allow 80/tcp
ufw       allow 443/tcp
ufw       allow 445/tcp
ufw       allow OpenSSH
ufw       allow 8443/tcp
ufw       allow in  on lxdbr0
ufw route allow in  on lxdbr0
ufw route allow out on lxdbr0
EXE

sudo ufw status numbered
sudo iptables -S

LB » HAProxy » Frontend » HTTPS Config

cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg >/dev/null

# ##############################################################################
# http frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
# this config added by chorke academia, inc

frontend           fnt_shahed_biz
   bind            *:443 ssl crt /etc/haproxy/certs/aa.shahed.shahed.biz.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
   mode            http

   acl             host-is-k8s-aa-shahed-shahed-biz     hdr(host) -i k8s.aa.shahed.shahed.biz
   acl             host-is-wiki-shahed-biz              hdr(host) -i          wiki.shahed.biz

   use_backend     bck_shahed_biz_shahed_aa_k8s         if   host-is-k8s-aa-shahed-shahed-biz
   use_backend     bck_shahed_biz_shahed_aa_k8s         if            host-is-wiki-shahed-biz
   default_backend bck_shahed_biz_shahed_aa_k8s

backend            bck_shahed_biz_shahed_aa_k8s
   server          shahed_ab_k8s 192.168.49.2:80
   mode            http
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg /etc/haproxy/proxy-enabled/

LB » HAProxy » Frontend » CIFS Config

cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-cifs.cfg >/dev/null

# ##############################################################################
# tcp frontend config for 10.20.40.1:139,445
# this config added by chorke academia, inc

# haproxy:         10.20.40.1:139
frontend           fnt_shahed_biz_shahed_an_139
   bind            *:139
   mode            tcp
   option          tcplog
   option          dontlognull
   default_backend bck_shahed_biz_shahed_an_139

backend            bck_shahed_biz_shahed_an_139
   server          shahed_an shahed-an.local:139
   mode            tcp

# haproxy:         10.20.40.1:445
frontend           fnt_shahed_biz_shahed_an_445
   bind            *:445
   mode            tcp
   option          tcplog
   option          dontlognull
   default_backend bck_shahed_biz_shahed_an_445

backend            bck_shahed_biz_shahed_an_445
   server          shahed_an shahed-an.local:445
   mode            tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-cifs.cfg /etc/haproxy/proxy-enabled/

LB » HAProxy » Frontend » Kube API Config

cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg >/dev/null

# ##############################################################################
# tcp frontend config for 10.20.40.1:8443
# this config added by chorke academia, inc

frontend           fnt_shahed_biz_shahed_aa
   bind            *:8443
   mode            tcp
   option          tcplog
   option          dontlognull
   default_backend bck_shahed_biz_shahed_aa

backend            bck_shahed_biz_shahed_aa
   server          shahed_aa_k8s 192.168.49.2:8443
   mode            tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg /etc/haproxy/proxy-enabled/

vim /etc/haproxy/proxy-scripts/reconfig
    /etc/haproxy/proxy-scripts/reconfig

systemctl disable --now minikube.service
vim /etc/systemd/system/minikube.service
# append --apiserver-ips=10.20.40.1 with ExecStart
systemctl enable --now minikube.service

ssh -qt shahed@shahed-aa.local bash
sudo -i -u minikube

# run this script on the minikube host. copy the generated output and
# execute it on your local machine's terminal to enable monitoring of
# the minikube cluster.

cat << LOG
$(cat <<'YML'| tee ~/.kube/shahed-aa-kubeconfig.yaml >/dev/null
apiVersion: v1
kind: Config
clusters:
- name: minikube
  cluster:
    server: https://10.20.40.1:8443
    certificate-authority: ../.minikube/ca.crt

contexts:
- name: shahed-aa
  context:
    cluster: minikube
    namespace: default
    user: minikube

users:
- name: minikube
  user:
    client-certificate: ../.minikube/profiles/minikube/client.crt
    client-key: ../.minikube/profiles/minikube/client.key

current-context: shahed-aa
YML
)

cat <<'YML'| tee ~/.kube/shahed-aa-kubeconfig.yaml >/dev/null
$(export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml;\
kubectl config view --flatten;\
rm ${KUBECONFIG};\
)
YML

chmod 600 ~/.kube/shahed-aa-kubeconfig.yaml
  ls -alh ~/.kube/

export KUBECONFIG=~/.kube/shahed-aa-kubeconfig.yaml
kubectl config get-contexts
kubectl get    namespace
$(echo -n)
LOG

Kubernetes » Minikube » Install & Configure

Skipped » Find More » 👈

if [ -x "$(command -v curl)" ];then \
sudo apt -qq update;\
export MINIKUBE_CPU_USE=2;\
export MINIKUBE_RAM_USE=5682;\
export MINIKUBE_INGRESS_HOST='k8s.aa.shahed.shahed.biz';\
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minikube/1.0.01-ubuntu-24.04-arm64.sh.txt');\
else printf 'curl \033[0;31mnot found! \033[0m:(\n';fi

Skipped » Find More » 👈

Kubernetes » Minikube » Tunnel » Create Service

Skipped » Find More 👉 Minikube » Tunnel » Systemd

Skipped » Find More 👉 Minikube » MetalLB » Forward » Route

Kubernetes » Minikube » Ingress » Apply Dashboard

K8s » Dashboard » Ingress » Apply

export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
kubectl config get-contexts

cat << YML | kubectl -n kubernetes-dashboard apply -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
    app.kubernetes.io/name: kubernetes-dashboard
    app.kubernetes.io/instance: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
    nginx.ingress.kubernetes.io/auth-secret: kubernetes-dashboard-auth
spec:
  ingressClassName: nginx
  rules:
    - host: k8s.aa.shahed.shahed.biz
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 80
YML

Skipped » Find More 👉 K8s » CoreDNS

Skipped » Find More 👉 K8s » Dashboard

References

Cloud » Hetzner » AA Cloud » Hetzner » AB Cloud » Linode » AA Cloud » Shahed » AA Cloud » Shahed » AB Cloud » Shahed » AC Cloud » Shahed » AD Cloud » Shahed » AE Cloud » Shahed » AF Cloud » Shahed » AG	Cloud » Shahed » AH Cloud » Shahed » AI Cloud » Shahed » AJ Cloud » Shahed » AK Cloud » Shahed » AL Cloud » Shahed » AM Cloud » Shahed » AN Cloud » Shahed » VA

Minikube » Ingress » DNS Minikube » Systemd Minikube » MetalLB Minikube » Registry Minikube » Tunnel Minikube CIDR UFW YQ JQ	K8s » Academia » Ingress K8s » HAProxy » Ingress K8s » Apache » Ingress K8s » Nginx » Ingress K8s » Swiss Knife K8s » Storage K8s » Ingress K8s » Service K8s » Run K8s	Helm » Prometheus Stack Helm » Cert Manager Helm » Elasticsearch Helm » MetalLB Helm » Jenkins Helm » GitLab Helm » Nexus Helm » MinIO Helm » Kafka Helm » Redis	Security » Container » Snyk Security » Container » Trivy Security » Certificate » TLS Security » Java » Key Store Security » Java » Mail API Security » Password Security » ZA Proxy Security » Domain Security » Jasypt Security » HTTP

Benchmarks IPTables Kubectl PyEnv CURL TMux 7Zip LXC Zip Tar	Linux » Ubuntu Upgrade Linux » Service Creation Linux » User Creation Linux » Mount Drive Linux » Swap Space CLI » AWS » EKS CLI » AWS CLI » GCP CLI K9s	Cloudflare » Host Cloudflare Terraform ActiveMQ Keycloak Hadoop Jenkins Spark Bash Port	Private Enterprise Number Chorke Academia Backup Cost » Cloud » Computing Cost » Cloud » Chorke YouTube/Channel

Cloud/Shahed/AA: Difference between revisions

Latest revision as of 00:01, 21 September 2025

Contents

SSH

WOL

WOL » MAC » Find

WOL » Shahed » AE

WOL » Shahed » AN

WOL » Shahed » AO

Attach » NFS » Volume

Cloudflare » VIRT

Cloudflare » Argo » Tunnel

Cloudflare » WARP » Forward

LB » HAProxy » Install & Configure

LB » HAProxy » Frontend » HTTPS Config

LB » HAProxy » Frontend » CIFS Config

LB » HAProxy » Frontend » Kube API Config

Kubernetes » Minikube » Install & Configure

Kubernetes » Minikube » Tunnel » Create Service

Kubernetes » Minikube » Ingress » Apply Dashboard

References

Navigation menu

@@ Line 19: / Line 19: @@
 </syntaxhighlight>
-==WOL » MAC » Search==
+==WOL » MAC » Find==
 <syntaxhighlight lang="bash">
 WOL_HOST='shahed-an.local'
@@ Line 38: / Line 38: @@
 wakeonlan 84:47:09:3c:3e:09
 </syntaxhighlight>
+----
+<syntaxhighlight lang="bash">
+for((;;));do \
+wakeonlan 84:47:09:3c:3e:0a;\
+wakeonlan 84:47:09:3c:3e:09;\
+sleep 600;\
+done
+</syntaxhighlight>
+==WOL » Shahed » AO==
+<syntaxhighlight lang="bash">
+wakeonlan 60:eb:69:95:76:4a
+</syntaxhighlight>
+==Attach » NFS » Volume==
+{|class='wikitable mw-collapsible'
+!scope='col' style='width:900px'|
+'''smb » shahed-an.local » shahed-aa'''
+|-
+|valign='top'|
+<syntaxhighlight lang="bash">
+cat <<'EXE'| sudo bash
+apt-get update;echo
+apt list -a --upgradable;echo
+apt-get install -y cifs-utils;echo
+EXE
+</syntaxhighlight>
+|-
+|valign="top"|
+----
+|-
+|valign="top"|
+<syntaxhighlight lang="bash">
+cat <<'EXE'| sudo bash
+cat <<'INI'| tee /etc/default/nfs-shahed-aa >/dev/null
+username=shahed-aa
+password=sadaqah!
+INI
+chmod 600       /etc/default/nfs-shahed-aa
+chown root:root /etc/default/nfs-shahed-aa
+EXE
+</syntaxhighlight>
+|-
+|valign="top"|
+----
+|-
+|valign="top"|
+<syntaxhighlight lang="bash">
+cat <<'EXE'| sudo bash
+mkdir -p      /var/nfs/backup
+mount -t cifs //shahed-an.local/shahed-aa /var/nfs/backup -o credentials=/etc/default/nfs-shahed-aa
+EXE
+</syntaxhighlight>
+|-
+|valign="top"|
+----
+|-
+|valign="top"|
+<syntaxhighlight lang="bash">
+cat <<'EXE'| sudo bash
+umount   /var/nfs/backup
+mkdir -p /var/nfs/backup
+cat <<'FST'| tee -a /etc/fstab >/dev/null
+# shahed-an » nfs » attach » shahed-aa » 7.2tb
+//shahed-an.local/shahed-aa /var/nfs/backup cifs credentials=/etc/default/nfs-shahed-aa,uid=1000,gid=1000,file_mode=0640,dir_mode=0750,nofail,x-systemd.automount,_netdev,soft 0  0
+FST
+systemctl daemon-reload
+mount -a && dmesg|tail -20
+EXE
+</syntaxhighlight>
+|}
 ==Cloudflare » VIRT==
@@ Line 103: / Line 178: @@
 ==Cloudflare » WARP » Forward==
-<syntaxhighlight lang="bash">
-sudo vim /etc/sysctl.conf
-</syntaxhighlight>
-<syntaxhighlight lang="ini" line start="27" highlight="2">
-# Uncomment the next line to enable packet forwarding for IPv4
-net.ipv4.ip_forward=1
-</syntaxhighlight>
-----
- sudo sysctl -p
- '''net.ipv4.ip_forward = 1'''
- ip route | grep default
- default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 600
-----
 {|class="wikitable"
 |-
@@ Line 137: / Line 197: @@
 | Network » shahed-an    || <code>10.20.40.14/32</code>    || <code>10.20.40.14/32 = 1</code>      ||style='text-align:center'| ⚪️
 |}
+----
+{|class='wikitable mw-collapsible'
+!scope='col' style='width:700px'|
+'''Cloudflare » WARP » IP » Route » Service'''
+|-
+|valign='top'|
+<syntaxhighlight lang="bash">
+sudo vim /etc/sysctl.conf
+</syntaxhighlight>
+<syntaxhighlight lang="ini" line start="27" highlight="2">
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+</syntaxhighlight>
+----
+ sudo sysctl -p
+ '''net.ipv4.ip_forward = 1'''
+ ip route | grep default
+ default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 600
 ----
 <syntaxhighlight lang="ini">
@@ Line 188: / Line 268: @@
 EXE
 </syntaxhighlight>
+|}
+==LB » HAProxy » Install & Configure==
+[[Cloud/Hetzner/AA#LB » HAProxy » Install & Configure|Skipped » Find More » 👈]]
+----
+<syntaxhighlight lang="bash">
+sudo ufw status numbered
+sudo iptables -S
+cat << EXE | sudo bash
+ufw       allow 80/tcp
+ufw       allow 443/tcp
+ufw       allow 445/tcp
+ufw       allow OpenSSH
+ufw       allow 8443/tcp
+ufw       allow in  on lxdbr0
+ufw route allow in  on lxdbr0
+ufw route allow out on lxdbr0
+EXE
+sudo ufw status numbered
+sudo iptables -S
+</syntaxhighlight>
+==LB » HAProxy » Frontend » HTTPS Config==
+<syntaxhighlight lang="bash">
+cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg >/dev/null
+# ##############################################################################
+# http frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
+# this config added by chorke academia, inc
+frontend           fnt_shahed_biz
+   bind            *:443 ssl crt /etc/haproxy/certs/aa.shahed.shahed.biz.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
+   mode            http
+   acl             host-is-k8s-aa-shahed-shahed-biz     hdr(host) -i k8s.aa.shahed.shahed.biz
+   acl             host-is-wiki-shahed-biz              hdr(host) -i          wiki.shahed.biz
+   use_backend     bck_shahed_biz_shahed_aa_k8s         if   host-is-k8s-aa-shahed-shahed-biz
+   use_backend     bck_shahed_biz_shahed_aa_k8s         if            host-is-wiki-shahed-biz
+   default_backend bck_shahed_biz_shahed_aa_k8s
+backend            bck_shahed_biz_shahed_aa_k8s
+   server          shahed_ab_k8s 192.168.49.2:80
+   mode            http
+CFG
+sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg /etc/haproxy/proxy-enabled/
+</syntaxhighlight>
+==LB » HAProxy » Frontend » CIFS Config==
+<syntaxhighlight lang="bash" highlight="3-4">
+cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-cifs.cfg >/dev/null
+# ##############################################################################
+# tcp frontend config for 10.20.40.1:139,445
+# this config added by chorke academia, inc
+# haproxy:         10.20.40.1:139
+frontend           fnt_shahed_biz_shahed_an_139
+   bind            *:139
+   mode            tcp
+   option          tcplog
+   option          dontlognull
+   default_backend bck_shahed_biz_shahed_an_139
+backend            bck_shahed_biz_shahed_an_139
+   server          shahed_an shahed-an.local:139
+   mode            tcp
+# haproxy:         10.20.40.1:445
+frontend           fnt_shahed_biz_shahed_an_445
+   bind            *:445
+   mode            tcp
+   option          tcplog
+   option          dontlognull
+   default_backend bck_shahed_biz_shahed_an_445
+backend            bck_shahed_biz_shahed_an_445
+   server          shahed_an shahed-an.local:445
+   mode            tcp
+CFG
+sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-cifs.cfg /etc/haproxy/proxy-enabled/
+</syntaxhighlight>
+==LB » HAProxy » Frontend » Kube API Config==
+<syntaxhighlight lang="bash" highlight="3-4">
+cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg >/dev/null
+# ##############################################################################
+# tcp frontend config for 10.20.40.1:8443
+# this config added by chorke academia, inc
+frontend           fnt_shahed_biz_shahed_aa
+   bind            *:8443
+   mode            tcp
+   option          tcplog
+   option          dontlognull
+   default_backend bck_shahed_biz_shahed_aa
+backend            bck_shahed_biz_shahed_aa
+   server          shahed_aa_k8s 192.168.49.2:8443
+   mode            tcp
+CFG
+sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg /etc/haproxy/proxy-enabled/
+</syntaxhighlight>
+----
+<syntaxhighlight lang="bash">
+vim /etc/haproxy/proxy-scripts/reconfig
+    /etc/haproxy/proxy-scripts/reconfig
+</syntaxhighlight>
+----
+<syntaxhighlight lang="bash">
+systemctl disable --now minikube.service
+vim /etc/systemd/system/minikube.service
+# append --apiserver-ips=10.20.40.1 with ExecStart
+systemctl enable --now minikube.service
+</syntaxhighlight>
+----
+<syntaxhighlight lang="bash">
+ssh -qt shahed@shahed-aa.local bash
+sudo -i -u minikube
+</syntaxhighlight>
+----
+<syntaxhighlight lang="bash">
+# run this script on the minikube host. copy the generated output and
+# execute it on your local machine's terminal to enable monitoring of
+# the minikube cluster.
+cat << LOG
+$(cat <<'YML'| tee ~/.kube/shahed-aa-kubeconfig.yaml >/dev/null
+apiVersion: v1
+kind: Config
+clusters:
+- name: minikube
+  cluster:
+    server: https://10.20.40.1:8443
+    certificate-authority: ../.minikube/ca.crt
+contexts:
+- name: shahed-aa
+  context:
+    cluster: minikube
+    namespace: default
+    user: minikube
+users:
+- name: minikube
+  user:
+    client-certificate: ../.minikube/profiles/minikube/client.crt
+    client-key: ../.minikube/profiles/minikube/client.key
+current-context: shahed-aa
+YML
+)
+cat <<'YML'| tee ~/.kube/shahed-aa-kubeconfig.yaml >/dev/null
+$(export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml;\
+kubectl config view --flatten;\
+rm ${KUBECONFIG};\
+)
+YML
+chmod 600 ~/.kube/shahed-aa-kubeconfig.yaml
+  ls -alh ~/.kube/
+export KUBECONFIG=~/.kube/shahed-aa-kubeconfig.yaml
+kubectl config get-contexts
+kubectl get    namespace
+$(echo -n)
+LOG
+</syntaxhighlight>
+==Kubernetes » Minikube » Install & Configure==
+[[Cloud/Hetzner/AA#Kubernetes » Minikube » Install & Configure|Skipped » Find More » 👈]]
+----
+<syntaxhighlight lang="bash">
+if [ -x "$(command -v curl)" ];then \
+sudo apt -qq update;\
+export MINIKUBE_CPU_USE=2;\
+export MINIKUBE_RAM_USE=5682;\
+export MINIKUBE_INGRESS_HOST='k8s.aa.shahed.shahed.biz';\
+bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minikube/1.0.01-ubuntu-24.04-arm64.sh.txt');\
+else printf 'curl \033[0;31mnot found! \033[0m:(\n';fi
+</syntaxhighlight>
+----
+[[Minikube Systemd|Skipped » Find More » 👈]]
+==Kubernetes » Minikube » Tunnel » Create Service==
+[[Cloud/Hetzner/AA#Kubernetes » Minikube » Tunnel » Create Service|Skipped » Find More 👉 Minikube » Tunnel » Systemd]]
+----
+[[Minikube MetalLB#MetalLB » Forward » Route|Skipped » Find More 👉 Minikube » MetalLB » Forward » Route]]
+==Kubernetes » Minikube » Ingress » Apply Dashboard==
+{|class='wikitable mw-collapsible'
+!scope='col' style='width:700px'|
+'''K8s » Dashboard » Ingress » Apply'''
+|-
+|valign='top'|
+<syntaxhighlight lang="bash">
+export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
+kubectl config get-contexts
+</syntaxhighlight>
+----
+<syntaxhighlight lang="yaml" highlight="14-16,20" line>
+cat << YML | kubectl -n kubernetes-dashboard apply -f -
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+  labels:
+    app.kubernetes.io/version: 1.0.0
+    app.kubernetes.io/managed-by: kubectl
+    app.kubernetes.io/name: kubernetes-dashboard
+    app.kubernetes.io/instance: kubernetes-dashboard
+  annotations:
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
+    nginx.ingress.kubernetes.io/auth-secret: kubernetes-dashboard-auth
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: k8s.aa.shahed.shahed.biz
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: kubernetes-dashboard
+                port:
+                  number: 80
+YML
+</syntaxhighlight>
+----
+[[K8s/Ingress#CoreDNS|Skipped » Find More 👉 K8s » CoreDNS]]
+----
+[[K8s/Ingress#Ingress » Dashboard|Skipped » Find More 👉 K8s » Dashboard]]
+|}
 ==References==
 {|
 |valign="top"|
-* [[OpenLDAP/BackSQL|OpenLDAP » BackSQL]]
+* [[Cloud/Hetzner/AA|Cloud » Hetzner » AA]]
-* [[Google Cloud CLI]]
+* [[Cloud/Hetzner/AB|Cloud » Hetzner » AB]]
-* [[EKSctl|AWS » EKS » CLI]]
+* [[Cloud/Linode/AA|Cloud » Linode » AA]]
-* [[Swap Space]]
+* [[Cloud/Shahed/AA|Cloud » Shahed » AA]]
-* [[Online App]]
+* [[Cloud/Shahed/AB|Cloud » Shahed » AB]]
-* [[OpenLDAP]]
+* [[Cloud/Shahed/AC|Cloud » Shahed » AC]]
-* [[Terraform]]
+* [[Cloud/Shahed/AD|Cloud » Shahed » AD]]
-* [[AWS CLI]]
+* [[Cloud/Shahed/AE|Cloud » Shahed » AE]]
-* [[CLI App]]
+* [[Cloud/Shahed/AF|Cloud » Shahed » AF]]
-* [[Kubectl]]
+* [[Cloud/Shahed/AG|Cloud » Shahed » AG]]
+|valign="top"|
+* [[Cloud/Shahed/AH|Cloud » Shahed » AH]]
+* [[Cloud/Shahed/AI|Cloud » Shahed » AI]]
+* [[Cloud/Shahed/AJ|Cloud » Shahed » AJ]]
+* [[Cloud/Shahed/AK|Cloud » Shahed » AK]]
+* [[Cloud/Shahed/AL|Cloud » Shahed » AL]]
+* [[Cloud/Shahed/AM|Cloud » Shahed » AM]]
+* [[Cloud/Shahed/AN|Cloud » Shahed » AN]]
+* [[Cloud/Shahed/VA|Cloud » Shahed » VA]]
 |valign="top"|
-* [[HAProxy]]
-* [[Jasypt]]
-* [[CURL]]
-* [[K8s]]
-* [[K9s]]
 |valign="top"|
 |-
-| colspan="3" |
+|colspan="4"|
 ----
 |-
-| valign="top" |
+|valign="top"|
-* [https://dash.cloudflare.com/profile/api-tokens Cloudflare » Profile » API Tokens]
+* [[Minikube Ingress DNS| Minikube » Ingress » DNS]]
-* [[Cloudflare/WARP Connector|Cloudflare » WARP Connector]]
+* [[Minikube Systemd|Minikube » Systemd]]
-* [https://chorke.cloudflareaccess.com Cloudflare » Access » Chorke]
+* [[Minikube MetalLB|Minikube » MetalLB]]
-* [[Cloudflare/Argo Tunnel|Cloudflare » Argo Tunnel]]
+* [[Minikube Registry|Minikube » Registry]]
-* [[Cloudflare/WARP Host|Cloudflare » WARP Host]]
+* [[Minikube Tunnel|Minikube » Tunnel]]
-* [[Cloudflare]]
+* [[Minikube]]
+* [[CIDR]]
+* [[UFW]]
+* [[YQ Tool|YQ]]
+* [[JQ Tool|JQ]]
+|valign="top"|
+* [[K8s/Academia/Ingress|K8s » Academia » Ingress]]
+* [[K8s/HAProxy/Ingress|K8s » HAProxy » Ingress]]
+* [[K8s/Apache/Ingress|K8s » Apache » Ingress]]
+* [[K8s/Nginx/Ingress|K8s » Nginx » Ingress]]
+* [[K8s/Swiss Knife|K8s » Swiss Knife]]
+* [[K8s/Storage|K8s » Storage]]
+* [[K8s/Ingress|K8s » Ingress]]
+* [[K8s/Service|K8s » Service]]
+* [[K8s/Run|K8s » Run]]
+* [[K8s]]
-| valign="top" |
+|valign="top"|
-* [[Cloud/Hetzner/AA|Cloud » Hetzner » AA]]
+* [[Helm/Prometheus Stack|Helm » Prometheus Stack]]
-* [[Cloud/Shahed/AF|Cloud » Shahed » AF]]
+* [[Helm/Cert Manager|Helm » Cert Manager]]
-* [[Cloud/Shahed/AL|Cloud » Shahed » AL]]
+* [[Helm/Elasticsearch|Helm » Elasticsearch]]
-* [[Cloud/Shahed/VA|Cloud » Shahed » VA]]
+* [[Minikube MetalLB|Helm » MetalLB]]
+* [[Helm/Jenkins|Helm » Jenkins]]
+* [[Helm/GitLab|Helm » GitLab]]
+* [[Helm/Nexus|Helm » Nexus]]
+* [[Helm/MinIO|Helm » MinIO]]
+* [[Helm/Kafka|Helm » Kafka]]
+* [[Helm/Redis|Helm » Redis]]
-| valign="top" |
+|valign="top"|
+* [[Security/Container/Snyk|Security » Container » Snyk]]
+* [[Security/Container/Trivy|Security » Container » Trivy]]
+* [[Security/Certificate/TLS|Security » Certificate » TLS]]
+* [[Java Key Store|Security » Java » Key Store]]
+* [[Java Mail API|Security » Java » Mail API]]
+* [[Security/Password|Security » Password]]
+* [[ZA Proxy|Security » ZA Proxy]]
+* [[Security/Domain|Security » Domain]]
+* [[Jasypt|Security » Jasypt]]
+* [[HTTP Security|Security » HTTP]]
 |-
-| colspan="3" |
+|colspan="4"|
 ----
 |-
-| valign="top" |
+|valign="top"|
-* [[Ubuntu/Raspberry Pi]]
+* [[Benchmarks]]
-* [[Ubuntu Upgrade]]
+* [[IPTables]]
-* [[ActiveMQ]]
+* [[Kubectl]]
-* [[Minikube]]
-* [[Keycloak]]
-* [[Hadoop]]
-* [[Jenkins]]
-* [[WildFly]]
-* [[Spark]]
-* [[MinIO]]
-| valign="top" |
-* [[Alpine/Morefine]]
-* [[Ruby on Rails]]
-* [[TensorFlow]]
-* [[Homebrew]]
-* [[Linuxbrew]]
 * [[PyEnv]]
+* [[CURL]]
 * [[TMux]]
 * [[7Zip]]
+* [[Linux Containers|LXC]]
 * [[Zip]]
 * [[Tar]]
-| valign="top" |
+|valign="top"|
-* [[Linux Service Creation]]
+* [[Ubuntu Upgrade|Linux » Ubuntu Upgrade]]
-* [[Bash/Port/Forward]]
+* [[Linux Service Creation|Linux » Service Creation]]
-* [[Linux Mount Drive]]
+* [[Linux User Creation|Linux » User Creation]]
-* [[YouTube/Channel]]
+* [[Linux Mount Drive|Linux » Mount Drive]]
-* [[Bash/Network]]
+* [[Swap Space|Linux » Swap Space]]
-* [[Bash/RAM]]
+* [[EKSctl|CLI » AWS » EKS]]
-* [[Bash/CPU]]
+* [[AWS CLI|CLI » AWS]]
-* [[Bash/Port]]
+* [[Google Cloud CLI|CLI » GCP]]
+* [[CLI App|CLI]]
+* [[K9s]]
+|valign="top"|
+* [[Cloudflare/WARP Host|Cloudflare » Host]]
+* [[Cloudflare]]
+* [[Terraform]]
+* [[ActiveMQ]]
+* [[Keycloak]]
+* [[Hadoop]]
+* [[Jenkins]]
+* [[Spark]]
 * [[Bash]]
 * [[Port]]
+|valign="top"|
+* [[Private Enterprise Number]]
+* [[Chorke Academia Backup]]
+* [[Cloud Computing Cost|Cost » Cloud » Computing]]
+* [[Cloud/Cost/Chorke|Cost » Cloud » Chorke]]
+* [[YouTube/Channel]]
 |-
-|colspan="3"|
+|colspan="4"|
 ----
 |-
 |valign="top"|
-* [[Private Enterprise Number]]
-* [[Linux User Creation]]
-* [[Linux Containers]]
-* [[PostgreSQL]]
-* [[IPTables]]
-* [[MySQL]]
-* [[CIDR]]
-* [[UFW]]
-* [[YQ Tool|YQ]]
-* [[JQ Tool|JQ]]
 |valign="top"|
-* [[Chorke Academia Backup]]
-* [[Cloud Computing Cost]]
+|valign="top"|
-* [[Helm/PostgreSQL|Helm » PostgreSQL]]
-* [[Helm/MariaDB|Helm » MariaDB]]
-* [[Benchmarks]]
-* [[Online App]]
-* [[Helm]]
 |valign="top"|
 |}