version: "3.7"
services:
lb:
image: index.docker.io/traefik:v1.7.14-alpine
hostname: traefik-webserver.example.com
restart: unless-stopped
Ranchers official documentation about how to configure the Rancher <> KeyCloak setup is fine but definitely not sufficient to successfully configure it (https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/keycloak/). That's the reason why here every single required step is documented down here.
I simply use the default master
realm for the Rancher client. Nevertheless, it would sometimes absolutely make sense to use a custom KeyCloak realm.
- Login as
admin
on https://keycloak.example.com/. Important: It's crucial that in KeyCloak the same username exists as you use as admin user on Rancher. Since I just use theadmin
account in this guide, this prerequisite is already achieved. - Create a new client under https://keycloak.example.com/auth/admin/master/console/#/realms/master/clients
Client ID
:https://rancher.example.com/v1-saml/keycloak/saml/metadata
By default Linux ignores Broadcast and Multicast ICMP messages. That's why you need to enable it first:
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0
To join any mutlicast address (e.g. 224.10.10.10/24
) just add it to your active interface (e.g. eth0
) and append the keyword autojoin
at the end:
Save the file nic-isolation.service
to /etc/systemd/system/nic-isolation.service
.
Afterwards reload the systemd daemon and enable & start the "service":
sudo systemctl daemon-reload
sudo systemctl enable nic-isolation.service
sudo systemctl start nic-isolation.service
Quick and dirty guide how to get Apache Guacamole in combination with VNC up and running.
sudo add-apt-repository -y ppa:remmina-ppa-team/freerdp-daily
sudo apt update
env DEBIAN_FRONTEND=noninteractive sudo apt install -y freerdp2-dev freerdp2-x11
- Configure the Network Protocol Profile on the vCenter according to: https://www.virtualthoughts.co.uk/2020/03/29/rancher-vsphere-network-protocol-profiles-and-static-ip-addresses-for-k8s-nodes/
- Ensure to create a service user with the regarding global and folder specific permissions: https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/creating-credentials/
- Beside the vCenter role permissions from the official Rancher documentation, the following ones need to be provided in order to configure the Nodes via vApp options:
- Content Library: Read storage
- Extension: Register extension
- Beside the vCenter role permissions from the official Rancher documentation, the following ones need to be provided in order to configure the Nodes via vApp options:
- vSphere Tagging: Assign or Unassign vSphere Tag on Object
This two scripts install & configure Wireguard on a CentOS8 "server" (peer) and on a Ubuntu 18.04 "client" peer. Of course, if you replace the # Installation
script parts, these instructions can also be used on other distributions like Debian, CentOS 7, Fedora, etc..
Possible pitfall: When you change something in the /etc/wireguard/wg0.conf
configuration file on the server, ensure to disable the wg-quick@wg0
service in advance:
sudo systemctl stop wg-quick@wg0
sudo systemctl disable wg-quick@wg0
sudo vim /etc/wireguard/wg0.conf # edit what ever you like
sudo systemctl enable --now wg-quick@wg0
virsh edit Windows10
- Navigate to the
<video>
section and change it to the following one:
<video>
<model type='qxl' ram='131072' vram='131072' vgamem='32768' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
--- | |
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ | |
# Attention: This PSP has quite some loose restrictions! Do not just copy & paste it! | |
apiVersion: policy/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: example | |
spec: | |
allowPrivilegeEscalation: true | |
allowedCapabilities: |
#!/bin/bash | |
# Usage: ./minio-upload my-bucket my-file.zip | |
bucket=$1 | |
file=$2 | |
host=minio.example.com | |
s3_key=svc_example_user | |
s3_secret=svc_example_user_password |