curx

FROM alpine:latest

RUN apk update && apk upgrade && \
    apk add --no-cache \
    openssh

RUN mkdir -p /keys/web /keys/worker

CMD ssh-keygen -t rsa -f /keys/web/tsa_host_key -N '' && \
  ssh-keygen -t rsa -f /keys/web/session_signing_key -N '' && \

curx

#!/bin/bash

if [ -z "$1" ]; then
    readonly test_mode=false
else
    echo "Running TEST mode. No destructive changes"
    readonly test_mode=true
fi

JQPATH=$(which jq)

curx

#!/bin/bash

# demostrate a Docker swarm mode cluster as docker-in-docker (dind)

# 
NUM_NODES=3

#
for i in $(seq -w ${NUM_NODES}); do

curx

On master and nodes

Pull images form internet access laptop

docker pull gcr.io/google_containers/kube-apiserver-amd64:v1.5.0
docker pull gcr.io/google_containers/kube-controller-manager-amd64:v1.5.0
docker pull gcr.io/google_containers/kube-proxy-amd64:v1.5.0
docker pull gcr.io/google_containers/kube-scheduler-amd64:v1.5.0
docker pull weaveworks/weave-npc:1.8.2
docker pull weaveworks/weave-kube:1.8.2

curx

Enabling metrics-server on Rancher 2.0

Create cluster via API

This will be properly fixed in rancher/rancher#13745, until then, you can enable it by re-using the kube-proxy certificate.

curl -s 'https://your_rancher_server/v3/cluster' -H 'content-type: application/json' -H "Authorization: Bearer your_bearer_token" --insecure --data-binary '{ "type": "cluster", "googleKubernetesEngineConfig": null, "name": "metrics", "rancherKubernetesEngineConfig": { "ignoreDockerVersion": true, "sshAgentAuth": false, "type": "rancherKubernetesEngineConfig", "kubernetesVersion": "v1.10.1-rancher1", "authentication": { "type": "authnConfig", "strategy": "x509" }, "network": { "type": "networkConfig", "plugin": "canal" }, "ingress": { "type": "ingressConfig", "provider": "nginx" }, "services": { "type": "rkeConfigServices", "kubeApi": { "podSecurityPolicy": false, "type": "kubeAPIService", "extraArgs": { "requestheader-client-ca-file": "/etc/kubernetes/ssl/kube-ca.pem", "requestheader-ext

curx

# RancherOS
# (docker) container registry as service
registry:
    restart: always
    image: registry:latest
    ports:
    - "5000:5000"
    volumes:
    - /opt/registry-data:/var/lib/registry:rw
    environment:

curx

#cloud-config                                                                  
write_files:                                                                   
  - path: /etc/rc.local                                                        
    permissions: "0755"                                                        
    owner: root                                                                
    content: |                                                                 
      #!/bin/bash                                                              
      mkdir -p /mnt/nfs-1                                                      
      mkdir -p /mnt/nfs-2                                                      
      cloud-init-execute                                                       

curx

# save it to /var/lib/rancher/conf/falco.yml
# sudo ros service enable /var/lib/rancher/conf/falco.yml
# sudo ros service up falco
falco:
  image: ${REGISTRY_DOMAIN}/sys3/falco:ros-v1.5.1
  privileged: true
  labels:
    io.rancher.os.scope: system
    io.rancher.os.after: udev
  restart: always

curx

KinD with inlets.dev

Expose Kubernetes ClusterIP services with inlets.dev

Get KinD:

# Linux

sudo curl -Lo /usr/local/bin/kind \

curx

CFSSL as an external CA for non-ha kubeadm intialized clusters

Using cfssl to Create an External CA Infrastructure

Install cfssl

# This requires an existing Go environment with GOPATH set
go get -u github.com/cloudflare/cfssl/cmd/...