curx

docker rm -f $(docker ps -qa)
docker volume rm $(docker volume ls -q)
mount -t tmpfs | awk '/pods/ { print $3}' | while read mounts; do sudo umount $mounts; done
sudo rm -rf /etc/ceph \
       /etc/cni \
       /etc/kubernetes \
       /opt/cni \
       /opt/rke \
       /run/secrets/kubernetes.io \
       /run/calico \

curx

CFSSL as an external CA for non-ha kubeadm intialized clusters

Using cfssl to Create an External CA Infrastructure

Install cfssl

# This requires an existing Go environment with GOPATH set
go get -u github.com/cloudflare/cfssl/cmd/...

curx

CFSSL as an external CA for non-ha kubeadm intialized clusters

Using cfssl to Create an External CA Infrastructure

Install cfssl

# This requires an existing Go environment with GOPATH set
go get -u github.com/cloudflare/cfssl/cmd/...

curx

KinD with inlets.dev

Expose Kubernetes ClusterIP services with inlets.dev

Get KinD:

# Linux

sudo curl -Lo /usr/local/bin/kind \

curx

# save it to /var/lib/rancher/conf/falco.yml
# sudo ros service enable /var/lib/rancher/conf/falco.yml
# sudo ros service up falco
falco:
  image: ${REGISTRY_DOMAIN}/sys3/falco:ros-v1.5.1
  privileged: true
  labels:
    io.rancher.os.scope: system
    io.rancher.os.after: udev
  restart: always

curx

#cloud-config                                                                  
write_files:                                                                   
  - path: /etc/rc.local                                                        
    permissions: "0755"                                                        
    owner: root                                                                
    content: |                                                                 
      #!/bin/bash                                                              
      mkdir -p /mnt/nfs-1                                                      
      mkdir -p /mnt/nfs-2                                                      
      cloud-init-execute                                                       

curx

# RancherOS
# (docker) container registry as service
registry:
    restart: always
    image: registry:latest
    ports:
    - "5000:5000"
    volumes:
    - /opt/registry-data:/var/lib/registry:rw
    environment:

curx

Enabling metrics-server on Rancher 2.0

Create cluster via API

This will be properly fixed in rancher/rancher#13745, until then, you can enable it by re-using the kube-proxy certificate.

curl -s 'https://your_rancher_server/v3/cluster' -H 'content-type: application/json' -H "Authorization: Bearer your_bearer_token" --insecure --data-binary '{ "type": "cluster", "googleKubernetesEngineConfig": null, "name": "metrics", "rancherKubernetesEngineConfig": { "ignoreDockerVersion": true, "sshAgentAuth": false, "type": "rancherKubernetesEngineConfig", "kubernetesVersion": "v1.10.1-rancher1", "authentication": { "type": "authnConfig", "strategy": "x509" }, "network": { "type": "networkConfig", "plugin": "canal" }, "ingress": { "type": "ingressConfig", "provider": "nginx" }, "services": { "type": "rkeConfigServices", "kubeApi": { "podSecurityPolicy": false, "type": "kubeAPIService", "extraArgs": { "requestheader-client-ca-file": "/etc/kubernetes/ssl/kube-ca.pem", "requestheader-ext

curx

On master and nodes

Pull images form internet access laptop

docker pull gcr.io/google_containers/kube-apiserver-amd64:v1.5.0
docker pull gcr.io/google_containers/kube-controller-manager-amd64:v1.5.0
docker pull gcr.io/google_containers/kube-proxy-amd64:v1.5.0
docker pull gcr.io/google_containers/kube-scheduler-amd64:v1.5.0
docker pull weaveworks/weave-npc:1.8.2
docker pull weaveworks/weave-kube:1.8.2

curx

#!/bin/bash

# demostrate a Docker swarm mode cluster as docker-in-docker (dind)

# 
NUM_NODES=3

#
for i in $(seq -w ${NUM_NODES}); do