Skip to content

Instantly share code, notes, and snippets.

View dgiebert's full-sized avatar

Dominic Giebert dgiebert

12 followers · 0 following
  • Munich
View GitHub Profile
@dgiebert
dgiebert / gitlab-sast.md
Last active January 7, 2022 13:43
Use the Gitlab SAST scanners to create comments to commits and merge requests using jq and curl
  1. Create an Access Tokens with the api scope, the name will show up in the UI
  2. Add the Token as an environment variable named CI_SAST_TOKEN
  3. Extend your gitlab-ci.yaml with the following 
    sast:
  stage: scanning
  dependencies: []
  after_script:
    - wget -O jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
@dgiebert
dgiebert / cilium-cloud-init.yaml
Last active October 14, 2022 14:11
#cloud-config
# Cloud-Init for the Rancher+Harvester deploying Cilium (no kube-proxy, egress gateway, wireguard encryption)
# Tested on CentOS Stream 9 and openSUSE Leap 15.4
user: rancher
package_update: true
package_upgrade: true
packages:
- qemu-guest-agent
- wireguard-tools
write_files:
@dgiebert
dgiebert / cilium-cluster-mesh.md
Last active June 24, 2024 06:44

Create a Cluster Mesh with RKE2 and Cilium

!! Make sure that the CIDRs dont overlap !!

  1. Read the following Cilium prerequisites
  2. Create or adapt the first clusters Cilium using the following HelmChartConfig 
    apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-cilium

namespace: kube-system

@dgiebert
dgiebert / microos-k3s-cloud-init.yaml
Last active October 25, 2022 13:13
#cloud-config
users:
- name: rancher
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users, sudo
ssh_authorized_keys:
- ssh-ed25519 [...]
zypper:
repos:
- id: rancher-k3s-common-stable
@dgiebert
dgiebert / README.md
Last active February 2, 2023 12:40
Create a custom elemental installation media

Project Description

With the discontinuation of k3os, there is no minimal Linux available that bundles the OS with k3s, but with Elemental one can create custom images that can be extended.

Multi-stage Dockerfile Layout

  1. Build the Operating System
FROM registry.opensuse.org/isv/rancher/elemental/stable/teal53/15.4/rancher/elemental-teal/5.3:latest as os

RUN zypper in htop && zypper clean --all
@dgiebert
dgiebert / jeos-rke2-cloud-init.yaml
Last active February 22, 2023 08:44
#cloud-config
user: sles
package_update: true
package_upgrade: true
package_reboot_if_required: true
bootcmd:
- '[ -f /usr/bin/SUSEConnect ] && SUSEConnect -r <ActivationCode> -e <EmailAddress>'
packages:
- htop
- ncdu
@dgiebert
dgiebert / cloudinit-k3s.yaml
Last active July 10, 2024 12:45
#cloud-config
# Tested with SL Micro 6.0 and OpenSUSE Leap Micro 6.0
### System
locale: en_US.UTF-8
timezone: Europe/Berlin
### Users
user: suse
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY5nEt0qssNTouZzN4LPg8M3OyDAwGDDvreTUMA6hQ5
users:
@dgiebert
dgiebert / selinux-fix
Last active May 30, 2023 07:55
module selinux-policy-iptables 1.0;
require {
type cgroup_t;
type iptables_t;
class dir ioctl;
}
#============= iptables_t ==============
allow iptables_t cgroup_t:dir ioctl;
@dgiebert
dgiebert / rke2-cilium.md
Last active November 23, 2023 09:11
RKE2 with official

Install the Official Cilium Chart on RKE2

  1. Create a file /etc/rancher/rke2/config.yaml 
    cni: none
disable:
- rke2-ingress-nginx
  2. Apply the following manifest 
    apiVersion: helm.cattle.io/v1
@dgiebert
dgiebert / Dockerfile
Created November 21, 2023 15:14
Create Elemental Seed Images
FROM registry.suse.com/rancher/elemental-teal/5.4:1.2.3 AS build
RUN zypper --non-interactive rm --clean-deps \
bash-completion jq k9s podman vim-small \
kernel-firmware*
# IMPORTANT: /etc/os-release is used for versioning/upgrade. The
# values here should reflect the tag of the image currently being built
ARG IMAGE_REPO=norepo
ARG IMAGE_TAG=latest