Dominic Giebert dgiebert

## rke2-ccnp.yaml
# Check https://docs.rke2.io/install/requirements#inbound-network-rules
# Enable the Host Firewall feature: https://docs.cilium.io/en/latest/security/host-firewall/
# HelmChartConfig Example:
# apiVersion: helm.cattle.io/v1
# kind: HelmChartConfig
# metadata:
#   name: rke2-cilium
#   namespace: kube-system
# spec:
#   valuesContent: |-

## README.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                dgiebert
                / README.md
            
            
              Last active
              July 5, 2024 13:06
            
              
                Cilium Cluster Mesh RKE2
              
          
    Prepare the Cluster

Deploy this config to all clusters that you want to form a mesh with
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-cilium
  namespace: kube-system
spec:
  valuesContent: |-

  
## rke2-ingress-harvester.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    controller:
      hostPort:
        enabled: false

## etcd-performance.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                dgiebert
                / etcd-performance.md
            
            
              Last active
              April 19, 2024 12:17
            
              
                Debug etcd performance
              
          
    Debugging etcd performance issues

fio

curl -LO https://github.com/rancherlabs/support-tools/raw/master/instant-fio-master/instant-fio-master.sh
zypper in zlib-devel make git gcc
bash instant-fio-master.sh
mkdir test-data
fio --rw=write --ioengine=sync --fdatasync=1 --directory=test-data --size=100m --bs=2300 --name=mytest

  
## gvisor-suc.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: gvisor
  namespace: cattle-system
type: Opaque
stringData:
  gvisor: "20240206"
  upgrade.sh: |

## Dockerfile
FROM registry.suse.com/rancher/elemental-teal/5.4:1.2.3 AS build

RUN zypper --non-interactive rm --clean-deps \
        bash-completion jq k9s podman vim-small \
        kernel-firmware*

# IMPORTANT: /etc/os-release is used for versioning/upgrade. The
# values here should reflect the tag of the image currently being built
ARG IMAGE_REPO=norepo
ARG IMAGE_TAG=latest

## rke2-cilium.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                dgiebert
                / rke2-cilium.md
            
            
              Last active
              November 23, 2023 09:11
            
              
                RKE2 with official 
              
          
    Install the Official Cilium Chart on RKE2


Create a file /etc/rancher/rke2/config.yaml
cni: none
disable:
- rke2-ingress-nginx

Apply the following manifest
apiVersion: helm.cattle.io/v1


## selinux-fix
module selinux-policy-iptables 1.0;

require {
    type cgroup_t;
    type iptables_t;
    class dir ioctl;
}

#============= iptables_t ==============
allow iptables_t cgroup_t:dir ioctl;

## cloudinit-k3s.yaml
#cloud-config
# Tested with SL Micro 6.0 and OpenSUSE Leap Micro 6.0
### System
locale: en_US.UTF-8
timezone: Europe/Berlin
### Users
user: suse
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY5nEt0qssNTouZzN4LPg8M3OyDAwGDDvreTUMA6hQ5
users:

## jeos-rke2-cloud-init.yaml
#cloud-config
user: sles
package_update: true
package_upgrade: true
package_reboot_if_required: true
bootcmd:
- '[ -f /usr/bin/SUSEConnect ] && SUSEConnect -r <ActivationCode> -e <EmailAddress>'
packages:
- htop
- ncdu
	# Check https://docs.rke2.io/install/requirements#inbound-network-rules
	# Enable the Host Firewall feature: https://docs.cilium.io/en/latest/security/host-firewall/
	# HelmChartConfig Example:
	# apiVersion: helm.cattle.io/v1
	# kind: HelmChartConfig
	# metadata:
	# name: rke2-cilium
	# namespace: kube-system
	# spec:
	# valuesContent: \|-
	apiVersion: helm.cattle.io/v1
	kind: HelmChartConfig
	metadata:
	name: rke2-ingress-nginx
	namespace: kube-system
	spec:
	valuesContent: \|-
	controller:
	hostPort:
	enabled: false
	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: gvisor
	namespace: cattle-system
	type: Opaque
	stringData:
	gvisor: "20240206"
	upgrade.sh: \|
	FROM registry.suse.com/rancher/elemental-teal/5.4:1.2.3 AS build

	RUN zypper --non-interactive rm --clean-deps \
	bash-completion jq k9s podman vim-small \
	kernel-firmware*

	# IMPORTANT: /etc/os-release is used for versioning/upgrade. The
	# values here should reflect the tag of the image currently being built
	ARG IMAGE_REPO=norepo
	ARG IMAGE_TAG=latest
	module selinux-policy-iptables 1.0;

	require {
	type cgroup_t;
	type iptables_t;
	class dir ioctl;
	}

	#============= iptables_t ==============
	allow iptables_t cgroup_t:dir ioctl;
	#cloud-config
	# Tested with SL Micro 6.0 and OpenSUSE Leap Micro 6.0
	### System
	locale: en_US.UTF-8
	timezone: Europe/Berlin
	### Users
	user: suse
	ssh_authorized_keys:
	- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY5nEt0qssNTouZzN4LPg8M3OyDAwGDDvreTUMA6hQ5
	users:
	#cloud-config
	user: sles
	package_update: true
	package_upgrade: true
	package_reboot_if_required: true
	bootcmd:
	- '[ -f /usr/bin/SUSEConnect ] && SUSEConnect -r <ActivationCode> -e <EmailAddress>'
	packages:
	- htop
	- ncdu