I wanted to iterate on some images and have them available to K3s immediately, much like the Docker Desktop experience.
I also wanted to use docker buildx bake for this, but buildctl and nerdctl build should work fine too. You can omit Docker components if you don't want Buildx.
| #!/bin/sh | |
| PUBLIC_IP=$(curl ifconfig.io) | |
| echo "Installing K3S" | |
| # export INSTALL_K3S_VERSION="v1.19.5+k3s2" | |
| curl -sfL https://get.k3s.io | sh -s - --tls-san ${PUBLIC_IP} | |
| echo "Downlading cert-manager CRDs" | |
| wget -q -P /var/lib/rancher/k3s/server/manifests/ https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml |
| #!/bin/sh | |
| PUBLIC_IP=$(curl ifconfig.io) | |
| # export INSTALL_RKE2_VERSION="v1.20.5+rke2r1" | |
| curl -sfL https://get.rke2.io | sh - | |
| mkdir -p /etc/rancher/rke2 | |
| cat > /etc/rancher/rke2/config.yaml <<EOF | |
| write-kubeconfig-mode: "0640" |
| New-Item -ItemType Directory -Path "$Env:ProgramFiles\containerd" -Force > $null | |
| curl.exe -L https://github.com/luthermonson/containerd/releases/download/win-bins/containerd-shim-runhcs-v1.exe -o "$Env:ProgramFiles\containerd\containerd-shim-runhcs-v1.exe" | |
| curl.exe -L https://github.com/luthermonson/containerd/releases/download/win-bins/containerd.exe -o "$Env:ProgramFiles\containerd\containerd.exe" | |
| curl.exe -L https://github.com/luthermonson/containerd/releases/download/win-bins/ctr.exe -o "$Env:ProgramFiles\containerd\ctr.exe" | |
| # Set containerd config.toml | |
| $ProcessInfo = New-Object System.Diagnostics.ProcessStartInfo | |
| $ProcessInfo.FileName = "$Env:ProgramFiles\containerd\containerd.exe" | |
| $ProcessInfo.RedirectStandardError = $true | |
| $ProcessInfo.RedirectStandardOutput = $true |
| # Make sure you setup c:\ProgramData\docker\config\daemon.json to contain log-level: debug and debug: true | |
| $idx = (Get-EventLog -LogName Application -Source Docker -Newest 1).Index | |
| while ($True) | |
| { | |
| Start-Sleep -MilliSeconds 100 | |
| $idx2 = (Get-EventLog -LogName Application -Source Docker -Newest 1).index | |
| if (-NOT($idx -eq $idx2)) { | |
| Get-EventLog -logname Application -Source Docker -Newest ($idx2 - $idx) | Sort index | Select-Object Message | |
| } |
| <# | |
| switch between crlf and lf much like unix2dos and dos2unix but implemented in powershell. | |
| put two functions into your $PROFILE and call like the following: | |
| default params is your current working dir and ignoring .git and vendor dirs | |
| crlf file.txt | |
| crlf ./dir @(".git", "vendor") | |
| lf file.txt |
Way to build Windows STIG/CIS hardened AMI on AWS.
Problem is that WinRM Basic authentication is blocked by GroupPolicy.
Therefore it's required to setup WinRM over HTTPS.
| More recent resolution: | |
| 1. cd ~/../../etc (go to etc folder in WSL). | |
| 2. echo "[network]" | sudo tee wsl.conf (Create wsl.conf file and add the first line). | |
| 3. echo "generateResolvConf = false" | sudo tee -a wsl.conf (Append wsl.conf the next line). | |
| 4. wsl --terminate Debian (Terminate WSL in Windows cmd, in case is Ubuntu not Debian). | |
| 5. cd ~/../../etc (go to etc folder in WSL). | |
| 6. sudo rm -Rf resolv.conf (Delete the resolv.conf file). | |
| 7. In windows cmd, ps or terminal with the vpn connected do: Get-NetIPInterface or ipconfig /all for get the dns primary and | |
| secondary. |
| #!/bin/bash | |
| #set -x | |
| #set -e | |
| name='rio' | |
| k3d delete --name=$name | |
| k3d create -n $name --image rancher/k3s:v1.0.0 --publish 80:80 --publish 443:443 --publish 9443:9443 --publish 9080:9080 \ | |
| --server-arg --no-deploy=traefik | |
| declare -i i; i=0 | |
| until k3d get-kubeconfig --name='rio' | |
| do |