flrichar

2022/05/22 00:21:41 [ERROR] error syncing 'c-pv758/default-token': handler cluster-registration-token: clusters.management.cattle.io "c-pv758" not found, requeuing
2022/05/22 00:21:46 [ERROR] error syncing 'c-pv758/default-token': handler cluster-registration-token: clusters.management.cattle.io "c-pv758" not found, requeuing
2022/05/22 00:21:57 [ERROR] error syncing 'c-pv758/default-token': handler cluster-registration-token: clusters.management.cattle.io "c-pv758" not found, requeuing
2022/05/22 00:22:17 [ERROR] error syncing 'c-pv758/default-token': handler cluster-registration-token: clusters.management.cattle.io "c-pv758" not found, requeuing
2022/05/22 00:22:47 [ERROR] error syncing 'c-pv758/default-token': handler cluster-registration-token: clusters.management.cattle.io "c-pv758" not found, requeuing

from inside a rancher pod, this means I had a leftover ns from a previous now non-existent cluster "c-pv758" ...
removed the empty unnecessary ns and it stopped

flrichar

Rustdesk is open-source teamviewer, hbbs = ID/rendezvous server, hbbr = relay server

$ docker image pull rustdesk/rustdesk-server

make a data dir, and simple start.sh bash script
viola, ufw stops other traffic, enforced over 100.64.0.0/10 carrier nat from tailscale
current testing machine in Vultr ON, Canada

tree view of data dir
data

flrichar

kubectl logs -n cattle-system rancher-b95f969dc-jl7bp -c rancher-audit-log | jq -R 'fromjson? | .requestURI' | sort | uniq -c | sort -nr | less

# send rancher-api-audit-log, ignore non-json errors, parse requestURI, uniq-sort 

flrichar

apiVersion: v1         
kind: Namespace        
metadata:              
  name: cattle-system  
---                                     
apiVersion: v1                          
kind: PersistentVolumeClaim             
metadata:                               
  name: rancher-vol                     
  namespace: cattle-system              

flrichar

## alias nctl for k3s + nerdctl
alias kube-vip='nctl run --network host --rm ghcr.io/kube-vip/kube-vip:v0.5.0'

## rbac
curl https://kube-vip.io/manifests/rbac.yaml > kube-vip-rbac.yaml

## generate ds manifest
kube-vip manifest daemonset --interface eth0.87 --vip 10.16.23.180 --controlplane --bgp --localAS 65020 --bgpRouterID 10.16.87.39 --bgppeers 10.16.87.101:65020::false | tee kube-vip.yaml 

## add bgppeer to routing device at .101 ...

flrichar

### tfvars.tf or environment.tf

variable "api_url" {
  description = "rancher api url"
  default     = "https://urlto.rancher-fqdn.com/v3"
}

variable "token_key" {
  description = "api key to use for tf"
  default     = "token-nameid:jwt-long-hashy-looking-string"

flrichar

write-kubeconfig-mode: "0644"
tls-san:
  - "*.funnest-fqdn.com"
##kube-proxy-arg:
##  - "proxy-mode=ipvs"
kubelet-arg:                        
  - "log-flush-frequency=10s"       
  - "container-log-max-files=4"     
  - "container-log-max-size=300Mi"  
cluster-cidr: 10.41.0.0/17

flrichar

#!/bin/sh                                           
curl -sfL https://get.k3s.io | \
INSTALL_K3S_VERSION="v1.24.3+k3s1" \
K3S_CONFIG_FILE="/home/theuser/the-pathfor-k3s/config.yaml" \
sh -s - server

## calls the config for server, change for -agent

flrichar

# qemu-user to run x86_64 binaries on aarch64, lazy-points for making it an alias

$:~/.../rancher-v2.6.7$ file ./rancher 
./rancher: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=PP2-HrO4hVU4t1u6Nsne/fduUx9JDWI92xonSiZLx/RIzwtr3OVpWwUE-Xicvq/ahLcDDNSiA8PYp_F2Ziy, not stripped

$:~/.../rancher-v2.6.7$ uname -a 
Linux x213 5.18.1-1-aarch64-ARCH #1 SMP PREEMPT Wed Jun 1 19:34:45 MDT 2022 aarch64 GNU/Linux
 
$:~/.../rancher-v2.6.7$ qemu-x86_64 ./rancher --help
Rancher CLI, managing containers one UTF-8 character at a time

flrichar

docker exec $(docker ps -f name="rancher_rancher" --format {{.ID}}) printenv CATTLE_SERVER_IMAGE

## could also use a combination of other env vars like CATTLE_SERVER_IMAGE, CATTLE_KDM_BRANCH