Skip to content

Instantly share code, notes, and snippets.

View janeczku's full-sized avatar

Jan B janeczku

364 followers · 5 following
View GitHub Profile
@agracey
agracey / elemental-SLEMicro4Rancher.md
Last active April 9, 2023 03:33

This guide will walk you through how to set up and use the proof of concept Rancher OS Management capabilities. It was written on March 23rd 2022. If you notice any errors, please reach out to me on the rancher-users.slack.com either through a DM to Andrew Gracey or the #cos-toolkit channel (cOS was the old name of Elemental)

Pre-reqs:

  • Rancher Manager 2.6.x
  • Docker or Rancher Desktop
  • Server or VM with TPM 2.x

Notes:

  • Until release of SLE Micro 5.2, we will be using an OpenSUSE base image
@yankcrime
yankcrime / k3s-cilium-egress.md
Last active April 1, 2025 18:30
K3s and Cilium - no kube-proxy and support for static egress IP

K3s and Cilium with the Egress IP Gateway feature

This is a short guide to deploying a three-node Kubernetes cluster using K3s, including kube-vip to provide a HA control-plane and to manage LoadBalancer Service resources, and finally as Cilium as our CNI with the Egress Gateway feature enabled. We'll also heavily lean into Cilium's support for eBPF by doing away with kube-proxy entirely, but note that this does come with some limitations.

First, let's set some common options for K3s:

export K3S_VERSION="v1.22.4+k3s1"
export K3S_OPTIONS="--flannel-backend=none --no-flannel --disable-kube-proxy --disable-network-policy"
@PhilipSchmid
PhilipSchmid / rancher-keycloak-idp-configuration.md
Last active January 11, 2024 06:42
Rancher v2.X KeyCloak Authentication Backend Configuration

Rancher v2.X KeyCloak Authentication Backend Configuration

Ranchers official documentation about how to configure the Rancher <> KeyCloak setup is fine but definitely not sufficient to successfully configure it (https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/keycloak/). That's the reason why here every single required step is documented down here.

KeyCloak Configuration

I simply use the default master realm for the Rancher client. Nevertheless, it would sometimes absolutely make sense to use a custom KeyCloak realm.

  1. Login as admin on https://keycloak.example.com/. Important: It's crucial that in KeyCloak the same username exists as you use as admin user on Rancher. Since I just use the admin account in this guide, this prerequisite is already achieved.
  2. Create a new client under https://keycloak.example.com/auth/admin/master/console/#/realms/master/clients
    • Client ID: https://rancher.example.com/v1-saml/keycloak/saml/metadata
@janeczku
janeczku / rancher-url-change.md
Last active May 3, 2025 19:51
Change the hostname/URL and certificate of an existing Rancher installation

Steps to change the URL of Rancher installation and switch from a self-signed certificate to a certificate signed by recognized CA.

  1. Change the Rancher server-url setting to the new URL:
    • Navigate to https://<old_rancher_hostname>/g/settings/advanced
    • Edit server-url to https://<new_rancher_hostname>
  2. Clear the private CA certificate for the old certificate
    • Navigate to https://<old_rancher_hostname>/g/settings/advanced
    • Next to cacerts click context menu -> View in API
    • Click Edit
    • Clear the content of the value field
@superseb
superseb / README.md
Last active August 27, 2024 12:24
Retrieve kubeconfig from RKE or Rancher 2 custom cluster controlplane node for RKE v0.2.x+ and Rancher v2.2.x+

Retrieve kubeconfig from RKE v0.2.x or Rancher v2.2.x custom cluster controlplane node

For RKE v0.1.x and Rancher v2.0.x/v2.1.x, see https://gist.github.com/superseb/3d8de6092ebc4b1581185197583f472a

This needs to be run on a node with the controlplane role, as it rewrites the server endpoint to https://127.0.0.1:6443, you can of course manually change this if necessary.

Applicable for:

  • RKE v0.2.x
  • Rancher v2.2.x
@superseb
superseb / nodelocal-rancher.md
Created December 4, 2018 11:35
Run nodelocal DNS on Rancher 2 custom cluster (RKE)

Run nodelocal DNS on Rancher 2 custom cluster (RKE)

WARNING: Nodelocal DNS is currently in alpha and these steps are for testing purposes only!

Due to issues with conntrack and DNS (See https://www.weave.works/blog/racy-conntrack-and-dns-lookup-timeouts and kubernetes/kubernetes#56903) K8s 1.13 added the nodelocal DNS option to avoid this condition. This steps help you install this nodelocal DNS option onto Rancher 2 custom cluster (RKE).

Setup kubectl or use embedded kubectl in UI

Make sure kubectl is installed and pointing to the cluster you want to change or use the embedded kubectl in the UI for your cluster.

@superseb
superseb / enable-debug-logs-rancher2.sh
Created May 29, 2018 14:54
Oneliners to enable debug logging on Rancher 2.0
#!/bin/bash
KUBECONFIG=./kube_config_rancher-cluster.yml
kubectl --kubeconfig $KUBECONFIG exec -n cattle-system $(kubectl --kubeconfig $KUBECONFIG get pods -n cattle-system -o json | jq -r '.items[] | select(.spec.containers[].name=="cattle-server") | .metadata.name') -- loglevel --set debug
kubectl --kubeconfig $KUBECONFIG logs -n cattle-system -f $(kubectl --kubeconfig $KUBECONFIG get pods -n cattle-system -o json | jq -r '.items[] | select(.spec.containers[].name="cattle-server") | .metadata.name')
@shr00mie
shr00mie / letsencrypt_esxi.sh
Last active June 13, 2024 22:32
Let's Encrypt SSL for ESXi
#!/bin/bash
#
## -----------------------------=[ WARNING ]=-------------------------------- ##
#
# This script is now woefully out of date due to which accounts ESXi allows to
# ssh into the box as well as sticky folders/file flags.
# I've since ported the whole thing to python with a lot of bells and whistles
# and if i get around to making it public, i'll put a link here.
#
## -------------------------------=[ Info ]=--------------------------------- ##
@asarkar
asarkar / csd-wrapper.sh
Last active October 26, 2022 07:13 — forked from l0ki000/csd-wrapper.sh
Cisco Anyconnect CSD wrapper for OpenConnect macOS client
#!/bin/bash
# Enter your vpn host here
CSD_HOSTNAME=
if [[ -z ${CSD_HOSTNAME} ]]
then
echo "Define CSD_HOSTNAME with vpn-host in script text. Exiting."
exit 1
fi
@arkka
arkka / upgrade.py
Last active November 17, 2020 21:39
Upgrade service via Rancher API using python
import os
import requests
import json
import time
environmentName = 'some-env'
serviceName = 'some-service'
newImage = 'docker:arkka/some-image:tag'
# Find stack based on their name