PhilipSchmid

How to disable Kube-Proxy in RKE2

Example use case: Running the Cilium CNI without any kube-proxy

On all RKE2 servers (master nodes), add the following configuration to your /etc/rancher/rke2/config.yaml file:

disable-kube-proxy: "true"

Now the important step: If you already had stared the RKE2 service before (without this flag and with kube-proxy enabled), ensure to also delete the kube-proxy.yaml static pod manifest:

rkspx

package config

import (
	"errors"
	"io/ioutil"

	"gopkg.in/yaml.v2"
)

type Config struct {

superseb

RKE2 commands

• Updated on May 29 to accommodate etcd container not having /bin/sh available anymore.

Install

curl -sL https://get.rke2.io | sh
systemctl daemon-reload
systemctl start rke2-server

dreampuf

package main

/*
  Golang SSHAgent Usage
  https://orebibou.com/2019/03/golang%E3%81%A7ssh-agent%E3%81%8B%E3%82%89%E9%8D%B5%E3%82%92%E5%8F%96%E5%BE%97%E3%81%97%E3%81%A6ssh%E6%8E%A5%E7%B6%9A%E3%81%99%E3%82%8B/
*/

import (
	"fmt"
	"golang.org/x/crypto/ssh"

bendera

-- https://www.howtoforge.com/tutorial/ubuntu-desktop-devilspie-2/

debug_print("--------------------------------------------------------------------------------")
debug_print("Window Name: "..	get_window_name());
debug_print("Application name: "..get_application_name())
debug_print("--------------------------------------------------------------------------------")

editor_workspace = 1
browser_workspace = 2
terminal_workspace = 1

dcasati

# Use dig to find out about the k8s records
# dig +vc -p 5300 @127.0.0.1 cluser.local

# Use dig to retrieve an A Record 
# dig +vc -p 5300 @127.0.0.1 A cb-example-0000.default.svc.cluster.local

# Use dig to do a reverse lookup (-x flag)
#dig  +vc -p 5300 @127.0.0.1 -x  10.0.50.156

# Add the port forward

venezia

Introduction

Did you know that you can have multiple helm tillers running in a cluster?
This may actually be useful to us for both security as well as isolating what our cluster ops team does from what our customers can do.

Background

Current Helm Access Control

Helm security is such that "If you can talk to tiller, you can use that tiller" To be able to contact tiller, one needs to be able to create a pod in the namespace tiller resides in. Otherwise you will get an error message like:

agilepoodle

# make sure crypt module in use
sudo modprobe dm-crypt

# Find out which drive it was with the following command:
sudo fdisk -l

# You must mount /dev/sda3 myvolume
# use cryptsetup, device is accessible under /dev/mapper/myvolume
sudo cryptsetup luksOpen /dev/sde3 myvolume

mdonkers

#!/usr/bin/env python3
"""
License: MIT License
Copyright (c) 2023 Miel Donkers

Very simple HTTP server in python for logging requests
Usage::
    ./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer

abayer

// A Declarative Pipeline is defined within a 'pipeline' block.
pipeline {

  // agent defines where the pipeline will run.
  agent {
    // This also could have been 'agent any' - that has the same meaning.
    label ""
    // Other possible built-in agent types are 'agent none', for not running the
    // top-level on any agent (which results in you needing to specify agents on
    // each stage and do explicit checkouts of scm in those stages), 'docker',