yankcrime

Azure CLI foo

List available locations:

az account list-locations | grep uk

List VM images from Canonical:

yankcrime

Kubernetes and External Authentication with Rancher

Users added in Rancher get an object of kind User.

For them to be able to do anything, they need to login to Rancher and authenticate via the external AuthN provider. An instance of kind Token is then created which contains the User Principal account details:

$ kubectl describe user u-smckoeh6vq
Name:          u-smckoeh6vq
Namespace:

yankcrime

resource "kubernetes_secret" "tls_ca" {
  metadata {
    name      = "tls-ca"
    namespace = "cattle-system"
  }

  data = {
    "cacerts.pem" = file("./cacerts.pem")
  }
  depends_on = [

yankcrime

{ config, lib, pkgs, modulesPath, ... }:

{
  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.efiSupport = false;

yankcrime

d-i passwd/user-fullname string packerbuilt
d-i passwd/username string packerbuilt
d-i passwd/user-password password PackerBuilt!
d-i passwd/user-password-again password PackerBuilt!
d-i user-setup/allow-password-weak boolean true

d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-basicfilesystems/no_swap boolean false
d-i partman-swapfile/size string 0

yankcrime

resource "rancher2_cluster" "downstream_cluster" {    
  name        = var.cluster_name    
  description = var.cluster_description    
    
  rke_config {    
    kubernetes_version = var.kubernetes_version    
    services {    
      kube_api {    
        secrets_encryption_config {    
          enabled = true    

yankcrime

#!/usr/bin/env bash
docker stop $(docker ps -qa)
docker rm -f $(docker ps -qa)
docker volume rm $(docker volume ls -q)

for mount in $(mount | grep tmpfs | grep '/var/lib/kubelet' | awk '{ print $3 }') /var/lib/kubelet /var/lib/rancher; do umount $mount; done

rm -rf /etc/cni \
       /etc/kubernetes \
       /opt/cni \

yankcrime

Installing K3s with the external ("out-of-tree") AWS Cloud Provider

Pre-requisites

Refer to the upstream project's official documentation for the various pre-requisites. You must have an IAM role with the right permissions attached to your K3s instances, and you must also tag your nodes with a clusterid. Refer to the Rancher documentation for how to do this

Install K3s with the following options:

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server \

yankcrime

resource "rancher2_auth_config_activedirectory" "activedirectory" {
  servers                         = var.ad_server
  tls                             = false
  port                            = 389
  service_account_username        = var.ad_username
  service_account_password        = var.ad_password
  test_username                   = var.ad_username
  test_password                   = var.ad_password
  default_login_domain            = var.ad_default_login_domain
  user_search_base                = var.ad_user_search_base

yankcrime

Terraform example for deploying Kubernetes and Rancher on existing infrastructure

main.tf

resource "rke_cluster" "rancher" {
  ssh_agent_auth        = true
  ignore_docker_version = true
  kubernetes_version    = var.kubernetes_version

  dynamic "nodes" {