zackbradys

### Configure Rancher Pod Security Standards/Pod Security Admissions
cat << EOF >> /etc/rancher/rke2/rancher-psact.yaml
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
  - name: PodSecurity
    configuration:
      apiVersion: pod-security.admission.config.k8s.io/v1
      kind: PodSecurityConfiguration
      defaults:

zackbradys

### Add and Update the Helm Repository
helm repo add neuvector https://neuvector.github.io/neuvector-helm
helm repo update

### Create the NeuVector Namespace and Install NeuVector
kubectl create namespace cattle-neuvector-system

helm upgrade -i neuvector neuvector/core --namespace cattle-neuvector-system --set k3s.enabled=true --set k3s.runtimePath=/run/k3s/containerd/containerd.sock --set manager.ingress.enabled=true --set manager.svc.type=ClusterIP --set controller.pvc.enabled=true --set manager.ingress.host=neuvector.10.0.0.15.sslip.io --set global.cattle.url=https://rancher.10.0.0.15.sslip.io --set controller.ranchersso.enabled=true --set rbac=true

### Wait for the deployment/rollout

zackbradys

### Add and Update the Helm Repository
helm repo add longhorn https://charts.longhorn.io
helm repo update

### Create the Longhorn Namespace and Install Longhorn
kubectl create namespace longhorn-system
helm upgrade -i longhorn longhorn/longhorn --namespace longhorn-system --set ingress.enabled=true --set ingress.host=longhorn.example.com

### Wait for the deployment/rollout
sleep 30

zackbradys

### Add and Update the Helm Repositories
helm repo add jetstack https://charts.jetstack.io
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo update

### Create the Cert Manager Namespace and Install Cert Manager
kubectl create namespace cert-manager
helm upgrade -i cert-manager jetstack/cert-manager --namespace cert-manager --set installCRDs=true

### Wait for the deployment/rollout

zackbradys

--- RKE2 SERVER NODES (CONTROL PLANE) ---
### Apply System Settings
cat << EOF >> /etc/sysctl.conf
### Modified System Settings
vm.swappiness=0
vm.panic_on_oom=0
vm.overcommit_memory=1
kernel.panic=10
kernel.panic_on_oops=1
vm.max_map_count = 262144

zackbradys

# RUN THIS ON LINUX! Below is using an Ubuntu VM to build your qcow

# Install 'libguestfs-tools' to get 'virt-customize'
apt-get install -y libguestfs-tools # ubuntu
# yum install -y libguestfs-tools # rhel

# Download the latest cloud-enabled Rocky image
wget -O /tmp/rocky-cloud.qcow2 https://download.rockylinux.org/pub/rocky/8/images/x86_64/Rocky-8-GenericCloud-LVM.latest.x86_64.qcow2 # LVM
# wget -O /tmp/rocky-cloud.qcow2 https://download.rockylinux.org/pub/rocky/8/images/x86_64/Rocky-8-GenericCloud-Base.latest.x86_64.qcow2 # Base

zackbradys

#pihole install
#simple linux pihole install
#reach out with questions to @zackbradys

sudo su

curl -sSL https://install.pi-hole.net | sudo PIHOLE_SKIP_OS_CHECK=true PIHOLE_SELINUX=true bash

#check pihole status
pihole status

zackbradys

Keybase proof

I hereby claim:

• I am zackbradys on github.
• I am zackbradys (https://keybase.io/zackbradys) on keybase.
• I have a public key ASA3bJyquUpv0pl7VxpjRW1WFcHkFE65NrHHPj25CU78GQo

To claim this, I am signing this object:

zackbradys

#tailscale install
#simple linux tailscale install with authenticate
#reach out with questions to @zackbradys

sudo su

curl -fsSL https://tailscale.com/install.sh | sh

tailscale login --authkey=$AUTH-KEY

zackbradys

#cloud-config
#simple cloud-init network-data
#reach out with questions to @zackbradys