Julio Hawthorne VltraHeaven

Create a .kubeconfig file for the cluster that you are going to provision with the new server URL and CA certificate: https://gist.github.com/superseb/f6cd637a7ad556124132ca39961789a4
Note down the checksum of the new CA cert:

$ curl --insecure -s -fL https://<rancher_server>/v3/settings/cacerts | jq -r .value | sha256sum

Inspect the cattle-cluster-agent deployment and note down the name of the cattle-credentials secret it consumes
Update the secret with the new server URL:

kubectl patch secret cattle-credentials-<token> -p='{"data":{"url": "<server_url>"}}'

	GRUB_TIMEOUT_STYLE=menu
	GRUB_TIMEOUT=10
	GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null \|\| echo Debian`
	GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
	GRUB_CMDLINE_LINUX="init_on_alloc=1 init_on_free=1 pti=on slab_nomerge page_alloc.shuffle=1 vsyscall=none spectre_v2=on spec_store_bypass_disable=on l1tf=full,force nosmt=force kvm.nx_huge_pages=force"
	GRUB_DEFAULT=saved
	GRUB_SAVEDEFAULT=true

	#!/bin/bash
	echo "Building cluster_recovery.yml..."
	echo "Working on Nodes..."
	echo 'nodes:' > cluster_recovery.yml
	kubectl --kubeconfig kube_config_cluster.yml -n kube-system get configmap full-cluster-state -o json \| jq -r .data.\"full-cluster-state\" \| jq -r .desiredState.rkeConfig.nodes \| yq r - \| sed 's/^/ /' \| \
	sed -e 's/internalAddress/internal_address/g' \| \
	sed -e 's/hostnameOverride/hostname_override/g' \| \
	sed -e 's/sshKeyPath/ssh_key_path/g' >> cluster_recovery.yml
	echo "" >> cluster_recovery.yml

	## Sysctl Hardening
	```
	cat <<EOF> /etc/sysctl.d/20-hardening.conf
	# Kernel
	kernel.kptr_restrict=2
	kernel.dmesg_restrict=1
	kernel.unprivileged_bpf_disabled=1
	net.core.bpf_jit_harden=2
	dev.tty.ldisc_autoload=0
	vm.unprivileged_userfaultfd=0

	#!/usr/bin/env sh

	help_message(){
	echo "Usage: $(basename "$0") [-f path to etcd snapshot] [-t node token]"
	}

	if [ "$(id -u)" -ne 0 ]; then
	echo "Please run this script as root"
	exit 126
	fi

	#!/usr/bin/env sh

	help_message(){
	echo "Usage: $(basename "$0") [-s server] [-t node token]"
	}

	if [ "$(id -u)" -ne 0 ]; then
	echo "Please run this script as root"
	exit 126
	fi