- Updated on May 29 to accommodate etcd container not having
/bin/shavailable anymore.
curl -sL https://get.rke2.io | sh
systemctl daemon-reload
systemctl start rke2-server
Zack Brady zackbradys
🏠
zackbradys
/ ubuntu-kiosk.sh
Last active
October 6, 2025 23:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create kiosk user | |
| sudo useradd -m kiosk | |
| sudo passwd -d kiosk | |
| # install packages | |
| sudo apt update | |
| sudo apt install -y --no-install-recommends gnome-session-flashback gdm3 firefox ssh curl tree vim xdotool | |
| # setup ssh | |
| sudo systemctl enable --now ssh |
zackbradys
/ rke2-commands.md
Created
April 15, 2025 12:01
— forked from superseb/rke2-commands.md
RKE2 commands
zackbradys
/ rke2-stig-controls
Last active
October 2, 2025 22:41
Configuration for the Published DISA STIG for Rancher Kubernetes (RKE2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- RKE2 SERVER NODES (CONTROL PLANE) --- | |
| ### Setup RKE2 Server | |
| mkdir -p /opt/rke2-artifacts/ /etc/rancher/rke2/ /var/lib/rancher/rke2/server/manifests/ | |
| useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U | |
| ### Configure RKE2 Config | |
| cat << EOF >> /etc/rancher/rke2/config.yaml | |
| profile: cis | |
| selinux: true | |
| secrets-encryption: true |
zackbradys
/ rke2-hardened-install-tips
Last active
February 1, 2024 21:06
Rancher Kubernetes (RKE2) - Installation of Fully Hardened Configuration Options
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### FIRST RKE2 SERVER NODE (CONTROL PLANE NODES) | |
| ### Set Variables | |
| export DOMAIN= | |
| export TOKEN= | |
| export vRKE2= | |
| export Registry= | |
| export RegistryUsername= | |
| export RegistryPassword= | |
| ### Apply System Settings |
zackbradys
/ find-rancher-cluster-registration.md
Created
January 30, 2024 02:54
export CLUSTERNAME=rke2-cluster-import
kubectl get clusterregistrationtokens.management.cattle.io -n $(kubectl get cluster -n fleet-default ${CLUSTERNAME} -o jsonpath='{.status.clusterName}') default-token -o json | jq -r '.status.command'
# insecure command
kubectl get clusterregistrationtokens.management.cattle.io -n $(kubectl get cluster -n fleet-default ${CLUSTERNAME} -o jsonpath='{.status.clusterName}') default-token -o json | jq -r '.status.insecureCommand'
zackbradys
/ rke2-version-check.sh
Last active
August 27, 2024 14:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for app in rke2; do | |
| output=$(curl -ks "https://update.${app}.io/v1-release/channels" | jq --arg app "${app}" -r '.data[]|select(.id==("stable","latest","testing"))|[$app, .name, .latest]|@tsv') | |
| [ -n "$output" ] && echo "$output" | |
| done && echo | |
| for app in k3s; do | |
| output=$(curl -ks "https://update.${app}.io/v1-release/channels" | jq --arg app "${app}" -r '.data[]|select(.id==("stable","latest","testing"))|[$app, .name, .latest]|@tsv') | |
| [ -n "$output" ] && echo "$output" |
zackbradys
/ rancher-manager-features.md
Last active
August 28, 2024 12:44
| Feature/Functionality | Provisioned Clusters | EKS, AKS, GKE, and OKE Clusters | Custom Clusters | Imported Clusters |
|---|---|---|---|---|
Cluster Access with kubectl or kubeconfig |
✓ | ✓ | ✓ | ✓ |
| Cluster Access Management (RBAC) | ✓ | ✓ | ✓ | ✓ |
| Modifying Cluster Configuration | ✓ | ✓ | ✓ | ✓ |
| Upgrading Cluster Kubernetes Version | ✓ | ✓ | ✓ | ✓ |
| Node Management (Adding/Removing/Scaling) | ✓ | ✓ | ||
Node Access with Shell (ssh) |
✓ | ✓ | ||
| Ability to Rotate Certificates | ✓ | ✓ | ✓ | |
| Ability to Rotate Encryption Keys | ✓ | ✓ | ✓ |
zackbradys
/ rancher-cluster-templates.md
Last active
December 29, 2023 05:55
view the repo: https://github.com/rancherfederal/rancher-cluster-templates
Step 1: Create the IAM Policy
aws iam create-policy --policy-name aws-rgs-rancher-mgmt-policy --policy-document '{
"Version": "2012-10-17",
"Statement": [
zackbradys
/ rke2-kubevip.md
Last active
March 12, 2024 19:30
— forked from bgulla/rke2_kubevip.md
rke2 cluster with kubevip load balancing
view the upstream gist by bgulla -> https://gist.github.com/bgulla/7a6a72bdc5df6febb1e22dbc32f0ca4f
additional docs from bcdurden -> https://github.com/bcdurden/rke2-kube-vip
cat << EOF >> /etc/sysctl.conf
### Modified System Settings
vm.swappiness=0
vm.panic_on_oom=0
vm.overcommit_memory=1
kernel.panic=10
zackbradys
/ rke2-amazon-linux-2
Last active
June 7, 2024 17:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # enable container-selinux | |
| amazon-linux-extras enable selinux-ng | |
| # create os release file | |
| echo "2023" >> /etc/amazon-linux-release | |
| # download and install rke2 | |
| curl -sfL https://get.rke2.io | INSTALL_RKE2_CHANNEL=v1.27 INSTALL_RKE2_TYPE=server sh - | |
| # enable and start rke2 |
NewerOlder