I wanted to iterate on some images and have them available to K3s immediately, much like the Docker Desktop experience.
I also wanted to use docker buildx bake for this, but buildctl and nerdctl build should work fine too. You can omit Docker components if you don't want Buildx.
| #!/bin/sh | |
| PUBLIC_IP=$(curl ifconfig.io) | |
| echo "Installing K3S" | |
| # export INSTALL_K3S_VERSION="v1.19.5+k3s2" | |
| curl -sfL https://get.k3s.io | sh -s - --tls-san ${PUBLIC_IP} | |
| echo "Downlading cert-manager CRDs" | |
| wget -q -P /var/lib/rancher/k3s/server/manifests/ https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml |
| #!/bin/sh | |
| PUBLIC_IP=$(curl ifconfig.io) | |
| # export INSTALL_RKE2_VERSION="v1.20.5+rke2r1" | |
| curl -sfL https://get.rke2.io | sh - | |
| mkdir -p /etc/rancher/rke2 | |
| cat > /etc/rancher/rke2/config.yaml <<EOF | |
| write-kubeconfig-mode: "0640" |
| New-Item -ItemType Directory -Path "$Env:ProgramFiles\containerd" -Force > $null | |
| curl.exe -L https://github.com/luthermonson/containerd/releases/download/win-bins/containerd-shim-runhcs-v1.exe -o "$Env:ProgramFiles\containerd\containerd-shim-runhcs-v1.exe" | |
| curl.exe -L https://github.com/luthermonson/containerd/releases/download/win-bins/containerd.exe -o "$Env:ProgramFiles\containerd\containerd.exe" | |
| curl.exe -L https://github.com/luthermonson/containerd/releases/download/win-bins/ctr.exe -o "$Env:ProgramFiles\containerd\ctr.exe" | |
| # Set containerd config.toml | |
| $ProcessInfo = New-Object System.Diagnostics.ProcessStartInfo | |
| $ProcessInfo.FileName = "$Env:ProgramFiles\containerd\containerd.exe" | |
| $ProcessInfo.RedirectStandardError = $true | |
| $ProcessInfo.RedirectStandardOutput = $true |
| # Make sure you setup c:\ProgramData\docker\config\daemon.json to contain log-level: debug and debug: true | |
| $idx = (Get-EventLog -LogName Application -Source Docker -Newest 1).Index | |
| while ($True) | |
| { | |
| Start-Sleep -MilliSeconds 100 | |
| $idx2 = (Get-EventLog -LogName Application -Source Docker -Newest 1).index | |
| if (-NOT($idx -eq $idx2)) { | |
| Get-EventLog -logname Application -Source Docker -Newest ($idx2 - $idx) | Sort index | Select-Object Message | |
| } |
| <# | |
| switch between crlf and lf much like unix2dos and dos2unix but implemented in powershell. | |
| put two functions into your $PROFILE and call like the following: | |
| default params is your current working dir and ignoring .git and vendor dirs | |
| crlf file.txt | |
| crlf ./dir @(".git", "vendor") | |
| lf file.txt |
Way to build Windows STIG/CIS hardened AMI on AWS.
Problem is that WinRM Basic authentication is blocked by GroupPolicy.
Therefore it's required to setup WinRM over HTTPS.
If you're encountering ping github.com failing inside WSL with a Temporary failure in name resolution, you're not alone — this has been a long-standing issue, especially when using VPNs or corporate networks.
This issue is now fixed robustly with DNS tunneling, which preserves dynamic DNS behavior and avoids limitations like WSL’s former hard cap of 3 DNS servers in /etc/resolv.conf.
DNS tunneling is enabled by default in WSL version 2.2.1 and later, meaning that if you're still seeing DNS resolution issues, the first and most effective fix is simply to upgrade WSL. Upgrading WSL updates the WSL platform itself, but does not affect your installed Linux distributions, apps, or files.
To upgrade WSL, follow these steps,
| #!/bin/bash | |
| #set -x | |
| #set -e | |
| name='rio' | |
| k3d delete --name=$name | |
| k3d create -n $name --image rancher/k3s:v1.0.0 --publish 80:80 --publish 443:443 --publish 9443:9443 --publish 9080:9080 \ | |
| --server-arg --no-deploy=traefik | |
| declare -i i; i=0 | |
| until k3d get-kubeconfig --name='rio' | |
| do |