brooksphilip

# -- Optionally override the fully qualified name
fullnameOverride: ""

# -- Optionally override the name
nameOverride: ""

# -- The number of replicas to create (has no effect if autoscaling enabled)
replicas: 1

image:

brooksphilip

kubectl create secret docker-registry cgr-pull-secret \
  --docker-server=cgr.dev \
  --docker-username="af2442244f150b3479d0a9f429097b66d378db18/ed3355e9b78ec8d8" \
  --docker-password="eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2lzc3Vlci5lbmZvcmNlLmRldiIsImV4cCI6MTc0NTYwMDkxMCwiaWF0IjoxNzQ1NTE0NTEwLCJpc3MiOiJodHRwczovL3B1bGx0b2tlbi5pc3N1ZXIuY2hhaW5ndWFyZC5kZXYiLCJzdWIiOiJwdWxsLXRva2VuLTUxMDZjNzI4YTJjOTY1MzI4ZTFmMTVmNDhiZGI5ZGNhZDc4Y2E1YjkifQ.pgpKAjLg_EWZR_0O8mhFIsiypnADG1mmaxUSEj8ZcDFgsTuello4VwutrfAjD6JlGqU83Ht7mDkqHc5djzMaYPKEDo0jBmMGZdDdGK-6AHhCjWUoVwp3AANKU6TqfytuWbQVkRp3zSx2idYpunOEf307adtuBK0odm9o1v7-aTmIwgNMknBp5ibczl-NfhB7VlfaBi8d2MhZus_p-QOaZ5xzngrbPkniru8B7SfnQ9uxNDZ8UTBwWWZywa8ZAyYFNZvjJeNOE6zvjBQAwF2Jzh6NzGJ2N1UIcQQhM5K5NjBhK8px7lXPDyIjblpsBrXJNBkCNvWTOci-iODSzciYsiznGdjPHJbjy4FwRONyLkEbUsXi_SyQBUGWGrmap7m8CtLOmoEcJ62aaxzjk8nNU0z0JHjK5TTnFndG-jflFO9eQazNze1eUA0lKBf35foJH2NQF44stmF48l80U-MGXtLUT1c1sy8Bpzx9N80Tttn9YIy1nDqLwQ7RkreL2kbGECFsvakxe3lLoSUaL5mTeIczIJe_lxzPvf86pUuxre3tdMcFrUypuvJpZXPoI

brooksphilip

helm upgrade -i neuvector -n neuvector neuvector/core --create-namespace --set controller.pvc.enabled=true --set controller.pvc.capacity=500Mi --set manager.env.envs[0].name=CUSTOM_PAGE_HEADER_COLOR --set manager.env.envs[0].value="#007a33" --set manager.env.envs[1].name=CUSTOM_PAGE_HEADER_CONTENT --set manager.env.envs[1].value="VU5DTEFTU0lGSUVELy9GT1VPCg==" --set manager.env.envs[2].name=CUSTOM_PAGE_FOOTER_COLOR --set manager.env.envs[2].value="#007a33" --set manager.env.envs[3].name=CUSTOM_PAGE_FOOTER_CONTENT --set manager.env.envs[3].value="VU5DTEFTU0lGSUVELy9GT1VPCg==" --set manager.env.envs[4].name=CUSTOM_EULA_POLICY --set manager.env.envs[4].value=$govmessage_html --set manager.ingress.enabled=true --set manager.ingress.host=neuvector.$domain  --set manager.ingress.tls=true --set manager.ingress.secretName=tls-ingress

brooksphilip

# HTTP Configuration with WebSocket Support
server {
    listen 80 bind 192.168.1.100;  # Bind to eth1's IP for HTTP
    server_name yourdomain.com;

    location / {
        proxy_pass http://backend_server_ip:port;
        
        # WebSocket Support
        proxy_http_version 1.1;

brooksphilip

configs:
  "registry.example.com:5000":
    auth:
      username: xxxxxx # this is the registry username
      password: xxxxxx # this is the registry password
    tls:
      cert_file:            # path to the cert file used to authenticate to the registry
      key_file:             # path to the key file for the certificate used to authenticate to the registry
 ca_file: # path to the ca file used to verify the registry's certificate

brooksphilip

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    controller:
 podAnnotations:

brooksphilip

Multus

update rke2 config

aka install
add the following to the config.yaml from https://docs.rke2.io/install/network_options#using-multus

# /etc/rancher/rke2/config.yaml
cni:

brooksphilip

apiVersion: network.harvesterhci.io/v1alpha1
kind: IPPool
metadata:
  name: harvesterpool
  namespace: default
spec:
  ipv4Config:
    serverIP: 10.10.100.2 # The DHCP server's IP address
 cidr: 10.10.100.0/24 # The subnet information, must be in the CIDR form

brooksphilip

defaultNamespace: metallb-system

labels:
  app: metallb-resources

helm:
  chart: ./chart
  releaseName: metallb-resources
 valuesFiles: 

brooksphilip

#Example

Create Volume Claim

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nginx
spec: