Philip brooksphilip

kubectl create secret docker-registry cgr-pull-secret \
  --docker-server=cgr.dev \
  --docker-username="af2442244f150b3479d0a9f429097b66d378db18/ed3355e9b78ec8d8" \
  --docker-password="eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2lzc3Vlci5lbmZvcmNlLmRldiIsImV4cCI6MTc0NTYwMDkxMCwiaWF0IjoxNzQ1NTE0NTEwLCJpc3MiOiJodHRwczovL3B1bGx0b2tlbi5pc3N1ZXIuY2hhaW5ndWFyZC5kZXYiLCJzdWIiOiJwdWxsLXRva2VuLTUxMDZjNzI4YTJjOTY1MzI4ZTFmMTVmNDhiZGI5ZGNhZDc4Y2E1YjkifQ.pgpKAjLg_EWZR_0O8mhFIsiypnADG1mmaxUSEj8ZcDFgsTuello4VwutrfAjD6JlGqU83Ht7mDkqHc5djzMaYPKEDo0jBmMGZdDdGK-6AHhCjWUoVwp3AANKU6TqfytuWbQVkRp3zSx2idYpunOEf307adtuBK0odm9o1v7-aTmIwgNMknBp5ibczl-NfhB7VlfaBi8d2MhZus_p-QOaZ5xzngrbPkniru8B7SfnQ9uxNDZ8UTBwWWZywa8ZAyYFNZvjJeNOE6zvjBQAwF2Jzh6NzGJ2N1UIcQQhM5K5NjBhK8px7lXPDyIjblpsBrXJNBkCNvWTOci-iODSzciYsiznGdjPHJbjy4FwRONyLkEbUsXi_SyQBUGWGrmap7m8CtLOmoEcJ62aaxzjk8nNU0z0JHjK5TTnFndG-jflFO9eQazNze1eUA0lKBf35foJH2NQF44stmF48l80U-MGXtLUT1c1sy8Bpzx9N80Tttn9YIy1nDqLwQ7RkreL2kbGECFsvakxe3lLoSUaL5mTeIczIJe_lxzPvf86pUuxre3tdMcFrUypuvJpZXPoI

helm upgrade -i neuvector -n neuvector neuvector/core --create-namespace --set controller.pvc.enabled=true --set controller.pvc.capacity=500Mi --set manager.env.envs[0].name=CUSTOM_PAGE_HEADER_COLOR --set manager.env.envs[0].value="#007a33" --set manager.env.envs[1].name=CUSTOM_PAGE_HEADER_CONTENT --set manager.env.envs[1].value="VU5DTEFTU0lGSUVELy9GT1VPCg==" --set manager.env.envs[2].name=CUSTOM_PAGE_FOOTER_COLOR --set manager.env.envs[2].value="#007a33" --set manager.env.envs[3].name=CUSTOM_PAGE_FOOTER_CONTENT --set manager.env.envs[3].value="VU5DTEFTU0lGSUVELy9GT1VPCg==" --set manager.env.envs[4].name=CUSTOM_EULA_POLICY --set manager.env.envs[4].value=$govmessage_html --set manager.ingress.enabled=true --set manager.ingress.host=neuvector.$domain  --set manager.ingress.tls=true --set manager.ingress.secretName=tls-ingress

configs:
  "registry.example.com:5000":
    auth:
      username: xxxxxx # this is the registry username
      password: xxxxxx # this is the registry password
    tls:
      cert_file:            # path to the cert file used to authenticate to the registry
      key_file:             # path to the key file for the certificate used to authenticate to the registry
 ca_file: # path to the ca file used to verify the registry's certificate

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    controller:
 podAnnotations:

Multus

update rke2 config

aka install
add the following to the config.yaml from https://docs.rke2.io/install/network_options#using-multus

# /etc/rancher/rke2/config.yaml
cni:

apiVersion: network.harvesterhci.io/v1alpha1
kind: IPPool
metadata:
  name: harvesterpool
  namespace: default
spec:
  ipv4Config:
    serverIP: 10.10.100.2 # The DHCP server's IP address
 cidr: 10.10.100.0/24 # The subnet information, must be in the CIDR form

defaultNamespace: metallb-system

labels:
  app: metallb-resources

helm:
  chart: ./chart
  releaseName: metallb-resources
 valuesFiles:

#Example

Create Volume Claim

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nginx
spec:

Airgap

Artifacts

The first step we need to do is to pull all the images and everything we will need on the airgap side such as images, tar files, rpm's, etc. For this we are going to use hauler.

Head over to https://hauler.dev and jump to the quickstart section. On our bastion host we need to download the hauler binary to use.

Install latest release

	# HTTP Configuration with WebSocket Support
	server {
	listen 80 bind 192.168.1.100; # Bind to eth1's IP for HTTP
	server_name yourdomain.com;

	location / {
	proxy_pass http://backend_server_ip:port;

	# WebSocket Support
	proxy_http_version 1.1;