VMware Photon 4, k3s

if has error "CreateContainerError":

yum install apparmor-parser apparmor-utils

 

k8s dashboard

kubectl create serviceaccount k8s-admin -n kube-system
kubectl create clusterrolebinding k8s-admin --clusterrole=cluster-admin --serviceaccount=kube-system:k8s-admin
kubectl -n kube-system create token k8s-admin


https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

VMware Photon OS 4: DNS settings

sudo rm /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

systemctl restart systemd-networkd
systemctl restart systemd-resolved
 

VMware vCenter, set VMCA as Subordinate Certification Authority

1. SSH into vCenter appliance and run the following commands:

shell.set --enable True
shell
chsh -s /bin/bash root
2. Generate the Certificate Signing Request (CSR)
  • run
    /usr/lib/vmware-vmca/bin/certificate-manager
  • Select Option 2.
  • Type Y when prompted to generate the certificates using a configuration file.
  • Press Enter if using administrator@vsphere.local is OK.
  • Input the administrator password when prompted.
  • Enter your country code, e.g. US.
  • For the Name value enter the FQDN of your VCSA
  • Input your Organization name
  • Input your OrgUnit 
  • Input your State
  • Input your Locality
  • Input the IP address of your VCSA
  • Input a contact email address
  • Input the FQDN of your VCSA for the hostname
  • Input the VMCA Name (i.e. FQDN of your VCSA)
  • Select option 1 to generate the CSRs
  • Enter the path of your choice (e.g. /tmp/) for the resulting CSRs
  • Leave the SSH session open

The Certificate manager created two files:

/tmp/vmca_issued_csr.csr
/tmp/vmca_issued_key.key

3. Open your favorite SCP tool (e.g. WinSCP, Royal TSX, etc.). Navigate to /tmp/ Download: vmca_issued_csr.csr
4. Submit Certificate Request on Certification Authority
5. Get CA Certificate Chain, file chain.cer
6. Configuring the VMCA
  • Transfer chain.cer to the VMCA via SCP to /tmp/.
  • Switch back to your SSH session on the VMCA and press 1.
  • Enter /tmp/chain.cer for the Root certificate.
  • Enter /tmp/vmca_issued_key.key for the custom key.
  • Enter Y to replace all of the certificates.
  • Sit back and wait a few minutes for the change to complete.

Linux, expand partition online

Install:

apt-get install cloud-utils

Run:

growpart /dev/xvda 1  # Grows the partition
resize2fs /dev/xvda1  # Grows the filesystem

Install SSL certificate on Windows RDP

1. Certificate thumbprint. Certificate must be installed in personal store at the computer level.

2. Run PowerShell script:

$PATH = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices)
Set-WmiInstance -Path $PATH -argument @{SSLCertificateSHA1Hash="thumbprint"}

 

Chrome: disable certificate check

1. Chrome - type "thisisunsafe" on page

2. Chrome - run with parameters:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ignore-certificate-errors --ignore-urlfetcher-cert-requests &> /dev/null