VMware Photon 4, k3s

if has error "CreateContainerError":

yum install apparmor-parser apparmor-utils


k8s dashboard

kubectl create serviceaccount k8s-admin -n kube-system
kubectl create clusterrolebinding k8s-admin --clusterrole=cluster-admin --serviceaccount=kube-system:k8s-admin
kubectl -n kube-system create token k8s-admin


VMware Photon OS 4: DNS settings

sudo rm /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

systemctl restart systemd-networkd
systemctl restart systemd-resolved

VMware vCenter, set VMCA as Subordinate Certification Authority

1. SSH into vCenter appliance and run the following commands:

shell.set --enable True
chsh -s /bin/bash root
2. Generate the Certificate Signing Request (CSR)
  • run
  • Select Option 2.
  • Type Y when prompted to generate the certificates using a configuration file.
  • Press Enter if using administrator@vsphere.local is OK.
  • Input the administrator password when prompted.
  • Enter your country code, e.g. US.
  • For the Name value enter the FQDN of your VCSA
  • Input your Organization name
  • Input your OrgUnit 
  • Input your State
  • Input your Locality
  • Input the IP address of your VCSA
  • Input a contact email address
  • Input the FQDN of your VCSA for the hostname
  • Input the VMCA Name (i.e. FQDN of your VCSA)
  • Select option 1 to generate the CSRs
  • Enter the path of your choice (e.g. /tmp/) for the resulting CSRs
  • Leave the SSH session open

The Certificate manager created two files:


3. Open your favorite SCP tool (e.g. WinSCP, Royal TSX, etc.). Navigate to /tmp/ Download: vmca_issued_csr.csr
4. Submit Certificate Request on Certification Authority
5. Get CA Certificate Chain, file chain.cer
6. Configuring the VMCA
  • Transfer chain.cer to the VMCA via SCP to /tmp/.
  • Switch back to your SSH session on the VMCA and press 1.
  • Enter /tmp/chain.cer for the Root certificate.
  • Enter /tmp/vmca_issued_key.key for the custom key.
  • Enter Y to replace all of the certificates.
  • Sit back and wait a few minutes for the change to complete.

Linux, expand partition online


apt-get install cloud-utils


growpart /dev/xvda 1  # Grows the partition
resize2fs /dev/xvda1  # Grows the filesystem

Install SSL certificate on Windows RDP

1. Certificate thumbprint. Certificate must be installed in personal store at the computer level.

2. Run PowerShell script:

$PATH = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices)
Set-WmiInstance -Path $PATH -argument @{SSLCertificateSHA1Hash="thumbprint"}


Chrome: disable certificate check

1. Chrome - type "thisisunsafe" on page

2. Chrome - run with parameters:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ignore-certificate-errors --ignore-urlfetcher-cert-requests &> /dev/null