diff --git a/README.md b/README.md index 858a852..cc0bd95 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,10 @@ ## Raspberry Pi -Enable cgroups +Enable cgroups by adding the following to the end of /boot/cmdline.txt ```bash -sudo vim /boot/cmdline.txt - -... cgroup_memory=1 cgroup_enable=memory +cgroup_memory=1 cgroup_enable=memory ``` Enable legacy iptables @@ -19,7 +17,7 @@ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy sudo reboot ``` -Install k3s on our sacrificial server +Install k3s on our sacrificial server (assuming you have etcd configured) ```bash curl -sfL https://get.k3s.io | sh -s - server \ @@ -42,14 +40,7 @@ curl -sfL https://get.k3s.io | sh -s - server \ --server https://3.14.3.107 ``` -Test a bunch of deploys - -```bash -for i in {1..100}; do kubectl create deploy test$i --image=nginx & done; -for i in {1..100}; do kubectl delete deploy test$i & done; -``` - -Generate certs +Generate certs for a new user ```bash export USER= @@ -59,6 +50,14 @@ openssl genrsa -out $USER.key 2048 openssl req -new -key $USER.key -out $USER.csr -subj "/CN=$USER/O=user" sudo openssl x509 -req -in $USER.csr -CA /var/lib/rancher/k3s/server/tls/client-ca.crt -CAkey /var/lib/rancher/k3s/server/tls/client-ca.key -CAcreateserial -out $USER.crt -days 5000 sudo chown pi:pi $USER.crt -sudo kubectl create role $USER --verb=* --resource=deployments,pods,pods/exec,pods/log,pods/attach,services,ingresses,ingressroutes,secrets,configmaps,persistentvolumeclaims -sudo kubectl create rolebinding $USER --role=$USER --user=$USER +sudo kubectl create namespace $USER +sudo kubectl -n $USER create role $USER --verb=get,list,create,update,patch,watch,delete,deletecollection --resource=deployments,pods,pods/exec,pods/log,pods/attach,services,ingresses,secrets,configmaps,persistentvolumeclaims +sudo kubectl -n $USER create rolebinding -n ducoterra $USER --role=$USER --user=$USER +``` + +Test a bunch of deploys + +```bash +for i in {1..100}; do kubectl create deploy test$i --image=nginx; done; +for i in {1..100}; do kubectl delete deploy test$i; done; ```