Provisioning Scripts
Provisioning scripts can be used to override some of Rancher Desktop's internal processes. For example, scripts can be used to provide certain command line parameters to K3s, add additional mounts, increase ulimit value etc. This guide will explain how to set up your provisioning scripts for macOS, Linux, and Windows.
macOS & Linux​
On macOS and Linux, you can use lima override.yaml to write provisioning scripts.
- Create
override.yaml
file at below path
- macOS
- Linux
~/Library/Application Support/rancher-desktop/lima/_config/override.yaml
~/.local/share/rancher-desktop/lima/_config/override.yaml
- Write a provisioning script in the
override.yaml
file created in the previous step. For example, you can use the below script to increase ulimit for containers.
provision:
- mode: system
script: |
#!/bin/sh
cat <<'EOF' > /etc/security/limits.d/rancher-desktop.conf
* soft nofile 82920
* hard nofile 82920
EOF
- You can also use
override.yaml
to override/modify a lima configuration setting, for example, to create additional mounts as shown below.
mounts:
- location: /some/path
writable: true
- Another example uses the
override.yaml
file to allow users to implement custom settings forK3s
environments using Rancher Desktop'sK3S_EXEC
syntax (Similar to theK3s
syntaxINSTALL_K3S_EXEC
). Please see the agent and server command line flags documentation for further installation options. Below is an example setting using the--tls-san value
flag to add additional hostnames as Subject Alternative Names on the TLS certification:
env:
K3S_EXEC: --tls-san value
Windows​
Caution: You can only utilize these provisioning scripts for Rancher Desktop, version 1.1.0 or later, on Windows.
-
Run Rancher Desktop at least once to allow it to create its configuration.
-
Open the
%LOCALAPPDATA%\rancher-desktop\provisioning
directory. An example of the full path:C:\Users\Joe\AppData\Local\rancher-desktop\provisioning
. -
Note that any files with a file extension of
.start
, such ask3s-overrides.start
, can be executed when Rancher Desktop starts its Kubernetes backend (if enabled). Such files will run within the Rancher Desktop WSL context.
Example flow for .start
files:
- Rancher Desktop internal setup
- Run provisioning scripts
- Enable
dockerd
orcontainerd
in the UI - Kubernetes (K3s)
As an example, using %LOCALAPPDATA%\rancher-desktop\provisioning\insecure-registry.start
will allow nerdctl
to use insecure registries by default:
#!/bin/sh
mkdir -p /etc/nerdctl
cat > /etc/nerdctl/nerdctl.toml <<EOF
insecure_registry = true
EOF
- Note that files with a file extension of
.stop
, such aswipe-data.stop
, can be executed after Rancher Desktop shuts down its Kubernetes backend (if enabled). Such files will run within the same Rancher Desktop WSL context.
Example flow for .stop
files:
- Stop
k3s
,dockerd
orcontainerd
- Run deprovisioning scripts
Important to note: Scripts need to be saved with Unix line endings; line-ending conversion is not done; and files with DOS line endings may produce unexpected results. There are some limitations to the things you can change using provisioning scripts. For example, you cannot change the hard ulimits on WSL2 using provisioning scripts. Please use provisioning scripts with caution and feel free to reach out to the Rancher Desktop team on Slack/Github if you have a specific question about provisioning scripts.