Skip to content

Instantly share code, notes, and snippets.

View fkurz's full-sized avatar

Friedrich Kurz fkurz

4 followers · 1 following
View GitHub Profile
@fkurz
fkurz / self-signed-certificate-key-pair-localhost.md
Last active February 16, 2019 20:15
Snippet: How to create a self-signed certificate and key pair for localhost

The Let's Encrypt website covers this topic in depth. Using the right config values is key. openssl simplifies the cert creation.

echo -n "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth" > /tmp/ssl-config
openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -keyout /etc/ssl/server.key -out /etc/ssl/server.crt -subj '/CN=localhost' -extensions EXT -config /tmp/ssl-config

Note: We create a temporary config file to use as the -conf parameter instead of using process substitution (-conf <(...)) because of better compatibility.

@fkurz
fkurz / fixing-errors-when-running-minikube-start-from-golang.md
Last active February 17, 2019 12:57
Troubleshooting: fixing errors when running `minikube start` from golang

I was getting intransparent errors running minikube start from golang like the following:

E0207 12:05:03.470516 22708 start.go:376] Error starting cluster: kubeadm init: sudo /usr/bin/kubeadm init --config /var/lib/kubeadm.yaml --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests --ignore-preflight-errors=DirAvailable--data-minikube --ignore-preflight-errors=Port-10250 --ignore-preflight-errors=FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml --ignore-preflight-errors=FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml --ignore-preflight-errors=FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml --ignore-preflight-errors=FileAvailable--etc-kubernetes-manifests-etcd.yaml --ignore-preflight-errors=Swap --ignore-preflight-errors=CRI

This can apparently be fixed by stopping and deleting the Minikube instance and removing its cache before running the golang app:

minikube stop
minikube delete
@fkurz
fkurz / retrieving-private-repositories-in-docker-build-phase.md
Last active March 17, 2019 10:25
Troubleshooting: Retrieving Private Repositories in Docker Build Phase

Retrieving Private Repositories in Docker Build Phase

Problem

During the build phase you may need to access dependencies in private (or, generally non-public) repositories.

Solution

This solution configures Git to use HTTPS with login and access token for the repository with URL <repo-url>.

@fkurz
fkurz / registering-extra-ca-golang-client.md
Last active March 18, 2019 20:04
Snippet: Registering an extra certificate authority in a Golang HTTP client

Registering a certificate authority in a Golang HTTP client

Problem

You want to register an extra certificate authority to be recognized by a http.Client instance when issuing requests.

I personally encountered this case while testing a HTTPS service with a key pair issued by a Kubernetes cluster.

Solution

@fkurz
fkurz / nginx-https-post-static.md
Last active March 18, 2019 20:08
Snippet: Nginx configuration for POST requests to static files

Nginx configuration for POST requests to static files

Problem

Nginx doesn't allow serving static content when responding to POST requests.

Solution

The solution first creates an HTTP 405 error for all requests (including POST requests) to a given location and then simply returns the result of a proxy pass GET request to the static resource instead of the error page.

@fkurz
fkurz / snippet--create-self-signed-private-key-and-certificate-signing-request-with-cfssl.md
Last active April 6, 2019 08:48
Snippet: Create a self-signed private key and certificate signing request with Cloudflare SLL (cfssl)

Problem

Creating a [certificate signing request][2] with CloudFlare's cfssl tool.

Solution

1. Create a Certificate Signing Request JSON file

Minimally, you want to specify the hosts, CN, and key properties. For example:

@fkurz
fkurz / brew-downgrading-package.md
Last active May 2, 2019 15:22
Snippet: Downgrading a Brew Package

Downgrading a Brew Package

Problem

You want to downgrade a package imported by Homebrew from version B to version A.

Solution

Packages correspond to installation script which are hosted (and versioned) on the Homebrew's Github repository.

The list of formulas is hosted at

@fkurz
fkurz / generating-protobuf-message-serializations-from-the-command-line.md
Last active May 18, 2019 13:30
Snippet: Generating Protobuf Message Serializations from the Command Line

Snippet: Generating Protobuf Message Serializations from the Command Line

Problem

We want to send some protobuf serialized data to an implemented RPC API endpoint for testing.

Note: This is especially helpful if you work with [Twirp][3] and code in Python since the code generator does not yield a JSON Protobuf client.

Solution

You can use the protoc command to generate binary data and then pass them to curl (see [1] and [2]).

@fkurz
fkurz / protobuf-python-generation-with-working-import-statements.md
Last active June 22, 2019 19:51
Snippet: Protobuf Python Generation With Working Import Statements

Protobuf Python: Generating Code With Working Import Statements

Problem

The import statements in Python code generated from factored Protobuf files do not correctly point to the modules to be imported.

Note: By factored, I mean at least two files a.proto and b.proto with potential of mutual dependencies.

Solution

@fkurz
fkurz / creating-instant-vectors-with-arbitrary-labels-in-promql.md
Created June 24, 2019 13:02
Snippet: Creating instant vectors with arbitrary labels in PromQL

Creating Instant Vectors with Arbitrary Labels in PromQl

Problem

We need to create an instant vector with a given label set.

An example use case would be supplying a default value in combination with or.

Solution