Skip to content

Instantly share code, notes, and snippets.


Josh Curl joshwget

View GitHub Profile
View docker-compose.yml
image: nginx
View keys.erb
"title": "Tapping modifier-keys produces a f-key.",
"rules": [
"description": "Press left_shift alone produces F12",
"manipulators": [
"type": "basic",
"from": <%= from("left_shift", [], ["any"]) %>,
"to": <%= to([["left_shift"]]) %>,

Keybase proof

I hereby claim:

  • I am joshwget on github.
  • I am joshwget ( on keybase.
  • I have a public key ASBOlStyEnCJEMBuvIbjq3OfGp4xGHb4wjj27kSHiBaDbQo

To claim this, I am signing this object:


Nginx ingress controller

To make use of the Nginx ingress controller your Kubernetes environment must be configured to have the Rancher ingress controller disabled (Enable Rancher Ingress Controller should be false).

The Nginx ingress controller must be deployed before launching any ingresses. The recommended way of doing this is via Helm.

helm install stable/nginx-ingress
joshwget /
Last active May 4, 2017
Rancher Kubernetes RBAC

Rancher integrates with the native RBAC functionality in Kubernetes.

Relationship to Rancher roles

Owners of an environment will be automatically given complete access to the cluster. All other users begin with no access to the cluster.

Removing a Rancher user from an environment will remove their access to the cluster.

Generating a kubeconfig


Containers get stuck in a state of ImagePullBackOff or CrashLoopBackOff and show a detailed error like:

Cannot initialize Kubernetes connection: the server has asked for the client to provide credentialspanic: runtime error: invalid memory address or nil pointer dereference

This is caused by stale credentials within Rancher (rancher/rancher#8388).

The following instructions can be used to fix the issue in the meantime.

Delete the token first.


Cattle Environments

Cattle environments will work with SELinux enabled by following the steps in There are two manual steps in these docs. Eventually neither of these should be necessary.

  1. Modifying the host SELinux policy

Current workaround: Compile and load an SELinux module that allows Rancher IPSec networking to run.

Real solution: There is a bug in the RHEL SELinux policy that prevents Rancher IPsec from functioning. A patch has been submitted to upstream RHEL and is estimated to be available in 6 weeks.


These instructions apply to RHEL and CentOS hosts.

Install Docker from RHEL rather than from the official sources

yum install docker
systemctl enable docker

Set SELINUX to enforcing in /etc/selinux/config and reboot.

joshwget /
Last active Mar 27, 2017
SELinux module to fix Rancher IPsec

The following instructions have been tested on Rancher 1.4/1.5 and CentOS 7.3.

The selinux-policy-devel package must be installed to build the module (yum install selinux-policy-devel).

Create a file in the current directory (named virtpatch.te for example) with the following contents.

policy_module(virtpatch, 1.0)