Skip to content

Instantly share code, notes, and snippets.

Avatar

Josh Curl joshwget

View GitHub Profile
View docker-compose.yml
nginx:
image: nginx
environment:
A=B
View keys.erb
{
"title": "Tapping modifier-keys produces a f-key.",
"rules": [
{
"description": "Press left_shift alone produces F12",
"manipulators": [
{
"type": "basic",
"from": <%= from("left_shift", [], ["any"]) %>,
"to": <%= to([["left_shift"]]) %>,
View keybase.md

Keybase proof

I hereby claim:

  • I am joshwget on github.
  • I am joshwget (https://keybase.io/joshwget) on keybase.
  • I have a public key ASBOlStyEnCJEMBuvIbjq3OfGp4xGHb4wjj27kSHiBaDbQo

To claim this, I am signing this object:

View nginx-ingress.md

Nginx ingress controller

To make use of the Nginx ingress controller your Kubernetes environment must be configured to have the Rancher ingress controller disabled (Enable Rancher Ingress Controller should be false).

The Nginx ingress controller must be deployed before launching any ingresses. The recommended way of doing this is via Helm.

helm install stable/nginx-ingress
@joshwget
joshwget / rbac.md
Last active May 4, 2017
Rancher Kubernetes RBAC
View rbac.md

Rancher integrates with the native RBAC functionality in Kubernetes.

Relationship to Rancher roles

Owners of an environment will be automatically given complete access to the cluster. All other users begin with no access to the cluster.

Removing a Rancher user from an environment will remove their access to the cluster.

Generating a kubeconfig

View stalesecret.md

Containers get stuck in a state of ImagePullBackOff or CrashLoopBackOff and show a detailed error like:

Cannot initialize Kubernetes connection: the server has asked for the client to provide credentialspanic: runtime error: invalid memory address or nil pointer dereference

This is caused by stale credentials within Rancher (rancher/rancher#8388).

The following instructions can be used to fix the issue in the meantime.

Delete the token first.

View selinux-status.md

Cattle Environments

Cattle environments will work with SELinux enabled by following the steps in https://gist.github.com/joshwget/413f45a31e42f1f23024558ba4c6a3f6. There are two manual steps in these docs. Eventually neither of these should be necessary.

  1. Modifying the host SELinux policy

Current workaround: Compile and load an SELinux module that allows Rancher IPSec networking to run.

Real solution: There is a bug in the RHEL SELinux policy that prevents Rancher IPsec from functioning. A patch has been submitted to upstream RHEL and is estimated to be available in 6 weeks.

View enabling-selinux.md

These instructions apply to RHEL and CentOS hosts.

Install Docker from RHEL rather than from the official sources

yum install docker
systemctl enable docker

Set SELINUX to enforcing in /etc/selinux/config and reboot.

@joshwget
joshwget / selinux-rancher.md
Last active Mar 27, 2017
SELinux module to fix Rancher IPsec
View selinux-rancher.md

The following instructions have been tested on Rancher 1.4/1.5 and CentOS 7.3.

The selinux-policy-devel package must be installed to build the module (yum install selinux-policy-devel).

Create a file in the current directory (named virtpatch.te for example) with the following contents.

policy_module(virtpatch, 1.0)

gen_require(`