I hereby claim:
- I am joshwget on github.
- I am joshwget (https://keybase.io/joshwget) on keybase.
- I have a public key ASBOlStyEnCJEMBuvIbjq3OfGp4xGHb4wjj27kSHiBaDbQo
To claim this, I am signing this object:
nginx: | |
image: nginx | |
environment: | |
A=B |
{ | |
"title": "Tapping modifier-keys produces a f-key.", | |
"rules": [ | |
{ | |
"description": "Press left_shift alone produces F12", | |
"manipulators": [ | |
{ | |
"type": "basic", | |
"from": <%= from("left_shift", [], ["any"]) %>, | |
"to": <%= to([["left_shift"]]) %>, |
I hereby claim:
To claim this, I am signing this object:
To make use of the Nginx ingress controller your Kubernetes environment must be configured to have the Rancher ingress controller disabled (Enable Rancher Ingress Controller
should be false).
The Nginx ingress controller must be deployed before launching any ingresses. The recommended way of doing this is via Helm.
helm install stable/nginx-ingress
Rancher integrates with the native RBAC functionality in Kubernetes.
Owners of an environment will be automatically given complete access to the cluster. All other users begin with no access to the cluster.
Removing a Rancher user from an environment will remove their access to the cluster.
Containers get stuck in a state of ImagePullBackOff
or CrashLoopBackOff
and show a detailed error like:
Cannot initialize Kubernetes connection: the server has asked for the client to provide credentialspanic: runtime error: invalid memory address or nil pointer dereference
This is caused by stale credentials within Rancher (rancher/rancher#8388).
The following instructions can be used to fix the issue in the meantime.
Delete the token first.
Cattle environments will work with SELinux enabled by following the steps in https://gist.github.com/joshwget/413f45a31e42f1f23024558ba4c6a3f6. There are two manual steps in these docs. Eventually neither of these should be necessary.
Current workaround: Compile and load an SELinux module that allows Rancher IPSec networking to run.
Real solution: There is a bug in the RHEL SELinux policy that prevents Rancher IPsec from functioning. A patch has been submitted to upstream RHEL and is estimated to be available in 6 weeks.
These instructions apply to RHEL and CentOS hosts.
Install Docker from RHEL rather than from the official sources
yum install docker
systemctl enable docker
Set SELINUX
to enforcing
in /etc/selinux/config
and reboot.
The following instructions have been tested on Rancher 1.4/1.5 and CentOS 7.3.
The selinux-policy-devel
package must be installed to build the module (yum install selinux-policy-devel
).
Create a file in the current directory (named virtpatch.te
for example) with the following contents.
policy_module(virtpatch, 1.0)
gen_require(`
#!/bin/bash | |
echo aa |