Skip to content

Instantly share code, notes, and snippets.

View maelvls's full-sized avatar

Maël Valais maelvls

168 followers · 70 following
View GitHub Profile
@maelvls
maelvls / README.md
Last active April 4, 2022 12:39
Deploy a dev version of cert-manager to your GKE or OpenShift cluster

Deploy a dev version of cert-manager to your GKE or OpenShift cluster

If you would like to use the new Make flow (we dropped Bazel!), here is a tutorial on how test cert-manager on a non-kind cluster such as GKE or OpenShift. In this tutorial, I assume that you have cloned cert-manager/cert-manager and that you have a shell session open in that folder. I also assume that your GKE or OpenShift cluster has access to the Docker Hub registry (i.e., you cluster has access to the internet).

You will need docker, helm, and crane installed. If you are on macOS or on Linux, you can install helm and crane using Homebrew:

@maelvls
maelvls / README.md
Last active September 7, 2022 14:12

Dev Assistant (chrome extension) settings

This gist can be shared, no problem.

Update 6 June 2022: it seems like dev assistant, which was published as a Chrome extension, has been withdrawn (probably by their authors). The source code for the extension is on GitHub: https://github.com/shridhar-tl/dev-assist. I don't know how to add the extension "manually" using the source code.

Screenshot 2022-03-01 at 12 11 35

@maelvls
maelvls / README.md
Last active February 22, 2022 18:32
cert-manager ACME solver uses the `jwk` field instead of `kid` in neworder call for non-letsencrypt calls

Investigation: cert-manager ACME solver uses the jwk field instead of kid in neworder call for non-letsencrypt calls

In the Stackover question 70897574, user1563721 suggests that cert-manager's ACME solver is not behaving as it should with non-let's encrypt servers. More specifically, that new-order is called using kid instead of jwk. In the remainder of this page, I detail how to reproduce this issue using Pebble (a smaller version of Boulder, which is the ACME server Let's Encrypt uses).

Related:

Install cert-manager but turn off the deployment:

@maelvls
maelvls / README.md
Last active June 22, 2022 07:27
Cilium ingress controller with cert-manager

Tutorial: Cilium ingress controller with cert-manager

👉 This tutorial is also visible in the Cilium Service Mesh official documentation here.

With this tutorial, you will install Cilium Service Mesh on Kind with TLS with certificates created by cert-manager. It is inspired by the TLS example on the Cilium website.

This was written on 18 Feb 2022 during the beta of the Cilium Service Mesh. A lot probably changed since then.

Prerequisites:

  • helm v3.7 and above,
@maelvls
maelvls / README.md
Last active January 26, 2022 17:05
testing-ingress-controllers
@maelvls
maelvls / README.md
Last active January 7, 2022 10:47

Understanding cert-manager upgrade issues to 1.7

When upgrading from 0.16.1 to v1.6.1

Users will start seeing errors whenever a client tries to apply or create a v1alpha2 resource:

TODO paste the error here
@maelvls
maelvls / glib-gobject-introspection-0.045.diff
Last active December 4, 2021 14:31
gobject-introspection-1.70.0-to-d4d5fb294a89c5c25f966f5e8407d335c315b1c1.diff
diff --git a/GObjectIntrospection.xs b/GObjectIntrospection.xs
index 58fe26f..4a56855 100644
--- a/GObjectIntrospection.xs
+++ b/GObjectIntrospection.xs
@@ -928,7 +928,7 @@ _use_generic_signal_marshaller_for (class, const gchar *package, const gchar *si
"ClosureMarshal");
g_assert (closure_marshal_info);
cif = g_new0 (ffi_cif, 1);
- closure = g_callable_info_prepare_closure (closure_marshal_info,
+ closure = g_callable_info_create_closure (closure_marshal_info,
@maelvls
maelvls / grafana-crc.md
Last active November 30, 2021 18:12
CodeReady Containers (local OpenShift) tips

CodeReady Containers (local openshift) tips

Use Grafana with CodeReady Containers

https://grafana.com/orgs/maelvls/api-keys

 kubectl create secret generic kubepromsecret \
  --from-literal=username=maelvls\
  --from-literal=password= \
@maelvls
maelvls / README.md
Last active November 16, 2021 13:50
Getting started using cert-manager with the sig-network Gateway API
@maelvls
maelvls / DEBUG.md
Last active November 16, 2021 13:50
Debug a broken cert-manager-webhook