profile
viewpoint
Justin M. jmound https://atmospheric.co Infrastructure Architect / Founder

GoogleCloudPlatform/pci-gke-blueprint 82

PCI on GKE Blueprint: PCI Deployable Architecture on Google Cloud and GKE

jmound/Android-Market-Developer-Console-API 2

An API for the Android Market for market.android.com/publish

jmound/ansible-modules-core 0

Ansible modules - these modules ship with ansible

jmound/boto_rsync 0

An rsync-like utility using boto's S3 and Google Storage interfaces.

jmound/dhh-system-engineering 0

Delivery Hero Group System Engineering

jmound/gcp-pci-terraform 0

Terraform to build out a PCI demo environment on GCP

jmound/ghost-ansible 0

Ansible role to install Ghost

delete branch jmound/mkdocs

delete branch : patch-2

delete time in 3 days

create barnchGoogleCloudPlatform/pci-gke-blueprint

branch : main

created branch time in a month

pull request commentGoogleCloudPlatform/pci-gke-blueprint

Update Prereqs section to include shellcheck

I addressed this in #122. @josebiro @morgante Let me know if this is/is not good to close, or if more changes are needed.

Separately, I opened #123 to resolve the cloud build errors.

josebiro

comment created time in a month

delete branch GoogleCloudPlatform/pci-gke-blueprint

delete branch : add-dependencies-to-docs

delete time in a month

push eventGoogleCloudPlatform/pci-gke-blueprint

Justin M

commit sha a331ae8a18fdc1847e8f8cb134a6cf9a3494779e

Adding a list of dependencies for development to documentation (#122) * Adding a list of dependencies for development

view details

push time in a month

issue closedGoogleCloudPlatform/pci-gke-blueprint

Install dependencies: Makefile requires shellcheck tool

shellcheck is an undocumented dependency which appears to be installed with apt install shellcheck on debian/ubuntu systems. This should be added to the documentation.

closed time in a month

josebiro

push eventGoogleCloudPlatform/pci-gke-blueprint

Justin Mound

commit sha 2a6372e8e13ac9ae007da39302f2de5940b01502

docs/development.md fixing link

view details

push time in a month

push eventGoogleCloudPlatform/pci-gke-blueprint

Justin Mound

commit sha 8e2837927b4aae6ad388419f4c7f7a451cdfb416

docs/development.md fixing link

view details

push time in a month

create barnchGoogleCloudPlatform/pci-gke-blueprint

branch : add-dependencies-to-docs

created branch time in a month

PR closed GoogleCloudPlatform/microservices-demo

Swap in a published test credit card number cla: yes

Is it possible to swap out the current 4432-8015-6152-0454 in exchange for a published test card number? 4242-4242-4242-4242 was obtained from https://stripe.com/docs/testing#cards

+2 -2

2 comments

2 changed files

jmound

pr closed time in a month

pull request commentGoogleCloudPlatform/microservices-demo

Swap in a published test credit card number

Understood, and no problem. Thanks for the quick feedback.

jmound

comment created time in a month

PR opened GoogleCloudPlatform/microservices-demo

Swap in a published test credit card number

Is it possible to swap out the current 4432-8015-6152-0454 in exchange for a published test card number? 4242-4242-4242-4242 was obtained from https://stripe.com/docs/testing#cards

+2 -2

0 comment

2 changed files

pr created time in a month

create barnchAtmospherical/microservices-demo

branch : published-test-card

created branch time in a month

pull request commentGoogleCloudPlatform/pci-gke-blueprint

Update Prereqs section to include shellcheck

Perhaps if development.md wasn't easily found we should link to it in contributing.md too?

josebiro

comment created time in 2 months

issue commentkubernetes/ingress-gce

Kubernetes incorrectly warns with "invalid ingress configuration" when using the "allow-http: false" annotation

Why state that it is an error at all?

This config is what the docs currently state is the correct thing to do. I understand that the Ingress config is described in two separate sections ( Disabling HTTP and Setting up the managed certificate ), and that there is an aspect of using Google Managed Certs that is marked as beta. However, if this is the correct way to declare an Ingress with a managed certificate, then to me ingress-gce shouldn't be throwing an error at all.

That being said, that message is clear enough that there isn't an invalid config, and that the correct course of action is to wait.

jmound

comment created time in 2 months

issue commentkubernetes/ingress-gce

Kubernetes incorrectly warns with "invalid ingress configuration" when using the "allow-http: false" annotation

Unless I'm mistaken, it's not an invalid configuration. If that's the case, then that line should be removed. From a previous comment:

...its just that the provisioning of the LB will fail for some time until the ManagedCertificate controller applies the certificate to the Ingress.

How about something along the lines of: LoadBalancer provisioning in progress, waiting for ManagedCertificate status to update ? I'm not familiar with the exact workflow of the managed certificate controller, so that probably needs to be modified to be more accurate. But the main point is that if the ingress config with the managed cert annotation is a correct, valid configuration, we shouldn't be messaging otherwise.

jmound

comment created time in 2 months

issue commentkubernetes/ingress-gce

Kubernetes incorrectly warns with "invalid ingress configuration" when using the "allow-http: false" annotation

Thanks, that helps. Do you have any thoughts on improving the warning message? To someone creating the Ingress resource, the below message heavily implies that the actual Ingress configuration is invalid, that a mistake was made and something needs to be fixed.

Warning  Sync    54s   loadbalancer-controller  Error during sync: error running load balancer syncing routine: loadbalancer 888jw4sk-frontend-frontend-REDACTED does not exist: invalid ingress frontend configuration, please check your usage of the 'kubernetes.io/ingress.allow-http' annotation.
jmound

comment created time in 2 months

issue openedderailed/k9s

Feature request: support an inverse operator on filtered search

<img src="https://raw.githubusercontent.com/derailed/k9s/master/assets/k9s_small.png" align="right" width="100" height="auto"/>

<br/> <br/> <br/>

Is your feature request related to a problem? Please describe. The current filtering options allow for a subset of regular expressions. ie. On the pod list view for example, selecting filter (/) this works:

deafult|ns2|ns3|etc

However, there isn't full regex support. If, for example you wanted to view all pods not matching kube-system, this doesn't work:

!kube-system

Describe the solution you'd like Full regex is cool, but if that's more complex (likely) than supporting just inverse (NOT) searches, I think that would be a helpful feature.

Describe alternatives you've considered As suggested in the k9s slack, you can do k get po --field-selector metadata.namespace!=kube-system --all-namespaces

Additional context The docs on filtering could use some more details- if you can use |, what else can you use? Somewhat related: #564

created time in 2 months

issue commentkubernetes/ingress-gce

Kubernetes incorrectly warns with "invalid ingress configuration" when using the "allow-http: false" annotation

@rramkumar1 I'm looking to disable http even though I do understand how a redirect would be a good alternative. For the current needs, an http redirect would not be used. My preference/suggestion here would be clarity: if it is supported, it should work without the invalid ingress frontend configuration message. If it isn't supported, then creating the Ingress should fail and it should be documented accordingly.

jmound

comment created time in 2 months

create barnchAtmospherical/k9s

branch : history-behavior-change

created branch time in 2 months

fork jmound/tview

Rich interactive widgets for terminal-based UIs written in Go

fork in 2 months

startedsquidfunk/mkdocs-material

started time in 3 months

startedromefrontend/rome

started time in 3 months

issue openedkubernetes/ingress-gce

Kubernetes incorrectly warns with "invalid ingress configuration" when using the "allow-http: false" annotation

On GKE, creating an Ingress with a managed certificate and disabling http as described in Disabling HTTP via the annotation: kubernetes.io/ingress.allow-http: "false" generates a warning:

GKE v1.17.8-gke.17:

kubectl version |grep Server
Server Version: version.Info{Major:"1", Minor:"17+", GitVersion:"v1.17.8-gke.17", GitCommit:"cd7ca396c79d2e8f3fdb06c6865549770091d431", GitTreeState:"clean", BuildDate:"2020-07-20T22:12:03Z", GoVersion:"go1.13.9b4", Compiler:"gc", Platform:"linux/amd64"}

Steps to reproduce:

$ kubectl get -n frontend ingress 
No resources found in frontend namespace.
$ grep allow app/store/cluster/in-scope/namespaces/frontend/ingress.yaml 
    kubernetes.io/ingress.allow-http: "false"
$ kubectl -n frontend apply -f .../ingress.yaml 
ingress.networking.k8s.io/frontend created
$ kubectl -n frontend describe ingress frontend
Name:             frontend
Namespace:        frontend
Address:          34.120.228.7
Default backend:  default-http-backend:80 (10.4.1.11:8080)
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           
              /*   frontend:80 (10.4.1.4:8080)
Annotations:  ingress.gcp.kubernetes.io/pre-shared-cert: mcrt-REDACTED
              ingress.kubernetes.io/backends: {"k8s-be-31403--REDACTED":"HEALTHY","k8s-be-31818--REDACTED":"HEALTHY"}
              ingress.kubernetes.io/https-forwarding-rule: k8s2-fs-888jw4sk-frontend-frontend-REDACTED
              ingress.kubernetes.io/https-target-proxy: k8s2-ts-888jw4sk-frontend-frontend-REDACTED
              ingress.kubernetes.io/ssl-cert: mcrt-REDACTED
              ingress.kubernetes.io/url-map: k8s2-um-888jw4sk-frontend-frontend-REDACTED
              kubernetes.io/ingress.allow-http: false
              kubernetes.io/ingress.global-static-ip-name: frontend-ext-ip
              networking.gke.io/managed-certificates: frontend
Events:
  Type     Reason  Age   From                     Message
  ----     ------  ----  ----                     -------
  Normal   ADD     97s   loadbalancer-controller  frontend/frontend
  Warning  Sync    54s   loadbalancer-controller  Error during sync: error running load balancer syncing routine: loadbalancer 888jw4sk-frontend-frontend-REDACTED does not exist: invalid ingress frontend configuration, please check your usage of the 'kubernetes.io/ingress.allow-http' annotation.
  Normal   CREATE  37s   loadbalancer-controller  ip: (REDACTED)

The warning message appears even when using the annotation as documented: " Warning Sync 54s loadbalancer-controller Error during sync: error running load balancer syncing routine: loadbalancer 888jw4sk-frontend-frontend-REDACTED does not exist: invalid ingress frontend configuration, please check your usage of the 'kubernetes.io/ingress.allow-http' annotation."

Contents of ingress.yaml:

$ cat app/store/cluster/in-scope/namespaces/frontend/ingress.yaml 
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: frontend
  annotations:
    kubernetes.io/ingress.global-static-ip-name: frontend-ext-ip
    kubernetes.io/ingress.allow-http: "false"
    networking.gke.io/managed-certificates: frontend
spec:
  rules:
  - http:
      paths:
        - path: "/*"
          backend:
            serviceName: frontend
            servicePort: 80

It does not appear to be related to the status of the ManagedCertificate:

$ kubectl -n frontend describe managedcertificates.networking.gke. frontend
Name:         frontend
Namespace:    frontend
Labels:       <none>
Annotations:  API Version:  networking.gke.io/v1beta2
Kind:         ManagedCertificate
Metadata:
  Creation Timestamp:  2020-08-12T18:35:56Z
  Generation:          4
  Resource Version:    443128
  Self Link:           /apis/networking.gke.io/v1beta2/namespaces/frontend/managedcertificates/frontend
  UID:                 REDACTED
Spec:
  Domains:
    store.REDACTED.com
Status:
  Certificate Name:    mcrt-REDACTED
  Certificate Status:  Active
  Domain Status:
    Domain:     store.REDACTED.com
    Status:     Active
  Expire Time:  2020-11-10T10:47:37.000-08:00
Events:         <none>

This is possibly related to #1001, however the WillNotConfigureFrontend event is not seen.

created time in 3 months

issue commentterrylinooo/githuber-md

When using LearnDash, posts of type "Question" can not be enabled to use markdown

It's related to the conditional here: https://github.com/terrylinooo/githuber-md/blob/40a2885250ff57e6555eeaf304b43b3c700809cc/src/Controllers/Setting.php#L151

From what I can tell, Questions are not public. I'm not sure of what a better conditional here is.

jmound

comment created time in 3 months

issue openedterrylinooo/githuber-md

When using LearnDash, posts of type "Question" can not be enabled to use markdown

First off, thank you very much for the excellent plugin!

Describe the bug

When using LearnDash (https://www.learndash.com/), there are a few custom post types created. In Githuber-md's settings, Markdown > Writing > Enable, almost all of the custom post types are listed. "Question" is not. It would help if that was possible.

To reproduce

Steps to reproduce the behavior:

  1. Install Learndash and githuber-md
  2. Click on .../wp-admin/options-general.php?page=githuber-md (settings for githuber-md)
  3. The list of post types does not include "Question"

Expected behavior

It's expected to be able to use markdown for all post types, including "Question"

Server environment

  • WordPress version [ 5.4.2 ]
  • WP Githuber MD plugin version [ e.g. 1.15.0 ]

created time in 3 months

more