Articles
Implémenter le motif de conception 'Strangler Fig' dans OpenShift
Le motif de conception Strangler Fig a été documenté par Martin Fowler en 2004. Il fait référence à un arbre nommé le “figuier étrangleur” qui s’appuie sur son hôte pour ses premières années de vie, jusqu’à ce que ses racines touchent le sol. Il peut ainsi se nourrir et grandir de manière autonome. Son hôte sert alors de support et finit par mourir “étranglé”. C’est une analogie avec la ré-ingénierie d’un système en production: les composants d’un monolithe sont réécrits un à un, sous forme de micro-services, à coté du système existant. Les composants du monolithe sont alors remplacés au fil de l’eau par leur équivalent micro-service. Une fois tous les composants du monolithe remplacés, il peut alors être décommissionné. La question qui m’a été posée est: est-il possible d’implémenter ce motif à l’aide des outils et fonctions d’OpenShift ? Continuer la lecture
Build your own distribution based on Fedora CoreOS
Fedora CoreOS is a new Linux distribution from the Fedora Project that features filesystem immutability (you cannot change the system while it is running) and atomic upgrades (you cannot break your system if there is a crash or power loss during the upgrade). Upon installation, Fedora CoreOS (FCOS) can be tailored to your needs using Ignition files. Once installed, you can install RPMs, tweak configuration files, etc. This article tries to explore Fedora CoreOS customizability one step further by building your own distribution based on Fedora CoreOS. The idea would be to have everything wired in the Operating System image and minimal configuration in the Ignition file. Continuer la lecture
Use JMeter to assess software performances
One of my side projects (the Telegram Photo Bot), have some performance issues that I will have to tackle. I could have jumped into the code and changed something, hoping it will improve performances. But that would be ineffective and unprofessional. So, I decided to have an honest measure of the current performances as well as a reproducible setup to have consistent measures over time. Continuer la lecture
A cleanup playbook for 3scale
If you are running integration tests embedding 3scale or are doing a lot of 3scale demos, you might sooner or later have plenty of services declared in the 3scale Admin console, which could reveal difficult to work with. And with the new feature named API-as-a-Product, there are now Backends and Products to delete, making the cleanup by hand a bit tedious. This article explains how to cleanup a 3scale tenant using Ansible. Continuer la lecture
Install Kubernetes operators in OpenShift using only the CLI
OpenShift 4 went all-in on Kubernetes operators: they are used for installation of the platform itself but also to install databases, middlewares, etc. There are more and more operators available on the Operator Hub. Most software now provide an operator and describe how to use it. Nevertheless, almost every software documentation I read so far, includes the steps to install the operator using the nice GUI of OpenShift 4. But since my OpenShift environments are provisioned by a playbook, I want to be able to install operators using the CLI only! Continuer la lecture
Secure your OpenShift 4 cluster with OpenID Connect authentication
OpenShift, starting with the version 4, is installed with a temporary administrator account, kubeadmin. When searching for a definitive solution, it might be tempting to go for the very classical “login and password” prompt, backed by an htpasswd file. But this is yet another password to remember! OpenShift can handle the OpenID Connect protocol and thus offers Single Sign On to its users. No additional password to remember: you can login to the OpenShift console with your Google Account for instance. Continuer la lecture
Configure Red Hat SSO for 3scale using the CLI!
3scale API Management can be used in conjunction with Red Hat SSO / Keycloak to secure APIs managed by 3scale using the OpenID Connect protocol. The official documentation describes the steps to configure Red Hat SSO / Keycloak but it uses the Graphical User Interface, which can be tedious if you have multiple environments to configure. Let’s configure Red Hat SSO for 3scale using the CLI! Continuer la lecture
Install Miniflux on your Raspberry PI
In the article “Nginx with TLS on OpenWRT”, I explained how to install Nginx with TLS support on a Raspberry PI. But without an application to protect, Nginx is quite useless. This article explains how to install Miniflux (a lightweight RSS reader) on your Raspberry PI and how to host it as an Nginx virtual host. Continuer la lecture
Send mails on OpenWRT with MSMTP and Gmail
A previous article named “Install OpenWRT on your Raspberry PI” goes through the setup process to use OpenWRT on your Raspberry PI. As a consequence, you might now have a Raspberry PI running OpenWRT and full of services of which all your family relies on. With great power comes great responsibilities. So, you might want to be notified when something goes wrong, a cron job failed, a hard disk is dying, etc., so that you can fix the problem at earliest, maybe before anyone else could notice. This article explains how to send mails on OpenWRT with MSMTP and a GMail account. Continuer la lecture
Secure your Raspberry PI with Keycloak Gatekeeper on OpenWRT
In the article “Nginx with TLS on OpenWRT”, I explained how to install nginx on a Raspberry PI running OpenWRT for hosting web applications. Some of the web applications that I installed on my Raspberry PI do not feature any authentication mechanism at all. No authentication means that anybody on the internet could reach those applications and play with them. This article explains how to secure applications running on a Raspberry PI with Keycloak Gatekeeper. Continuer la lecture