Nicolas Massé

Running qemu-user-static with Podman

Tue, 10 Jun 2025 00:00:00 +0200

Recently, I had to run ARM64 containers on a customer’s x86 laptop. Easy, you might say: just install qemu-user-static on the laptop! And you also have a ready-made container on Docker Hub, just in case!

That’s it? Not so sure…

Behind the scenes at Open Code Quest: how I designed the Leaderboard

Tue, 05 Nov 2024 00:00:00 +0200

At the Red Hat Summit Connect France 2024 , I led a workshop for developers entitled “Open Code Quest”. In this workshop, developers had to code microservices using Quarkus, OpenShift and an Artificial Intelligence service: IBM’s Granite model. The workshop was designed as a speed competition: the first to complete all three exercises received a reward.

I designed and developed the Leaderboard which displays the progress of the participants and ranks them according to their speed. Was it easy? Well, not really, because I imposed a certain style on myself: using Prometheus and Grafana.

Follow me behind the scenes of Open Code Quest: how I designed the Leaderboard!

Behind the scenes at Open Code Quest: how I implemented the Leaderboard in Red Hat Advanced Cluster Management

Tue, 05 Nov 2024 00:00:00 +0200

After revealing the behind-the-scenes design of the Leaderboard for the “Open Code Quest” workshop during the Red Hat Summit Connect France 2024 , it’s time to delve deeper into its practical implementation!

In this article, I’m going to take you through the configuration of Red Hat Advanced Cluster Management as well as the various adaptations needed to connect the Leaderboard created earlier with the Open Code Quest infrastructure.

Come on board with me for this new stage, which is more technical than the previous one, as I had to get creative to wire up a very “conceptual” Grafana dashboard with the reality of OpenShift clusters!

Red Hat Open Demo: Mission impossible #1 - Stop the crazy Train with AI and Edge before it is too late!

Tue, 05 Nov 2024 00:00:00 +0200

On November 5, 2024, I presented a webinar named Mission impossible 1 : Stop the crazy Train with AI and Edge before it is too late with three colleagues: Adrien, Mourad and Pauline.

This webinar is the pinacle of ten months of hard work. In this article, I will give you an overview of the demo and you will be able to watch the replay in case you missed the live event.

Red Hat Summit Connect France 2024

Tue, 08 Oct 2024 00:00:00 +0200

On October 8, 2024, I took part in the Red Hat Summit Connect France 2024 event in a double role:

I was in charge of the Leaderboard for the Open Code Quest workshop and I acted as SRE for the platform of this workshop.
I was present on the RHEL stand to present our “Mission Impossible” demo with the Lego train.

Red Hat Open Demo: Red Hat Open Demo-Build multi-architecture CI/CD pipelines to run your apps in the cloud and at the Edge!

Thu, 05 Sep 2024 00:00:00 +0200

On September 5, 2024, I presented a webinar named Red Hat Open Demo-Build multi-architecture CI/CD pipelines to run your apps in the cloud and at the Edge!, based on the technology intelligence I have gone through in the past months.

Homelab: 2U server, short depth, with front IO, based on Ampere Altra and Asrock Rack ALTRAD8UD-1L2T motherboard

Fri, 21 Jun 2024 00:00:00 +0200

In March of this year, I decided to find a new server to host the family’s data (Jellyfin, Nextcloud, etc.), control the house with Home Assistant and run the VMs I need for my work. In this article, I detail my constraints and the construction of this server, based on an Ampere Altra CPU (ARM64 architecture).

Build multi-architecture container images with OpenShift, Buildah and Tekton on AWS

Thu, 02 May 2024 00:00:00 +0200

In 2022, I wrote an article on this subject named Build multi-architecture container images with Kubernetes, Buildah, Tekton and Qemu . The article described the configuration I had set up for my personal projects. It even went beyond its initial purpose as it has also been used by several colleagues at Red Hat who had the same need. While the configuration described in this previous article is still relevant, the approach is somewhat dated. With the increasing availability of ARM servers in the Cloud, I revisited the topic of building multi-architecture container images using the AWS cloud.

Red Hat Open Demo: From the ESP8266 to the OpenShift cluster: discover what Red Hat can offer for the Edge computing!

Tue, 04 Apr 2023 00:00:00 +0200

On April 4, 2023, I presented a webinar named From the ESP8266 to the OpenShift cluster: discover what Red Hat can offer for the Edge computing! with three colleagues: Adrien, Florian and Sébastien. This webinar showcases a lab that we built and delivered for the Red Hat Tech Exchange 2023 .

Red Hat Tech Exchange 2023

Fri, 03 Feb 2023 00:00:00 +0200

During the Red Hat Tech Exchange 2023 that took place in Dublin, I presented a Lab with a group of colleagues. The lab is named “From the ESP32 to the OpenShift cluster: discover what Red Hat can offer for the Edge computing!”. Through the common theme of “shipment tracking”, this lab helps you understand what Red Hat can offer for the Edge computing. In this lab, you are at the head of a “parcel shipment hub” and you deploys everything needed to:

Build multi-architecture container images with Kubernetes, Buildah, Tekton and Qemu

Wed, 24 Aug 2022 00:00:00 +0200

ARM servers are becoming mainstream (Ampere Altra server, Raspberry Pi SoC, etc.) and people start using them with containers and Kubernetes. While official Docker Hub images are built for all major architectures, the situation is less clear for other Open Source projects. It is possible to acquire an ARM server and use it to build container images, but it puts an additional constraint on the Continuous Integration chain. This article explores another option: build ARM container images on a regular x86 server, using Kubernetes, Buildah, Tekton and Qemu.

Deploy APIs from your CI/CD pipeline with the 3scale REST API

Mon, 26 Jul 2021 00:00:00 +0200

In the past years, I spent time (maybe too much) designing and implementing CI/CD pipelines around 3scale. This led to the birth of the threescale_cicd ansible role. I also helped on the design of the 3scale_toolbox and crafted a Jenkins shared library as well as sample CI/CD pipelines using the 3scale_toolbox. I had the opportunity to train colleagues and transmit this knowledge but I never took the time to set it down on paper.

Consistent DNS name resolution for virtual machines and containers

Wed, 09 Jun 2021 00:00:00 +0200

When developing on microservices, developers need to run a mix of software. Some of them running in containers, others in virtual machines, some others in the cloud and the rest on the developer’s workstation.

Microservices having a lot of connections between themselves in addition to technologies such as TLS or OpenID Connect implies DNS names to be consistent.

Consistent DNS names means that no matter if a client on the developer workstation, on a VM or on a container, trying to reach a server on the developer workstation, on a VM or on a container, the server DNS name must always be the same.

This article explains how to setup a developer workstation on Fedora, with Libvirt VMs and Podman containers and achieve consistent DNS name resolution.

Deploy OpenShift Single Node in KVM

Wed, 09 Jun 2021 00:00:00 +0200

Starting with version 4.8, OpenShift can now officially be installed on a single virtual machine (instead of three). This effectively lowers the resources requirements and open up new possibilities for home labs or developer workstations. This article explores how to deploy OpenShift Single Node (SNO) using KVM on your Fedora workstation.

How to size your projects for Red Hat's single sign-on technology

Mon, 07 Jun 2021 00:00:00 +0200

Red Hat’s single sign-on (SSO) technology is an identity and access management tool included in the Red Hat Middleware Core Services Collection that’s based on the well-known Keycloak open source project. As with other Red Hat products, users have to acquire subscriptions, which are priced according to the number of cores or vCPU used to deploy the product. This presents an interesting problem for pre-sales engineers like me. To help my customers acquire the correct number of subscriptions, I need to sketch the target architecture and count how many cores they need.

Using Podman Compose with Microcks: A cloud-native API mocking and testing tool

Thu, 22 Apr 2021 00:00:00 +0200

Microcks is a cloud-native API mocking and testing tool. It helps you cover your API’s full lifecycle by taking your OpenAPI specifications and generating live mocks from them. It can also assert that your API implementation conforms to your OpenAPI specifications. You can deploy Microcks in a wide variety of cloud-native platforms, such as Kubernetes and Red Hat OpenShift. Developers who do not have corporate access to a cloud-native platform have used Docker Compose.

How to run performance tests with K6, Prometheus and Grafana

Mon, 22 Feb 2021 00:00:00 +0200

K6 is a novel performance testing tool written in Go, using plain Javascript for the test definition and presenting the test results through Grafana. An existing article written in 2018 explains how to setup K6 with InfluxDB and Grafana, however Prometheus gained popularity over InfluxDB since then. Proper integration of K6 with Prometheus is a clear lack identified by the community. Here I explain how to integrate K6 with Prometheus using the existing StatsD support in K6, present the Grafana dashboard I built, and show how to use it. This integration fills a gap and provides a quick win for companies already using Prometheus.

Build your own distribution based on Fedora CoreOS

Wed, 25 Nov 2020 00:00:00 +0200

Fedora CoreOS is a new Linux distribution from the Fedora Project that features filesystem immutability (you cannot change the system while it is running) and atomic upgrades (you cannot break your system if there is a crash or power loss during the upgrade). Upon installation, Fedora CoreOS (FCOS) can be tailored to your needs using Ignition files. Once installed, you can install RPMs, tweak configuration files, etc.

This article tries to explore Fedora CoreOS customizability one step further by building your own distribution based on Fedora CoreOS. The idea would be to have everything wired in the Operating System image and minimal configuration in the Ignition file.

Use JMeter to assess software performances

Fri, 24 Jul 2020 00:00:00 +0200

One of my side projects (the Telegram Photo Bot), have some performance issues that I will have to tackle. I could have jumped into the code and changed something, hoping it will improve performances. But that would be ineffective and unprofessional. So, I decided to have an honest measure of the current performances as well as a reproducible setup to have consistent measures over time.

A cleanup playbook for 3scale

Tue, 28 Apr 2020 00:00:00 +0200

If you are running integration tests embedding 3scale or are doing a lot of 3scale demos, you might sooner or later have plenty of services declared in the 3scale Admin console, which could reveal difficult to work with. And with the new feature named API-as-a-Product, there are now Backends and Products to delete, making the cleanup by hand a bit tedious.

This article explains how to cleanup a 3scale tenant using Ansible.

Install Kubernetes operators in OpenShift using only the CLI

Fri, 24 Apr 2020 00:00:00 +0200

OpenShift 4 went all-in on Kubernetes operators: they are used for installation of the platform itself but also to install databases, middlewares, etc. There are more and more operators available on the Operator Hub. Most software now provide an operator and describe how to use it.

Nevertheless, almost every software documentation I read so far, includes the steps to install the operator using the nice GUI of OpenShift 4. But since my OpenShift environments are provisioned by a playbook, I want to be able to install operators using the CLI only!

Secure your OpenShift 4 cluster with OpenID Connect authentication

Fri, 17 Apr 2020 00:00:00 +0200

OpenShift, starting with the version 4, is installed with a temporary administrator account, kubeadmin. When searching for a definitive solution, it might be tempting to go for the very classical “login and password” prompt, backed by an htpasswd file. But this is yet another password to remember!

OpenShift can handle the OpenID Connect protocol and thus offers Single Sign On to its users. No additional password to remember: you can login to the OpenShift console with your Google Account for instance.

Configure Red Hat SSO for 3scale using the CLI!

Wed, 08 Apr 2020 00:00:00 +0200

3scale API Management can be used in conjunction with Red Hat SSO / Keycloak to secure APIs managed by 3scale using the OpenID Connect protocol.

The official documentation describes the steps to configure Red Hat SSO / Keycloak but it uses the Graphical User Interface, which can be tedious if you have multiple environments to configure. Let’s configure Red Hat SSO for 3scale using the CLI!

Install Miniflux on your Raspberry PI

Wed, 08 Apr 2020 00:00:00 +0200

In the article “Nginx with TLS on OpenWRT”, I explained how to install Nginx with TLS support on a Raspberry PI. But without an application to protect, Nginx is quite useless. This article explains how to install Miniflux (a lightweight RSS reader) on your Raspberry PI and how to host it as an Nginx virtual host.

Send mails on OpenWRT with MSMTP and Gmail

Wed, 08 Apr 2020 00:00:00 +0200

A previous article named “Install OpenWRT on your Raspberry PI” goes through the setup process to use OpenWRT on your Raspberry PI. As a consequence, you might now have a Raspberry PI running OpenWRT and full of services of which all your family relies on. With great power comes great responsibilities. So, you might want to be notified when something goes wrong, a cron job failed, a hard disk is dying, etc., so that you can fix the problem at earliest, maybe before anyone else could notice.

This article explains how to send mails on OpenWRT with MSMTP and a GMail account.

Secure your Raspberry PI with Keycloak Gatekeeper on OpenWRT

Sat, 28 Mar 2020 00:00:00 +0200

In the article “Nginx with TLS on OpenWRT”, I explained how to install nginx on a Raspberry PI running OpenWRT for hosting web applications. Some of the web applications that I installed on my Raspberry PI do not feature any authentication mechanism at all. No authentication means that anybody on the internet could reach those applications and play with them. This article explains how to secure applications running on a Raspberry PI with Keycloak Gatekeeper.

Use your Google Account as an OpenID Connect provider

Fri, 27 Mar 2020 00:00:00 +0200

We have passwords everywhere: to unlock our computer, to reach our inbox, to login as root on our Raspberry PI, etc. Unless you have a password vault to store your credentials securely, it is very difficult to keep all your credentials safe. With the OpenID Connect protocol, you can replace the individual passwords of every web application by a Google Login.

This article goes through all the steps to use your Google Account as an OpenID Connect provider and subsequent articles (check links at the bottom of this article) explain how to configure the different services and software to use your Google Account as an OpenID Connect provider.

Secure a Quarkus API with Keycloak

Tue, 17 Mar 2020 00:00:00 +0200

Quarkus is a Java stack that is Kubernetes native, lightweight and fast. Quarkus can be used for any type of backend development, including API-enabled backends. Keycloak is an open source Single Sign On solution that can be used to secure APIs.

In this article, I’m describing how to secure a Quarkus API with Keycloak using JWT tokens.

Install OpenWRT on your Raspberry PI

Thu, 19 Dec 2019 00:00:00 +0200

OpenWRT is a Linux distribution for embedded systems. It made design choices that take it apart from the usual Linux distributions: musl libc instead of the usual glibc, busybox instead of coreutils, ash instead of bash, etc. As a result, the system is very light and blazing fast!

Nginx with TLS on OpenWRT

Thu, 19 Dec 2019 00:00:00 +0200

In the article “Install OpenWRT on your Raspberry PI”, I explained how to install OpenWRT on a Raspberry PI and the first steps as an OpenWRT user. As I plan to use my Raspberry PI to host plenty of web applications, I wanted to setup a versatile reverse proxy to protect them all, along with TLS support to meet nowadays security requirements.

APIs as a Product: Get started in no time

Mon, 02 Dec 2019 00:00:00 +0200

In the previous article, APIs as a Product: Get the value out of your APIs, we presented a new approach called “APIs as a Product” to maximize the value of your APIs. In this article, we show how to quickly get started with APIs as a Product using the new features of Red Hat 3scale API Management 2.7. Continue reading

APIs as a Product: Get the value out of your APIs

Mon, 02 Dec 2019 00:00:00 +0200

APIs continue to spread, as seen in this 2019 report from ProgrammableWeb, which shows a 30% increase over last year’s growth rate. More regulations are enforcing the use of APIs to open up companies and foster innovation. Think of the Payment Services Directive version two (PSD2), open banking, and the public sector releasing 0pen data APIs. With such an abundance of APIs, it becomes increasingly crucial to get the value out of your APIs and differentiate yourself from the growing competition.

Airgap OpenShift Installation: move the registry created using oc adm release mirror between environments

Mon, 18 Nov 2019 00:00:00 +0200

Some customers, especially large banks, have very tight security requirements. Most of them enforce a complete disconnection of their internal networks from the Internet. When installing OpenShift in such environments (this is named “disconnected” or “airgap” installation), all the OpenShift images have to be fetched (thanks to oc adm release mirror) in a dedicated registry from a bastion host that is both on the internal network and on the Internet.

Ansible: Add a prefix or suffix to all items of a list

Mon, 18 Nov 2019 00:00:00 +0200

Recently, in one of my Ansible playbooks I had to prefix all items of a list with a chosen string.

Check the Ansible version number in a playbook

Mon, 18 Nov 2019 00:00:00 +0200

My Ansible playbooks sometimes use features that are available only in a very recent versions of Ansible.

To prevent unecessary troubles to the team mates that will execute them, I like to add a task at the very beginning of my playbooks to check the Ansible version number and abort if the requirements are not met.

Feed URLs for the most common CMS: Drupal, Wordpress, WiX and YouTube

Mon, 18 Nov 2019 00:00:00 +0200

If like me you are using an RSS reader to stay informed, there is nothing more frustrating than reading a website that does not advertise an RSS feed.

But since most website are based on commonly found CMS, it is highly probable the RSS feeds are there, just not advertised.

Deploying Miniflux on OpenShift

Sun, 17 Nov 2019 00:00:00 +0200

Miniflux is a minimalist, open source and opinionated RSS feed reader. There is a hosted instance available at a fair price point but wouldn’t it be cooler to host your own instance on your OpenShift cluster? Let’s do it!

Deploying Invidious on OpenShift

Sat, 16 Nov 2019 00:00:00 +0200

Invidious is an alternative frontend to YouTube that is slimmer, faster and at the same time offer more features than YouTube itself. And even more important: it’s Open Source!

There is a hosted instance at invidio.us if you want to give it a try. But, wouldn’t it be cooler to host your own instance on your OpenShift cluster? Let’s do it!

What is this 'Anonymous' policy configured by the 3scale toolbox?

Thu, 14 Nov 2019 00:00:00 +0200

In this article on the Red Hat Developer blog, I explained how to deploy an API from the CLI, using the 3scale toolbox. If you tried this approach by yourself you may end up, sooner or later, with a 3scale service including an Anonymous policy in its policy chain. What is this policy and why is it there? Let’s dig in!

What is this 'URL Rewriting' policy configured by the 3scale toolbox?

Thu, 14 Nov 2019 00:00:00 +0200

In this article on the Red Hat Developer blog, I explained how to deploy an API from a Jenkins Pipeline, using the 3scale toolbox. If you tried this approach by yourself you may have noticed that in some cases, the configured service includes the URL Rewriting policy in its Policy Chain.

TechWeek Société Générale 2019

Tue, 12 Nov 2019 00:00:00 +0200

On the 12th November 2019, I spoke at Société Générale for their TechWeek event on a session named “Accelerate and secure your API releases with Microcks”. The session was a one hour lab focusing on the design, mock and tests of REST APIs. The lab documents and source code are freely available!

Configure the TLS trust store in Apicurio Studio

Fri, 25 Oct 2019 00:00:00 +0200

Microcks and Apicurio are nice Open Source projects that can even talk to each other to deliver greater value than the sum of their parts.

Unfortunately, sometimes TLS certificates can get in the way of proper communication between the two projects. This post explains how to configure the trust store in Apicurio to overcome TLS communication issues between Apicurio and Microcks.

Red Hat Tech Exchange 2019

Mon, 21 Oct 2019 00:00:00 +0200

During the three Red Hat Tech Exchange sessions (Americas, EMEA and APAC), I presented two sessions: “Leverage the power of open source communities to manage your APIs” (full recording) “Complementing your Istio Service Mesh with 3scale and Fuse” (demo recording) The session Leverage the power of open source communities to manage your APIs has been the second best voted session in RHTE APAC! I received an award!

Running Red Hat SSO outside of OpenShift

Thu, 10 Oct 2019 00:00:00 +0200

In an article named Red Hat Single Sign-On: Give it a try for no cost!, I explained how to deploy Red Hat SSO very easily in any OpenShift cluster.

As pointed by a reader in a comment, as widespread OpenShift can be, not everyone has access to a running OpenShift cluster. So, here is how to run Red Hat SSO outside of OpenShift: using only plain Docker commands.

Webinar: Develop. Deploy. Deliver continuously.

Thu, 10 Oct 2019 00:00:00 +0200

On the 10th October 2019, I spoke at a Red Hat webinar on a session named “Simplify your API Strategy with Istio” where I showcased the integration between 3scale and Istio. For more information: https://www.redhat.com/en/events/webinar/develop-deploy-deliver-continuously

Red Hat Forum Helsinki 2019

Tue, 08 Oct 2019 00:00:00 +0200

On the 08th October 2019, I spoke at Red Hat Forum Helsinki on a session named “Agile Integration: Transforming Enterprises - Nothing happens until something is integrated”. For more information: https://events.redhat.com/profile/form/index.cfm?PKformID=0x65475abcd

Solving the Ansible error 'This module requires the OpenShift Python client'

Fri, 13 Sep 2019 00:00:00 +0200

If you are using MacOS to develop Operators based on Ansible or simply running Ansible playbooks straight from your Mac, you might encounter this error: This module requires the OpenShift Python client. When coping with this error message, two items need to be checked: The openshift python module needs to be installed using the pip command bundled with your Ansible. If you are not using the implicit localhost, your inventory needs to be updated.

Enable global policies on Apicast 3.6

Tue, 10 Sep 2019 00:00:00 +0200

Recent versions of Apicast have a pluggable policy mechanism to apply different treatments to each exposed API. This is very powerful since each service receives its specific configuration. However, if the same treatment has to be applied to every service exposed, it becomes an administration overhead.

Hopefully, Apicast has the concept of Global Policies that applies to every service exposed by itself.

Using the 3scale toolbox Jenkins Shared Library

Wed, 31 Jul 2019 00:00:00 +0200

In the previous article of this series, Deploy your API from a Jenkins Pipeline, we discovered how the 3scale toolbox can help you deploy your API from a Jenkins Pipeline on Red Hat OpenShift/Kubernetes. In this article, we will improve the pipeline from the previous article to make it more robust, less verbose, and also offer more features by using the 3scale toolbox Jenkins Shared Library. Continue reading

Deploy your API from a Jenkins Pipeline

Tue, 30 Jul 2019 00:00:00 +0200

In a previous article, 5 principles for deploying your API from a CI/CD pipeline, we discovered the main steps required to deploy your API from a CI/CD pipeline and this can prove to be a tremendous amount of work. Hopefully, the latest release of Red Hat Integration greatly improved this situation by adding new capabilities to the 3scale CLI. In 3scale toolbox: Deploy an API from the CLI, we discovered how the 3scale toolbox strives to automate the delivery of APIs.

3scale toolbox: Deploy an API from the CLI

Mon, 29 Jul 2019 00:00:00 +0200

Deploying your API from a CI/CD pipeline can be a tremendous amount of work. The latest release of Red Hat Integration greatly improved this situation by adding new capabilities to the 3scale CLI. The 3scale CLI is named 3scale toolbox and strives to help API administrators to operate their services as well as automate the delivery of their API through Continuous Delivery pipelines. Having a standard CLI is a great advantage for our customers since they can use it in the CI/CD solution of their choice (Jenkins, GitLab CI, Ansible, Tekton, etc.

5 principles for deploying your API from a CI/CD pipeline

Fri, 26 Jul 2019 00:00:00 +0200

At Red Hat, we strongly believe an API is not “just another piece of software.” Instead, we think an API is a software component in conjunction with: An interface to communicate with it. An ecosystem of consumers that communicate with this software. A relationship with developers consuming this API. An API is built, deployed, and managed not just with the usual methods; as a result, deploying your API from a CI/CD pipeline requires additional processes, tools, and skills.

One-liner to decode a Kubernetes secret (base64 encoded)

Fri, 07 Jun 2019 00:00:00 +0200

Creating a Kubernetes secret from a value is easy: $ oc create secret generic my-secret --from-literal=secretValue=super-secret secret/my-secret created But getting back this value (from a Shell script, for instance) is not so easy since it is now base64 encoded: $ oc get secret my-secret -o yaml apiVersion: v1 kind: Secret metadata: name: my-secret namespace: qlkube type: Opaque data: secretValue: c3VwZXItc2VjcmV0 Hopefully, since the latest versions of Kubernetes, there is now a one-liner to extract the field and base64 decode it:

Use QLKube to query the Kubernetes API

Fri, 07 Jun 2019 00:00:00 +0200

QLKube is a project that exposes the Kubernetes API as GraphQL. GraphQL is a data query and manipulation language for APIs developed initially by Facebook and released as open-source. It strives to reduce the chattiness clients can experience when querying REST APIs. It is very useful for mobile application and web development: by reducing the number of roundtrips needed to fetch the relevant data and by fetching only the needed field, the network usage is greatly reduced.

Red Hat Summit 2019

Wed, 08 May 2019 00:00:00 +0200

On the 8th May 2018, I spoke at Red Hat Summit on three sessions named: “Leverage the power of communities to manage your APIs” (demo recording) “Istio, the missing link in the evolution of your API strategy” (demo recording) “An APIcast policy in 15 minutes” (demo recording)

Manage your APIs deployed with Istio service mesh

Tue, 30 Apr 2019 00:00:00 +0200

With the rise of microservices architectures, companies are looking for a way to connect, secure, control, and observe their microservices. Currently, a service mesh such as Istio is the best option to reach this goal. Connect: Istio can intelligently control the flow of traffic between services, conduct a range of tests and upgrade gradually with blue/green deployments. Secure: Automatically secure your services through managed authentication, authorization, and encryption of communication between services.

Bash Snippet: Print a config file without comments

Tue, 23 Apr 2019 00:00:00 +0200

Logging in on a server, printing a configuration file and trying to find the relevant setting from thousands of comment lines. Sounds familiar?

Not that comments are useless in a configuration file but sometimes it’s handy to print a configuration file without the comment lines. Especially when the file is thousand lines long but the useful lines fit the twenty five lines of a standard terminal.

Devoxx France 2019

Fri, 19 Apr 2019 00:00:00 +0200

On the 19th April 2019, I spoke at Devoxx France on a session named “Une API, de l’idée à la production, en mode agile avec Red Hat !”. Pictures Attendees’ reaction For more information: https://cfp.devoxx.fr/2019/talk/OWQ-3436/Une_API,_de_l'idee_a_la_production,_en_mode_agile_avec_Red_Hat_!

Is my NTP daemon working?

Fri, 29 Mar 2019 00:00:00 +0200

If the time on your workstation or server is not stable, strange errors might appear, such as:

$ tar zxvf /tmp/archive.tgz
tar: my-file: time stamp 2019-03-28 14:04:45 is 0.042713488 s in the future

This can happen when your NTP daemon is not synchronized. This means it cannot reliably determine the current time.

Testing hard-drive or SSD performance on Fedora

Fri, 22 Mar 2019 00:00:00 +0200

If your Linux system appears to be slow, it might be an issue with your disks, either hard drive or SSD. Hopefully, with a few commands you can get an idea of the performances of your disks.

Bash Snippet: CLI World Clock

Mon, 18 Mar 2019 00:00:00 +0200

When working in a global organization, colleagues are all around the world! And thus answering to “What time is it in their timezone?” becomes a frequent task. I initially used an online service for this but it is cumbersome and requires me to leave my terminal.

Let’s meet the CLI World clock!

M4 as a replacement for sed

Fri, 15 Mar 2019 00:00:00 +0200

Writing a tutorial often involves to replace a placeholder in a file, such as: Replace FOO with the actual name of your image: sed 's|IMAGE_NAME|docker.io/foo/bar:latest|g' template.yaml |kubectl apply -f - But this approach has several drawbacks: If you have to replace multiple placeholders, the sed syntax becomes cumbersome. If the delimiter appears in your replacement string, you will have to find another delimiter (such as in the previous example where the usual slash has been replaced by a pipe to accomodate the slash in the image name).

Writing workshop instructions with Hugo and deploying in OpenShift

Wed, 27 Feb 2019 00:00:00 +0200

This is the third part of my series covering how to Write workshop instructions with Hugo. In this article, we will deploy our Hugo mini-training as a container in OpenShift.

Full API lifecycle management: A primer

Mon, 25 Feb 2019 00:00:00 +0200

APIs are the cornerstone of so many recent breakthroughs: from mobile applications, to the Internet of Things, to cloud computing. All those technologies expose, consume, and are built on APIs. And those APIs are a key driver for generating new revenue. Salesforce generates 50% of its revenue through APIs, Expedia generates 90% of its, and eBay generates 60% of its. With APIs becoming so central, it becomes essential to deal with full API lifecycle management.

Writing workshop instructions with Hugo, with variables in your content

Thu, 21 Feb 2019 00:00:00 +0200

This is the second part of my series covering how to Write workshop instructions with Hugo. In the first part, we saw how to:

bootstrap a website with Hugo
add content, organized in chapters and sections
customize the look and feel to be suitable for workshop instructions

For this second part, we will add variables to our content so that we can easily adjust the workshop instructions to different use cases.

Writing workshop instructions with Hugo

Wed, 20 Feb 2019 00:00:00 +0200

In my professional life, I often have to lead workshops with customers or partners. During those workshops, participants expect to be trained on a piece of technology or software.

I usually have to provision everything needed to deliver this training and write the training instructions. Those instructions are organized as a step-by-step guide with screenshots, text, verbatim sections, links, files to downloads, etc.

And maybe more important, those instructions have to be well organized, each step has to be clearly stated, identified and formatted. The progression needs to be logic and easy. At any time, the participant needs to know where he is, which steps he has completed and which steps remain.

And for the trainer, it has to be easy to maintain and collaborative.

Crafting support materials that can meet all those requirements is challenging. Slide decks could fit the participants needs but are very difficult to maintain for the trainer. Markdown documentation in a GIT repository are better for suited for maintenance and collaboration but is difficult to work with for the participants.

Hopefully Hugo can help us!

Red Hat Single Sign-On: Give it a try for no cost!

Thu, 07 Feb 2019 00:00:00 +0200

In a software world where each day is more hostile than the previous one, security matters and developers are coping with more and more non-functional requirements about security. The most common ones are the “OWASP Top 10”: the ten security risks that every developer should know. There are many more security risks you should care about, but those ten risks are the ones having the most impact on the security of your software.

Use Ansible to manage the QoS of your OpenShift workload

Wed, 06 Feb 2019 00:00:00 +0200

As I was administering my OpenShift cluster, I found out that I had a too much memory requests. To preserve a good quality of service on my cluster, I had to tacle this issue.

Using a public certificate with Red Hat Single Sign-On/Keycloak

Wed, 06 Feb 2019 00:00:00 +0200

When deploying Red Hat Single Sign-On/Keycloak for a test or a proof of concept, most users will choose to use a self-signed certificate as explained in the official documentation. The setup instructions are straightforward, but this self-signed certificate will trigger certificate error messages in your web browser and can also prevent some clients such as Postman from working properly. This article explains how to use a public certificate from Let’s Encrypt with Red Hat Single Sign-On.

Devoteam #TechForPeople 2018

Wed, 10 Oct 2018 00:00:00 +0200

The 10th Septembre 2018, I co-presented a session named “No API, No Future” in which I exhibited the Red Hat’s API Lifecycle Automation. The event #TechForPeople was organized by Devoteam.

Red Hat Tech Exchange 2018

Fri, 21 Sep 2018 00:00:00 +0200

From the 17th to 21th Septembre 2018, I co-presented two sessions: An API Journey: from mock to deployment, with Laurent Broudoux API Lifecycle Automation, with Manfred Bortenschlager For the session An API Journey: from mock to deployment, we received an award based on the amazing feedbacks from the public! We received our award, on-stage!

ADEO Summit 2018

Wed, 27 Jun 2018 00:00:00 +0200

On the 27th June 2018, I spoke at ADEO Summit on a session named “An API Journey: from Mock to Deployment workshop”. For more information: https://www.adeodevsummit.io/event/FA3w/an-api-journey-from-mock-to-deployment

Red Hat Summit 2018

Tue, 08 May 2018 00:00:00 +0200

On the 8th May 2018, I spoke at Red Hat Summit on a session named “Red Hat API management: Overview, security models, and roadmap” where I showcased our vision of “API Management as Code”. For more information: https://agenda.summit.redhat.com/SessionDetail.aspx?id=154928

APIDays 2017

Tue, 30 Jan 2018 00:00:00 +0200

On the 30th January 2018, I spoke at API Days on a session named “An API Journey: from Mock to Deployment workshop”. For more information: http://www.apidays.io/events/paris-2017

Red Hat Forum 2017

Wed, 11 Oct 2017 00:00:00 +0200

On the 11th October 2017, I spoke at Red Hat Forum on a session named “Gestion des API dans une démarche CI/CD”. For more information: https://www.redhat.com/fr/events/red-hat-forum-france-2017 Slide deck can be found here

Contact me

Mon, 01 Jan 0001 00:00:00 +0000

Do you need something from me ? For any inquiry about speaking, writing or engagement, you can contact me directly at my email address, on twitter at @nmasse_itix or on Bluesky at @nicolas.itix.fr. If you want to know more about my professional career, you can find it on Linkedin but I can also provide a current CV or biography upon request. If you are reaching out to me for one of my Open Source projects or one of my contributions, please open an issue in the relevant GitHub repository and mention @nmasse-itix.

Search

Mon, 01 Jan 0001 00:00:00 +0000