Hi,

I work as an open source software engineer at Red Hat.

Previously: healthcare administration, health-tech, fin-tech.

Hack: Rotate OpenShift clouds.yaml application credentials

Cloud credentials in OpenShift-on-OpenStack are stored in a secret in the kube-system namespace. Rotating credentials entails: Create the new credentials in OpenStack Build a clouds.yaml with the new credentials Upload the new clouds.yaml to the Kubernetes secret Let the operators distribute the new secret. When using application credentials, this translates to: # Step 0: Get the current credentials for the cluster. Useful later to replace values # Step 1: Create the new credentials in OpenStack openstack application credentials create new-creds-1 # Step 2: Build a `clouds....

March 16, 2023

Bash notes

My personal Bash styleguide. Headers The shebang tells our operating system what interpreter to use to execute the script. #!/usr/bin/env bash These options make the execution of our script more predictable: set -o errtrace set -o errexit set -o nounset set -o pipefail # or more concisely: set -Eeuo pipefail When a command in a script fails, the failure is ignored by default. With -E and -e, errors stop the execution of the script....

August 3, 2022

Run in docker-compose, wait for the database

Do you use docker-compose to run your local development environment? Do you write your commands into a Makefile to protect your brain and your fingers from complex startup scripts? If so, then you know how painful it is to tell your service to wait for the database before starting. In a sane production environment, a service should always boot and patiently wait for the dependencies to become available, and signal their state through something like a readiness probe....

June 25, 2019

A short introduction to AWS IAM, including Roles

IAM stands for Identity and Access Management. It is the service that lets you manage authentication and authorization within your AWS account. Authentication and Authorisation in AWS are based on six building blocks1: Account, User, Group, Policy, Action and Role. Everything I write here, and much more, can be found in the AWS documentation. This post is nothing more than a quick introduction to get you started with the basics....

June 22, 2019

My first Rust project

At work, I keep a todo list vaguely resembling a bullet-journal. +--------------+ | * Task | | x Completed | | > Migrated | | - Cancelled | +--------------+ ## 2019-05-27 x Version-pin deploy tooling x Build auth package * Replace Marco's deploy keys in the CI ## 2019-05-28 x Replace Marco's deploy keys in the CI * Write new ticket: failed logins on STG * Write new ticket: Create users for Kubectl * Investigate bug #123 ## 2019-05-29 x Write new ticket: Create users for Kubectl > Write new ticket: failed logins on STG Every working day, I open the file with my favourite editor, I add the date, and I report the unfinished items that I intend to work on....

June 1, 2019

Learning C++, day three: Integer overflow

I was happily playing with my shiny new prime-number-checker, trying out how loops work in C++. When I started entering stupidly big numbers, something strange happened. ./main Enter a number: 5784320578432578493207508493 Congratulations, it's prime! Except, that is not actually a prime number. I can’t have typed a prime number by randomly banging on the keypad. What’s going on? I didn’t code any input sanitization in my prime-number-checker, so let’s check what my program actually gets....

May 7, 2019

Learning C++, day two

My first steps: I have enrolled for a Pluralsight course I have installed a C++ syntax extension on my beloved editor. Discovery #1: Classes feel like language extensions In Go, primitive types are special. Some properties only apply to them; for example, there is no way of defining a behaviour for make(myType). Every primitive type brings its own built-in constructor, and custom types inherit the constructor from the primitive type they’re based on....

May 5, 2019

Learning C++, day one

A long time ago, I started programming with Python. Everything was great and I was happy. Then I discovered Go. Everything was fast and portable and powerful. This is my first day into learning C++. Why? A SQL metaphor I used to be contributor to an opensource Go database adaptor: something like an object-relational mapper. Back then, I was fascinated by the idea of abstracting away SQL from my applications....

May 4, 2019

Credential Management API for passwords

Browsers let us save passwords and to retrieve them. This way, we can use strings too long and complex to be remembered. Some browsers, with or without the support of external password managers, generate new passwords for us and manage them seamlessly. However most of the time, everything regarding passwords is still based on the ability of the browser of guessing which input field contains a username, and which one contains a password....

January 10, 2019

The Go 1.11 web service Dockerfile

Build with Modules, Ship from Scratch If you use dep, check out this post instead. Goals: The application executable is compiled inside a container, in order to boost reproducibility The resulting image must be as small as possible The application must run in a container as secure as possible: an unprivileged user in a minimal environment The application must be able to make HTTPS calls It is a multistage Dockerfile: the first throwaway stage is used for building, while the final image will only contain the compiled binary executable....

November 5, 2018