Posts

Many candidates struggle to express their full potential during a technical interview. As the interviewer, your job is to let them shine. You will certainly look out for red flags, and your attention will naturally be drawn to their technical weak spots. But you’ll have to be intentional if you don’t want to overlook talent. Your job in a technical interview: prove that this very candidate is the best fit for the role. Of course they might not be, but the idea behind this approach is that if they are, you minimise the risk of not finding out. And if they are not, you will have given them a fair chance. ...

Cloud credentials in OpenShift-on-OpenStack are stored in a secret in the kube-system namespace. Rotating credentials entails: Create the new credentials in OpenStack Build a clouds.yaml with the new credentials Upload the new clouds.yaml to the Kubernetes secret Let the operators distribute the new secret. When using application credentials, this translates to: # Step 0: Get the current credentials for the cluster. Useful later to replace values # Step 1: Create the new credentials in OpenStack openstack application credentials create new-creds-1 # Step 2: Build a `clouds.yaml` with the new credentials. # Get the current credentials from OCP, and replace with the new values from Step 2. # Save as `c.yaml` for example. oc -n kube-system get secret openstack-credentials -o jsonpath='{.data.clouds\.yaml}' | base64 -d # Step 3: Upload the new `clouds.yaml` to the `openstack-credentials` secret oc set data -n kube-system secret/openstack-credentials clouds.yaml="$(<"c.yaml")" # Step 4: Enjoy. Automate clouds.yaml generation First, build a script that creates new application credentials and directly outputs a clouds.yaml based on a template. We asssume that the cloud in question is openstack, which is what you’ll find in the OpenShift secret. ...

My personal Bash styleguide. Headers The shebang tells our operating system what interpreter to use to execute the script. #!/usr/bin/env bash These options make the execution of our script more predictable: set -o errtrace set -o errexit set -o nounset set -o pipefail # or more concisely: set -Eeuo pipefail When a command in a script fails, the failure is ignored by default. With -E and -e, errors stop the execution of the script. ...

Do you use docker-compose to run your local development environment? Do you write your commands into a Makefile to protect your brain and your fingers from complex startup scripts? If so, then you know how painful it is to tell your service to wait for the database before starting. In a sane production environment, a service should always boot and patiently wait for the dependencies to become available, and signal their state through something like a readiness probe. ...

IAM stands for Identity and Access Management. It is the service that lets you manage authentication and authorization within your AWS account. Authentication and Authorisation in AWS are based on six building blocks1: Account, User, Group, Policy, Action and Role. Everything I write here, and much more, can be found in the AWS documentation. This post is nothing more than a quick introduction to get you started with the basics. ...

At work, I keep a todo list vaguely resembling a bullet-journal. +--------------+ | * Task | | x Completed | | > Migrated | | - Cancelled | +--------------+ ## 2019-05-27 x Version-pin deploy tooling x Build auth package * Replace Marco's deploy keys in the CI ## 2019-05-28 x Replace Marco's deploy keys in the CI * Write new ticket: failed logins on STG * Write new ticket: Create users for Kubectl * Investigate bug #123 ## 2019-05-29 x Write new ticket: Create users for Kubectl > Write new ticket: failed logins on STG Every working day, I open the file with my favourite editor, I add the date, and I report the unfinished items that I intend to work on. ...

I was happily playing with my shiny new prime-number-checker, trying out how loops work in C++. When I started entering stupidly big numbers, something strange happened. ./main Enter a number: 5784320578432578493207508493 Congratulations, it's prime! Except, that is not actually a prime number. I can’t have typed a prime number by randomly banging on the keypad. What’s going on? I didn’t code any input sanitization in my prime-number-checker, so let’s check what my program actually gets. I am now removing all the boring logic, and compiling this simple code: ...

My first steps: I have enrolled for a Pluralsight course I have installed a C++ syntax extension on my beloved editor. Discovery #1: Classes feel like language extensions In Go, primitive types are special. Some properties only apply to them; for example, there is no way of defining a behaviour for make(myType). Every primitive type brings its own built-in constructor, and custom types inherit the constructor from the primitive type they’re based on. If you want a new instance of your type to be any different than “the zero value for the underlying type”, then you have to declare a very explicit New function and write a compelling comment advocating its use. ...

A long time ago, I started programming with Python. Everything was great and I was happy. Then I discovered Go. Everything was fast and portable and powerful. This is my first day into learning C++. Why? A SQL metaphor I used to be contributor to an opensource Go database adaptor: something like an object-relational mapper. Back then, I was fascinated by the idea of abstracting away SQL from my applications. ...

Browsers let us save passwords and to retrieve them. This way, we can use strings too long and complex to be remembered. Some browsers, with or without the support of external password managers, generate new passwords for us and manage them seamlessly. However most of the time, everything regarding passwords is still based on the ability of the browser of guessing which input field contains a username, and which one contains a password. ...