2024/03/01
Following on the first Keycloak mTLS entry, this post builds on top of it to not just be able to authenticate in an mTLS connection using the client’s certificate and key directly in the connection against Keycloak; but also being able to do so when the client is separate from Keycloak by multiple hops, e.g. when there is one or more intermediate servers, like an API gateway.
(...)
2024/02/08
Mutual TLS (mTLS) is required for more strict networks, such as production or Zero-Trust networks deployment. This entry aims at documenting how that can be achieved using Keycloak.
(...)
2022/03/03
This post gathers some information on how to deploy a Docker-based Nginx reverse proxy, acting as a gateway for requests. Depending on the requested endpoint, it will steer traffic either to a REST service (i) running in the same Docker network; or (ii) running remotely. Both services are protected with BasicAuth.
(...)
2021/06/28
Deploying a multi-node k8s cluster (e.g., multiple workers) while following the official Kubernetes instructions (i.e., not using options such as Minikube or frameworks like Rancher) can easily lead to networking errors. Furthermore, if using Vagrant for that task, there is also another network-related consideration to bear in mind for multi-node setups.
(...)
2021/04/18
Whilst the Kubernetes dashboard is directly setup by environments and tools like Minikube, when setting a Kubernetes instance from scratch, this must be manually enabled.
(...)
2020/09/25
In some specific setups you might need to retrieve the Fully Qualified Domain Name (FQDN) from a given site. In other words, this is usually the DNS entry to which a given HTTPS-exposed service (running in a given IP) is bound. For instance, you may need to obtain the FQDN from your local IP, so that you can return absolute endpoints to a third-party application that will load some resource externally.
(...)
2020/08/05
The tips here documented come from the implementation of a Control Plane following the P4Runtime specification (v1.2.0). Comments and sample implementations are given for C++.
(...)
2020/05/12
Setting up a CI/CD on a stack that is deployed on different enviroments may lead you to use different sets of configurations for each environment. You could track these in separate private repositories or do that in a public one, which is accessible to end users as well, who will be able to 1) set up the same environment as you, without the need of sharing a Docker image, and 2) letting them customize their setup.
This post describes how to implement a basic Bash deployment set of scripts (tested in Ubuntu and CentOS) that allows you to define all your environment variables (i.e., configurations that change across environments, sensitive information, etc) and directly apply these to your templated files; thus allowing you to track and share the templates and keeping the generated configuration files only in your specific environment.
(...)
2020/04/16
When installing gRPC and its C++ bindings directly on the environment, the installation of the dependencies led to incompatible installations in the same environment. If you encounter such difficulties and you need a simple working C++-based environment to generate some binaries, you may try using the following Dockerfile.
(...)
2020/03/22
When using Atlassian’s Bamboo as your CI/CD pipeline, you may want to integrate the SonarQube analysis to be triggered from the plan; whether in an automatic or manual way as one of the stages in your pipeline. Note that this assumes that the SonarQube plan (e.g., named “project-name”) is already created and configured, and it also expects your project to use Gradle.
This entry will allow you to have a single plan in Bamboo where you can see the analysis for both the base branch (e.g, “master” or “develop”) and the delta difference (and current state) of many other multiple branches (e.g., for features). A case where this is useful are Pull Requests, where the best interest is not to introduce further possible bugs, vulnerabilities, code smells or duplications.
(...)
2020/03/02
Although relatively straightforward, compiling and selecting the Linux headers is too manual and is only partially explained at several different documents in the codebase. This entry provides some guidelines and also scripts to automate a bit the process. Find the complete script at the bottom.
(...)
2019/10/13
When using OpenStack, the nova-scheduler service is the one picking the specific host where a new VM (or instance) will be deployed.
Yet, sometimes you do not want this to happen. Maybe a specific host in your availability zone and/or cluster is configured in such a way that you would still prefer to have the new instance running there – even at the cost of over-provisioning.
(...)
2019/08/22
When using Docker-compose, an operator may want to run a subset of containers altogether, forming a comprehensive service in a single file. Some of such containers may depend on others, as in the typical cases of a GUI depending on the API or, also, an API depending on the DB.
Below you can find the typical way to enforce the order at which the Docker containers are started and run. This is based on some pre-defined conditions.
(...)
2019/08/06
P4 is the acronym used to refer to Programming Protocol-independent Packet Processors. This language allows developing the logic of the data plane in a compliant device; explicitly defining the logic to process a packet in each of the stages, or pipelines, of the device.
Such is the freedom to implement the processing that it is possible for the developer to define any new format that suits the specific networking protocol to be tested: in the end, and speaking broadly; every parsing process takes a serialised information from the network and reconstructs it into an object that is parsed for processing – and the way around, every deparsing takes back the packet with the new format into a serialised stream in the wire.
(...)
2019/04/04
As any other language supporting web frameworks, Java (and specifically the Java API for RESTful services, javax.ws) provides tools to define REST APIs in a very convenient way. Among these APIs, it is common to operate with data in JSON.
This post provides a sample (non-comprehensive, non-working example that you may need to adapt) of a REST endpoint that consumes some JSON structure and produces an output in the same format.
(...)
2019/03/25
The Spring web framework allows Java developers to define a web-based application in a relatively easy way. Multiple features are provided to that matter: XML and Java-like configurations, handling the initialisation of a web application more easily, managing the data via controllers and so on.
This post documents how to define custom errors, for instance those with custom 404/not-found error pages. The information below is taken from my own experience and answer in StackOverflow.
(...)
2018/04/18
Linux Containers (LXC) provide tools to operate on individual containers., as any other sort of (let’s put it this way) “virtualised processing environments”, bind their interfaces to other interfaces in the hosting server; so that traffic between the virtual environment and its host is allowed. This procedure is typically automated by the hypervisor or any other set of automated scripts. In this case, detecting and removing any leftover is needed.
(...)
2018/03/11
Linux Containers (LXC), as any other sort of (let’s put it this way) “virtualised processing environments”, bind their interfaces to other interfaces in the hosting server; so that traffic between the virtual environment and its host is allowed. This procedure is typically automated by the hypervisor or any other set of automated scripts. In this case, detecting and removing any leftover is needed.
(...)
2017/11/24
Ansible provides a good balance between features and lower complexity, compared to other deployment configuration tools like Puppet. The Ansible docs are typically a good source for information, yet some information or examples on specific (common) procedures seems to be missing. The following describes some of them.
(...)
2017/11/11
Say you have a method that uploads a file via POST (-F) to a specific endpoint in a REST API (here, using Flask). Now, you want to add some logic to this process before POSTing the file, but without modifying the original API. So you create an intermediate REST API. How to allow POSTING the file through this intermediate API?
(...)
2017/09/25
With Swagger, the definition of the API is typically assumed to be hosted remotely. This small guide extends on community-based solutions to offer a minimal solution that parses locally hosted API specifications with Swagger.
(...)
2017/09/17
This post intends to provide basic guidelines on SSH tunneling (here, local port forwarding), double SSH hop and double or proxied “SCP hop”.
(...)
2017/09/13
Flask is a lightweight web server used for development-like solutions. Even so, some may wish to serve HTTPS requests, and even to validate both identities at the end of the connection. Such validation is typically performed by production servers like Apache or Nginx, but Flask also allows it.
(...)
2017/07/15
Every collaborative development project leverages on a set of tools to facilitate some or all of the development, integration, testing and deployment stages. This document explains how to set-up a simple Continuous Integration and Continuous Delivery environment using part of the Atlassian stack (JIRA, Bitbucket, Bamboo) and Slack.
(...)
2017/06/11
Although complexity of algorithms is a theoretical subject that is 99.9% of the time not used in real world, it is worth to refresh knowledge on it. Classifying the behaviour of an implemented algorithm can come in hand when analysing performance issues or designing more efficient algorithms.
(...)
2017/06/02
Software-Defined Networking scenarios are typically defined as a sandbox or testbed so as to assess SDN controllers or new applications. Most of the times, this is defined in a virtual fashion, virtualising the physical infrastructure. This document focuses instead of real hardware deployment.
(...)
2017/02/25
The Jekyll site generator is a simple way to create static pages. It runs in Ruby and makes use of markdown-like style and of Liquid-based templates. Jekyll is integrated with GitHub, so different themes and gems can be chosen.
(...)
2015/10/13
Git hooks are undoubtedly useful and convenient to integrate with many other tools. One of the tasks I had in mind was to configure Jenkins in a proper way so as to receive notifications from pushes in GitHub and use those to do an internal process – in this specific case, triggering a merge between every modified branch and the master one.
(...)
2015/09/09
It is already some time since I first started a coding project to provide a tool that easily generates Debian or RedHat packages. This project is at a somewhat debatable stable state, with instructions and examples on different README files, and also a step-by-step guide in the wiki.
(...)
2015/03/16
For almost a year now, I have had the opportunity to work with a small network of machines part of a high-speed network and publicly facing the Internet - thus consequently reachable by everyone. During the last quarter of the previous year (around November 2014) and the first quarter of the current one (around February 2015), these machines were targeted by Chinese attackers. They gained access to some of the machines, probably by brute-force attacks via SSH, and placed a couple of binaries that infected the machine to -I assume- send continuous traffic to a set of targeted locations.
(...)
2014/09/22
One of the basic issues any software developer or maintainer may face at some point is how to provide the software such that it can be installed and run from anywhere. Most people probably prefer a system where the configuration constraints for each software are as minimum as possible.
(...)
2014/09/21
As a Django/Python developer or maintainer, you may need at some point to upgrade one of your legacy applications or tools to a more recent or complete version of the framework. This was our case, as one of our stacks was written in Python2.6 and leveraged on Django 1.2.3. We required (1) a smooth migration and (2) provide backwards compatibility with 1.2.
(...)
Carolina Fernández
Technical guides, publications and snippets for easy deployment and development