Manipulate your yaml file with yq

I like to play with bash shell especially when I have to manipulate template files of some sort on the go (dynamically). yq is a great tool I just figured out that can help me to generate SAM [1] template.yaml file based on some business logic. The great thing about yq is that I don't have to install it to be able to run it with the help of docker. So, add this to my bash script

yq(){ docker run --rm -i -v ${PWD}:/workdir mikefarah/yq yq $@ }
and than I can use yq as if I installed it, for example:

How to get the list of lambda functions filtered by runtime (or any other attrib) using aws-cli

Pretty easy. For example, if I want to get the list of lambda functions that use the nodejs8.10 runtime, I can do something like:

aws lambda list-functions --query 'Functions[?Runtime==`nodejs8.10`].[FunctionName]' --output text | tr '\r\n' ' '

Exclude a service from being auto sidecar injected by istio

As you may know, you can enable automatic sidecar injection for a specific namespace with istio:

kubectl label namespace ABC istio-injection=enabled

It means that every new service deployed in the ABC namespace will be injected with an Envoy sidecar. In case you don't want a specific service such as MyService to be controlled by Istio, you can set the annotation '' to 'false'. For example:


How to clean up Kong-Ingress-Controller

You can use this following shell script that I wrote a couple days ago to clean up Kong-Ingress-Controller:

"Searchlight for U" at the Korea&Vietnam OpenInfra User Group meetup

Last night, in a cozy conference room in Seoul, South Korea, I had had a very friendly meetup with the OpenStack Korea User Group with around ten or so people. I and Sa Pham, the Vietnam OpenInfra User Group representatives, were there to share our experiences on OpenStack and networking with others. This is not my first time with the Korea User Group but meeting people working on open source projects or want to learn about OpenInfra technologies made me super excited.

Like last time, I had a brief presentation about OpenStack Searchlight showing folks what was going on and my plan for the Ussuri development cycle. And, that is why the title of my talk is "Searchlight for U".

Even though in Train, I had not put much effort into Searchlight but while presenting people the progress, I was amazed how far we have gone. I had been Searchlight's PTL for two cycles and now one more time. Hopefully, I could move the project forward with some real-world adaptation, use cases, and…

A sample Flask app that uses Keycloak for user registration and OIDC authentication

I've spent a couple of days exploring Keycloak, Istio, and EKS. The result is a sample Flask app that has these following features:
User registration and authentication (OIDC) with KeycloakThe app can be running on a local machine, in a Docker container, or inside a service mesh within a Kubernetes cluster and Istio. In that case, Istio and Keycloak were deployed on an EKS cluster following this tutorial [1]. The sample app repository is here [2]. Below are the detail instructions to run the sample app.
PrerequisitesHave a Keycloak instance up and running and you know the admin user credentialsIf you want to deploy the app on a Kubernetes cluster with Istio installed, make sure you have admin privileges to the cluster. You also need to install istioctl. Run the application normally 1. Clone the repo, install the requirementsgit clone
cd keycloak_flask
virtualenv ~/keycloak_flask
source ~/keycloak_flask/bin/activate
pip install -r requiremen…

How to open a custom port on the istio-ingressgateway

By default, when you deploy istio on a Kubernetes cluster, it will create a load balancer name istio-ingressgateway [1]. That ingress gateway is a Kubernetes's LoadBalancer resource that helps handling incoming traffic into the mesh. You can check by running this command:

kubectl -n istio-system get service istio-ingressgateway

The istio-ingressgateway load balancer will open a number of ports such as 80, 443, etc. If you want to open a new port on the load balancer, you can do like the following:

1. Export the current configuration of the istio-ingressgateway

kubectl -n istio-system get service istio-ingressgateway -o yaml > istio_ingressgateway.yaml

2. Edit the istio_ingressgateway.yaml, add the new port you want, for example

nano istio_ingressgateway.yaml

  - name: myport
    nodePort: 31410
    port: 5000
    protocol: TCP
    targetPort: 5000

3. Apply the new configuration

kubectl apply -f istio_ingressgateway.yaml

4. Check if the new port running

kubectl describe svc istio-ingres…