This article explains how to implement an ngnix ingress authentication (basic http auth) mechanism for securing your kubernetes (k8s) application endpoints using the credentials stored in hashicorp vault. This can be achieved easily by writing a simple http auth (python-flask) app that talks with the vault. The workflow for custom authentication is explained well in this article.

The basic idea to is modify the opensource httpbin app by adding a new endpoint such as vault-auth. The code this endpoint is going to basic-auth except the http auth credentials will be validate against hashicorp vault instead of the passed parameters. The modified code can then be deployed as a container and as an auth service in your kubernetes cluster.

All the applications whose ingress endpoints need to be secured have to add the following line to their ingress deployment yaml

nginx.ingress.kubernetes.io/auth-url: http://auth.default.svc.cluster.local/vault-auth/x/y

Where auth.default.svc.cluster.local is the service that is running the modified httpbin app

I joined the Webex Storage IAAS (infrastructure as a service) group three weeks ago after a stint of three and half years at Nuage. I had a great experience at Nuage, especially during my first two years during which I got to work quite a bit on Openstack, Vmware cloud, Kubernetes and Openshift. I was super fortunate to make lots of opensource contributions during this period and I think that really helped in getting my new job at Cisco.

At Cisco I am part of the Storage team and really excited to back in the storage domain after learning a lot about networking in last four and half years.

I recently started working on a big C project at Nuage. I have worked in C at Netapp for 9 years and was looking forward to this new work as result. Man, I am so glad so be able to program in C again. I was also happy to realize that my C chops are still quite good.

However having worked with Java/Python for past 2 – 3 years and being used to the awesome Intellij IDE, I really wasn’t enjoying working with vim again. My complaints about vim were two fold. First writing code in C is quite verbose, especially for the low level stuff I was working on. (I really missed Java’s awesome collection library and stream API. Those things made writing software such a joy). The second complaint about vim is lack of auto completion, which makes the first problem all the more worse.

I tried overcoming this problem by using the YouCompleteMe plugin for vim but it wasn’t working quite well with my C project. (C projects do not have a standard way to compile and build, each one of them has a different way of building things). Initially the auto-completion with YouCompleteMe really sucked, until I discovered the bear tool. The bear tool lets you generate a compilation database for your project (You just prepend your make command with bear) and once this is done, autocompletion worked as charm in Vim. Morever YouCompleteMe dynamically complies the C file so, I get syntax errors while writing the code itself. What a timesaver and productivity booster.

Have started learning Clojure using the awesome book Clojure for the brave and true and am really loving it. I plan to continue experimenting with the language while solving some of the problems from the Project Euler. I have already started solving some of the problems using Python and my solutions are available on my github page.

I always wanted to contribute to some major Opensource project since my engineering student days (more that 10 years ago). In those days I was looking to contribute the Linux kernel project but never did I get a chance.

Howpever as part of my work for Nuage, I have been (finally) able to contribute to Opensource projects. Specifically I have contributed to the following Opensource projects

• Openstack Puppet Neutron
• Openshift Ansible
• Openstack Fuel Plugin for Nuage

For the past few weeks I have been working with Containers (specifically docker) for my work on Redhat Openshift. I was able to make a number of contributions to the Openshift Ansible toolkit as part of my work on the Openshift platform for Nuage. Has been super fun.

However what really excites me about my current work is that I have also started using Golang for my work and am really liking it. I find Go to be a crossbreed of Python and C and I think it makes sense to use Golang instead of C++. To be fair I haven’t worked with C++ to write any production code but consider myself fortunate for avoiding that pain.

It’s been a while that I 3D printed anything. Have been really busy after joining Nuage . However today I decided to print something on my printer since Tanu’s cousin is here and he wanted to see how 3d printing work. However I had to calibrate my 3d printer before I could use it, so used the calibration circuit that I had designed to easy the process. The design is open source and is shown below

The confusion started right at the united airlines gate at the Newark airport. We had to stand In line twice, once to get our passport checked and once to board our flight. Again while boarding the flight we had of our passport ready.

Once we landed in movie, the immigration was a breeze. Getting home using a cab was equally easily as well. No hassles at all. I am just hoping that my kids don’t fall sick during this short trip.

Have been using vijava for one of my projects recently.  It’s a fairly decent Java wrapper over Vmware’s web services API. However there are some very basic Java bugs with the library, for example the VirtualEthernetCard class does not override the equals methods (really!!!). This has been causing me a pain while comparing two Sets of VirtualEthernetCard objects. I wish the author had followed the rules mentioned in the awesome book “Effective Java“.

One of the important reasons I love Mac for development work is the amazing iTerm app. Now you can get iTerm like look and feel on Linux by installing the Monaco font and setting it as the default font for the terminal application on Linux.