When we update an resource using the API, we generially will first get the resource, and then update it, and put back the entire object, this can waste bandwidth and processtime for large resources. Another choice is we can use HTTP PATCH to send an json patch to the api server. There are two kinds of patch you can use, JSON PATCH and JSON Merge Patch. Both have cons and pros. ... Read More

Overview Dex is an openid provider, opensourced by CoreOS,it can be integrated with k8s, and it also can be integrated with OpenShift,here I will write how to setup the openid provider with openshift. Dex is not a user management system like ldap,saml,etc. but acts as a portal to other identity providers, it has different connectors that can be used to connect to different user management system, when you login use user/pass through the portal page of dex, it will generate an ID token for you. ... Read More

Keycloak is an powerful tools that can be used as openid provider and SAML auth provider, and here I will record how to integrate openshift with keycloak. First, download the keycloak from here Then, you neec setup the keycloak with https enabled, as openshift ask the openid provider to support https, see the openid spec here We will setup a standalone cluster and update the binding address, and we need generate the keystore for serve the https the standalone config file is at: standalone/configuration/standalone. ... Read More

Http handlers Processing HTTP requests with Go is primarily about two things: ServeMuxes and Handlers. A ServeMux is essentially a HTTP request router (or multiplexor). It compares incoming requests against a list of predefined URL paths, and calls the associated handler for the path whenever a match is found. Handlers are responsible for writing response headers and bodies. Almost any object can be a handler, so long as it satisfies the http. ... Read More

K8S support different kind of auth type, one of it’s auth type is Authenticating Proxy, this allow user to use it’s auth provider to do the authentication, after pass the auth, sent the use related info(username, group, extra info) using http request headers to k8s api server, the headers can be defined using: --requestheader-username-headers --requestheader-group-headers --requestheader-extra-headers-prefix New people to this area are not very familiar how to setup a auth proxy and integrated with k8s, so I wish this blog can help you guys. ... Read More