merge the itix-theme branch

.gitignore

@@ -1,2 +1,4 @@
 public
 .DS_Store
+resources
+

.gitmodules

@@ -1,8 +1,3 @@
-[submodule "themes/cocoa"]
-	path = themes/cocoa
-	url = https://github.com/nmasse-itix/cocoa-hugo-theme.git
-	branch = nmasse-itix
-[submodule "themes/diary"]
-	path = themes/diary
-	url = https://github.com/nmasse-itix/hugo-theme-diary.git
-	branch = www.itix.fr
+[submodule "themes/itix"]
+	path = themes/itix
+	url = https://github.com/nmasse-itix/hugo-theme-itix.git

archetypes/default.md

@@ -0,0 +1,18 @@
+---
+title: "{{ replace .Name "-" " " | title }}"
+date: {{ .Date }}
+description: ""
+opensource:
+- project1
+topics:
+- topic1
+resources:
+#- src: '*.yaml'
+#- src: '*.png'
+---
+
+Headline.
+
+<!--more-->
+
+Main content here.

config.toml

@@ -1,71 +0,0 @@
-baseURL                = "https://www.itix.fr/"
-languageCode           = "en-us"
-title                  = "Nicolas Massé"
-author                 = "Nicolas Massé"
-theme                  = "diary"
-pygmentsUseClasses     = true
-pygmentsCodefences     = true
-enableRobotsTXT        = true
-
-[taxonomies]
-opensource             = "opensource"
-topic                  = "topics"
-tags                   = "tags"
-
-[params]
-include_rss            = true
-latestpostscount       = 10
-i18n_flags             = true
-author                 = "Nicolas Massé"
-description            = "Nicolas Massé's blog"
-github                 = "//github.com/nmasse-itix"
-px500                  = "//500px.com/nmasse"
-linkedin               = "//linkedin.com/in/nicolasmasse"
-#selfintro              = "TODO intro"
-twitter                = "//twitter.com/nmasse_itix"
-gravatar               = "006617bcd9aae1a019e1f923c8bd69e0"
-#faviconfile            = "images/favicon.ico"
-
-[menu]
-
-[[menu.main]]
-name                   = "Home"
-weight                 = 10
-identifier             = "home"
-url                    = "/"
-
-[[menu.main]]
-name                   = "Biography"
-weight                 = 20
-identifier             = "biography"
-url                    = "/biography/"
-
-[[menu.main]]
-name                   = "Blog"
-weight                 = 30
-identifier             = "blog"
-url                    = "/blog/"
-
-[[menu.main]]
-name                   = "Open Source"
-weight                 = 35
-identifier             = "opensource"
-url                    = "/opensource/"
-
-[[menu.main]]
-name                   = "Speaking"
-weight                 = 40
-identifier             = "speaking"
-url                    = "/speaking/"
-
-[[menu.main]]
-name                   = "Writing"
-weight                 = 50
-identifier             = "writing"
-url                    = "/writing/"
-
-[[menu.main]]
-name                   = "Contact"
-weight                 = 60
-identifier             = "contact"
-url                    = "/contact/"

config.yaml

@@ -0,0 +1,74 @@
+baseURL: "/"
+title: "Nicolas Massé"
+author: "Nicolas Massé"
+theme: "itix"
+# pygmentsUseClasses implies a style sheet that can be generated as follow:
+# hugo gen chromastyles --style=borland > static/css/chroma.css
+pygmentsUseClasses: true
+pygmentsCodefences: true
+enableRobotsTXT: true
+
+defaultContentLanguage: "en"
+languages:
+  en:
+    weight: 1
+    languageName: English
+    contentDir: content/english
+    menu:
+      main:
+      - name: "Articles"
+        weight: 10
+        url: "/blog/"
+      - name: "Open Source"
+        weight: 20
+        url: "/opensource/"
+      - name: "Expertise"
+        weight: 30
+        url: "/topics/"
+      - name: "Speaking"
+        weight: 40
+        url: "/speaking/"
+      - name: "Writing"
+        weight: 50
+        url: "/writing/"
+      - name: "Contact"
+        weight: 60
+        url: "/contact/"
+      - name: "Resume"
+        weight: 70
+        url: "https://www.linkedin.com/in/nicolasmasse/"
+  fr:
+    weight: 2
+    languageName: Français
+    contentDir: content/french
+    menu:
+      main:
+      - name: "Articles"
+        weight: 10
+        url: "/fr/blog/"
+      - name: "Open Source"
+        weight: 20
+        url: "/fr/opensource/"
+      - name: "Expertise"
+        weight: 30
+        url: "/fr/topics/"
+      - name: "Conférences"
+        weight: 40
+        url: "/fr/speaking/"
+      - name: "Publications"
+        weight: 50
+        url: "/fr/writing/"
+      - name: "Me contacter"
+        weight: 60
+        url: "/fr/contact/"
+      - name: "CV"
+        weight: 70
+        url: "https://www.linkedin.com/in/nicolasmasse/"
+
+taxonomies:
+  opensource: "opensource"
+  topic: "topics"
+  tags: "tags"
+
+params:
+

content/english/_index.md

@@ -0,0 +1,11 @@
+---
+title: "Nicolas Massé"
+---
+
+I am Nicolas Massé, you will find me on social networks under the nickname "nmasse-itix".
+Initially developer, I now work as pre-sales consultant in the fields of [API Management]({{<relref "/topics/api-management" >}}), [Single Sign On]({{<relref "/topics/openid-connect" >}}) and [Containers]({{<relref "/topics/containers" >}}).
+
+I mainly work with [Open Source]({{<relref "/opensource" >}}) technologies such as [Keycloak]({{<relref "/opensource/keycloak" >}}), [3scale]({{<relref "/opensource/3scale" >}}) or [OpenShift]({{<relref "/opensource/openshift" >}}).
+I share my [expertise]({{<relref "/topics" >}}) and interests on this site, as a guest [on other websites]({{<relref "/writing" >}}) and I occasionally give [conferences]({{<relref "/speaking" >}}).
+
+Please read [my blog]({{<relref "/blog" >}}) or [learn more about me](https://www.linkedin.com/in/nicolasmasse/).

content/blog/3scale-toolbox-anonymous-policy.md → content/english/blog/3scale-toolbox-anonymous-policy.md

@@ -1,8 +1,10 @@
 ---
 title: "What is this 'Anonymous' policy configured by the 3scale toolbox?"
 date: 2019-11-14T00:00:00+02:00
-opensource: 
+opensource:
 - 3scale
+topics:
+- API Management
 ---
 
 In this article on the Red Hat Developer blog, I explained [how to deploy an API from the CLI, using the 3scale toolbox](https://developers.redhat.com/blog/2019/07/29/3scale-toolbox-deploy-an-api-from-the-cli/).
@@ -10,6 +12,8 @@ If you tried this approach by yourself you may end up, *sooner or later*, with a
 What is this policy and why is it there?
 Let's dig in!
 
+<!--more-->
+
 In a nutshell, the *Anonymous* policy instruct the *APIcast* gateway to expose an API **without any security mechanism**.
 Given how we stress out the importance of security in our very fragile IT systems, this calls out the following question: why was it there in the first place?
 

content/blog/3scale-toolbox-url-rewriting-policy.md → content/english/blog/3scale-toolbox-url-rewriting-policy.md

@@ -3,11 +3,15 @@ title: "What is this 'URL Rewriting' policy configured by the 3scale toolbox?"
 date: 2019-11-14T00:00:00+02:00
 opensource: 
 - 3scale
+topics:
+- API Management
 ---
 
 In this article on the Red Hat Developer blog, I explained [how to deploy an API from a Jenkins Pipeline, using the 3scale toolbox](https://developers.redhat.com/blog/2019/07/30/deploy-your-api-from-a-jenkins-pipeline/).
 If you tried this approach by yourself you may have noticed that in some cases, the configured service includes the *URL Rewriting* policy in its *Policy Chain*.
 
+<!--more-->
+
 The *URL Rewriting* policy can be used for a variety of use cases but, in a nutshell, the *URL Rewriting* policy is used by the toolbox to change the *Base Path* of an API.
 
 For instance, if your actual API implementation is live at **/camel/my-route** but you wish to expose it on **/api/v1**, you can instruct the 3scale toolbox to configure the *URL Rewriting* policy for you by specifying the `--override-private-basepath` and `--override-public-basepath` options.

content/blog/airgap-openshift-installation-move-registry-created-using-oc-adm-release-mirror-between-environments.md → content/english/blog/airgap-openshift-installation-move-registry-created-using-oc-adm-release-mirror-between-environments/index.md

@@ -5,6 +5,10 @@ opensource:
 - Ansible
 - OpenShift
 - Skopeo
+topics:
+- Containers
+resources:
+- src: '*.yaml'
 ---
 
 Some customers, especially large banks, have very tight security requirements.
@@ -143,7 +147,7 @@ Finally, skopeo is called to download each image to */tmp/oci_registry*.
     with_items: '{{ images }}'
 ```
 
-The complete playbook [is available here](pull.yaml) and can be run as follow.
+The complete playbook [is available here]({{< attachedFileLink src="pull.yaml" >}}) and can be run as follow.
 
 ```sh
 ansible-playbook pull.yaml -e token=$TOKEN

content/blog/ansible-add-prefix-suffix-to-list.md → content/english/blog/ansible-add-prefix-suffix-to-list.md

@@ -3,10 +3,14 @@ title: "Ansible: Add a prefix or suffix to all items of a list"
 date: 2019-11-18T00:00:00+02:00
 opensource:
 - Ansible
+topics:
+- IT Automation
 ---
 
 Recently, in [one of my Ansible playbooks](../airgap-openshift-installation-move-registry-created-using-oc-adm-release-mirror-between-environments) I had to prefix all items of a list with a chosen string.
 
+<!--more-->
+
 Namely, from the following list:
 
 ```python

content/blog/check-ansible-version-number-playbook.md → content/english/blog/check-ansible-version-number-playbook.md

@@ -3,12 +3,16 @@ title: "Check the Ansible version number in a playbook"
 date: 2019-11-18T00:00:00+02:00
 opensource:
 - Ansible
+topics:
+- IT Automation
 ---
 
 My Ansible playbooks sometimes use features that are available only in a very recent versions of Ansible.
 
 To prevent unecessary troubles to the team mates that will execute them, I like to add a task at the very beginning of my playbooks to check the Ansible version number and abort if the requirements are not met.
 
+<!--more-->
+
 ```yaml
 - name: Verify that Ansible version is >= 2.4.6
   assert:

content/blog/cleanup-playbook-3scale.md → content/english/blog/cleanup-playbook-3scale/index.md

@@ -1,8 +1,14 @@
 ---
 title: "A cleanup playbook for 3scale"
 date: 2020-04-28T00:00:00+02:00
-opensource: 
+opensource:
 - 3scale
+- Ansible
+topics:
+- API Management
+- IT Automation
+resources:
+- src: '*.yaml'
 ---
 
 If you are running integration tests embedding 3scale or are doing a lot of 3scale demos, you might sooner or later **have plenty of services declared in the 3scale Admin console**, which could reveal difficult to work with.
@@ -10,6 +16,8 @@ And with the new feature named *API-as-a-Product*, there are now **Backends and
 
 This article explains how to cleanup a 3scale tenant using Ansible.
 
+<!--more-->
+
 ## Pre-requisites
 
 Make sure Ansible is installed locally and is a fairly recent version.
@@ -53,7 +61,7 @@ export THREESCALE_TOKEN="$(oc get secret system-seed -o go-template --template='
 Fetch the cleanup playbook.
 
 ```sh
-curl -Lo cleanup.yaml {{< baseurl >}}blog/cleanup-playbook-3scale/cleanup.yaml
+curl -Lo cleanup.yaml {{< attachedFileLink src="cleanup.yaml" >}}
 ```
 
 ## Cleanup 3scale

content/blog/cli-world-clock.md → content/english/blog/cli-world-clock.md

@@ -10,6 +10,8 @@ requires me to leave my terminal.
 
 Let's meet the CLI World clock!
 
+<!--more-->
+
 ```sh
 function t() {
   for tz in Europe/Paris Europe/Dublin US/Eastern US/Central US/Pacific; do

content/blog/configure-redhat-sso-3scale-cli.md → content/english/blog/configure-redhat-sso-3scale-cli/index.md

@@ -3,13 +3,19 @@ title: "Configure Red Hat SSO for 3scale using the CLI!"
 date: 2020-04-08T00:00:00+02:00
 opensource: 
 - 3scale
-- keycloak
+- Keycloak
+topics:
+- OpenID Connect
+resources:
+- src: '*.png'
 ---
 
 [3scale API Management](https://3scale.github.io/) can be used in conjunction with [Red Hat SSO](https://access.redhat.com/products/red-hat-single-sign-on) / [Keycloak](https://www.keycloak.org/) to secure APIs managed by 3scale using the OpenID Connect protocol.
 
 The [official documentation](https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.8/html/administering_the_api_gateway/openid-connect#configure_red_hat_single_sign_on) describes the steps to configure Red Hat SSO / Keycloak but it uses the Graphical User Interface, which can be tedious if you have multiple environments to configure. Let's configure Red Hat SSO for 3scale using the CLI!
 
+<!--more-->
+
 As a pre-requisite, install [jq](https://stedolan.github.io/jq/download/).
 
 Fetch the hostname, login and password of your Red Hat SSO instance, from your OpenShift environment.
@@ -92,7 +98,7 @@ You can use the following URL for the **OpenID Connect Issuer** (replace $SSO_HO
 https://zync:s3cr3t@$SSO_HOSTNAME/auth/realms/3scale
 ```
 
-![openid-connect-issuer](openid-connect-issuer.png)
+{{< figure src="openid-connect-issuer.png" title="OpenID Connect Issuer settings in the 3scale Admin Portal." >}}
 
 Or when [deploying an API in 3scale with the 3scale toolbox](https://developers.redhat.com/blog/2019/07/29/3scale-toolbox-deploy-an-api-from-the-cli/), you can use:
 

content/blog/configure-truststore-apicurio-studio.md → content/english/blog/configure-truststore-apicurio-studio.md

@@ -4,6 +4,8 @@ date: 2019-10-25T00:00:00+02:00
 opensource: 
 - Apicurio
 - Microcks
+topics:
+- API Management
 ---
 
 [Microcks](http://microcks.github.io) and [Apicurio](https://www.apicur.io/) are nice Open Source projects that can even talk to each other to deliver greater value than the sum of their parts.
@@ -11,6 +13,8 @@ opensource:
 Unfortunately, sometimes TLS certificates can get in the way of proper communication between the two projects.
 This post explains how to configure the trust store in Apicurio to overcome TLS communication issues between Apicurio and Microcks.
 
+<!--more-->
+
 Start by gathering the CA certificates used in your company. There can be several ones.
 
 You can then create a trust store by running this command for each CA certificate to import:

content/blog/decode-kubernetes-secret-base64.md → content/english/blog/decode-kubernetes-secret-base64.md

@@ -3,6 +3,8 @@ title: "One-liner to decode a Kubernetes secret (base64 encoded)"
 date: 2019-06-07T00:00:00+02:00
 opensource: 
 - OpenShift
+topics:
+- Containers
 ---
 
 Creating a Kubernetes secret from a value is easy:

content/blog/deploying-invidious-openshift.md → content/english/blog/deploying-invidious-openshift.md

@@ -4,12 +4,16 @@ date: 2019-11-16T00:00:00+02:00
 opensource: 
 - OpenShift
 - Invidious
+topics:
+- Containers
 ---
 
 [Invidious](https://github.com/omarroth/invidious) is an alternative frontend to YouTube that is slimmer, faster and at the same time offer more features than YouTube itself. And even more important: it's Open Source!
 
 There is a hosted instance at [invidio.us](https://invidio.us/) if you want to give it a try. But, wouldn't it be cooler to host your own instance on your OpenShift cluster? Let's do it!
 
+<!--more-->
+
 Create a new project.
 
 ```sh

content/blog/deploying-miniflux-openshift.md → content/english/blog/deploying-miniflux-openshift.md

@@ -4,10 +4,14 @@ date: 2019-11-17T00:00:00+02:00
 opensource:
 - OpenShift
 - Miniflux
+topics:
+- Containers
 ---
 
 [Miniflux](https://miniflux.app) is a minimalist, open source and opinionated RSS feed reader. There is a [hosted instance](https://miniflux.app/hosting.html) available at a fair price point but wouldn't it be cooler to host your own instance on your OpenShift cluster? Let's do it!
 
+<!--more-->
+
 Create a new project.
 
 ```sh

content/blog/enable-global-policies-apicast.md → content/english/blog/enable-global-policies-apicast.md

@@ -3,6 +3,8 @@ title: "Enable global policies on Apicast 3.6"
 date: 2019-09-10T00:00:00+02:00
 opensource: 
 - 3scale
+topics:
+- API Management
 ---
 
 Recent versions of Apicast have a pluggable policy mechanism to apply different treatments to each exposed API.
@@ -10,6 +12,9 @@ This is very powerful since each service receives its specific configuration.
 However, if the same treatment has to be applied to every service exposed, it becomes an administration overhead.
 
 Hopefully, Apicast has the concept of *Global Policies* that applies to every service exposed by itself.
+
+<!--more-->
+
 An example of a widespread policy, especially during demos, is the CORS policy to allow the API Developer Portal to query the API Gateway directly.
 
 To configure the *Global Policy Chain*, you will have to provide a custom *Environment file*.

content/blog/feed-url-drupal-wordpress-wix-youtube.md → content/english/blog/feed-url-drupal-wordpress-wix-youtube.md

@@ -7,6 +7,8 @@ If like me you are using [an RSS reader](../deploying-miniflux-openshift/) to st
 
 But since most website are based on commonly found CMS, it is highly probable the RSS feeds are there, just not advertised.
 
+<!--more-->
+
 Here are the URL patterns for the most common CMS on the market:
 
 - **Wordpress**: `/feed/` or `/?feed=rss2`

content/blog/install-miniflux-raspberry-pi.md → content/english/blog/install-miniflux-raspberry-pi.md

@@ -3,12 +3,16 @@ title: "Install Miniflux on your Raspberry PI"
 date: 2020-04-08T00:00:00+02:00
 opensource: 
 - OpenWRT
+topics:
+- Embedded Systems
 ---
 
 In the article "[Nginx with TLS on OpenWRT](../nginx-with-tls-on-openwrt/)", I explained how to install Nginx with TLS support on a Raspberry PI.
 But without an application to protect, Nginx is quite useless.
 This article explains how to install [Miniflux](https://miniflux.app/) (a lightweight RSS reader) on your Raspberry PI and how to host it as an Nginx virtual host.
 
+<!--more-->
+
 Miniflux is a web application written in Go and backed by a PostgreSQL database. So we will need to install PostgreSQL, install miniflux and setup Nginx. The rest of this article assumes you [installed OpenWRT on your Raspberry](../install-openwrt-raspberry-pi/), but it should be applicable to any Linux distribution with minimal changes.
 
 ## Install PostgreSQL

content/blog/install-openwrt-raspberry-pi.md → content/english/blog/install-openwrt-raspberry-pi/index.md

@@ -3,12 +3,18 @@ title: "Install OpenWRT on your Raspberry PI"
 date: 2019-12-19T00:00:00+02:00
 opensource: 
 - OpenWRT
+topics:
+- Embedded Systems
+resources:
+- src: '*.jpeg'
 ---
 
 [OpenWRT](https://openwrt.org/) is a Linux distribution for embedded systems.
 It made design choices that take it apart from the usual Linux distributions: musl libc instead of the usual glibc, busybox instead of coreutils, ash instead of bash, etc.
 As a result, the system is very light and blazing fast!
 
+<!--more-->
+
 Continue reading to know how to **install OpenWRT on your Raspberry PI**.
 
 ## Install OpenWRT
@@ -66,7 +72,7 @@ screen /dev/ttyUSB0 115200
 
 You then need to connect the VIN, GND, TXD and RXD wires to the correct GPIO pins of your Raspberry PI.
 
-![GPIO UART pins](uart-pins.jpeg)
+{{< figure src="uart-pins.jpeg" title="The UART Pins of the Raspberry PI 3" >}}
 
 Power-on your Raspberry PI, wait a couple seconds and press enter to display the OpenWRT prompt.
 

content/blog/install-operator-openshift-cli.md → content/english/blog/install-operator-openshift-cli.md

@@ -3,6 +3,9 @@ title: "Install Kubernetes operators in OpenShift using only the CLI"
 date: 2020-04-24T00:00:00+02:00
 opensource: 
 - OpenShift
+topics:
+- Containers
+- Kubernetes Operators
 ---
 
 OpenShift 4 went all-in on Kubernetes operators: they are used for installation of the platform itself but also to install databases, middlewares, etc.
@@ -12,6 +15,8 @@ Most software now provide an operator and describe how to use it.
 Nevertheless, almost every software documentation I read so far, includes the steps to install the operator using the nice GUI of OpenShift 4.
 But since my OpenShift environments are provisioned by a playbook, I want to be able to install operators using the CLI only!
 
+<!--more-->
+
 The [OpenShift official documentation](https://docs.openshift.com/container-platform/4.3/operators/olm-adding-operators-to-cluster.html#olm-installing-operator-from-operatorhub-using-cli_olm-adding-operators-to-a-cluster) covers this part but I did not find it very clear.
 So, this article tries to make it clearer: **how to install Kubernetes operators in OpenShift using only the CLI**.
 

content/blog/is-my-ntp-daemon-working.md → content/english/blog/is-my-ntp-daemon-working.md

@@ -17,6 +17,8 @@ This can happen when your [NTP](https://en.wikipedia.org/wiki/Network_Time_Proto
 daemon is not synchronized. This means it cannot reliably determine the current
 time.
 
+<!--more-->
+
 First, make sure your NTP daemon is started:
 
 ```raw

content/blog/jmeter-assess-software-performances.md → content/english/blog/jmeter-assess-software-performances/index.md

@@ -2,9 +2,11 @@
 title: "Use JMeter to assess software performances"
 date: 2020-07-24T00:00:00+02:00
 opensource: 
-- jmeter
-topic:
-- performance-testing
+- JMeter
+topics:
+- Performance testing
+resources:
+- '*.png'
 ---
 
 One of my side projects (the [Telegram Photo Bot](https://github.com/nmasse-itix/Telegram-Photo-Album-Bot)), have some performance issues that I will have to tackle.
@@ -12,6 +14,8 @@ I could have jumped into the code and changed something, hoping it will improve
 But that would be ineffective and unprofessional.
 So, I decided to have an honest measure of the current performances as well as a reproducible setup to have consistent measures over time.
 
+<!--more-->
+
 This article explains how I built my performance testing lab using [JMeter](https://jmeter.apache.org/index.html) and an old ARM board.
 To keep this article short and readable, I focused on the assessment of two HTTP libraries (golang's net/http and valyala's fasthttp), leaving the discussion about the Telegram Photo Bot performances for a next article.
 
@@ -100,7 +104,7 @@ http {
 
 My first measure on the control (nginx) gave strange results.
 
-![control1](control1.png)
+{{< attachedFigure src="control1.png" title="First measure gave results too low to be representative of nginx's performances." >}}
 
 Less than 30 tps, even on an old ARM board, is definitely too low to be representative of nginx's performances.
 Using [Wireshark](https://www.wireshark.org/), I discovered that JMeter did not established [Keep-Alive connections](https://sqa.stackexchange.com/questions/38211/re-using-the-tcp-connections-with-jmeter-like-a-real-browser).
@@ -133,13 +137,13 @@ httpclient.reset_state_on_thread_group_iteration=false
 With Keep-Alive enabled, the 1200 tps are much more inline with the known performance level of nginx.
 Except there is a performance drop every 10-15 seconds that is not expected.
 
-![control2](control2.png)
+{{< attachedFigure src="control2.png" title="Second measure shows a periodic performance drop." >}}
 
 Using Wireshark, I discovered that during those performance drops, there are [TCP packets retransmissions](https://wiki.wireshark.org/DuplicatePackets).
 At that time, my Macbook Pro hosting the injector was connected **using Wifi**.
 I switched to a good old Ethernet cable, and this time the results on the control were as expected.
 
-![control3](control3.png)
+{{< attachedFigure src="control3.png" title="Third measure is ok." >}}
 
 As a conclusion, always have a control in your experience!
 
@@ -147,7 +151,7 @@ As a conclusion, always have a control in your experience!
 
 To build my JMeter Test Plan, I started by adding a **User Defined Variables** component that holds all the settings related to lab environment (DNS names, ports, tokens, etc.).
 
-![udv](udv.png)
+{{< attachedFigure src="udv.png" title="JMeter User Defined Variables" >}}
 
 I added a variable named **scenario** whose value will be passed to JMeter from the CLI.
 This enables me to run all my experiments automatically from a script, one after another.
@@ -159,12 +163,12 @@ ${__P(parameter-name,default-value)}
 
 I configured a **Thread Group** based on the **jp@gc - Ultimate Thread Group** with five concurrent users.
 
-![thread-group](thread-group.png)
+{{< attachedFigure src="thread-group.png" title="JMeter Thread Group" >}}
 
 And finally, a **Loop** component with three **If Controllers** underneath.
 Each **If Controller** holds an **HTTP Probe** configured for the target scenario.
 
-![if](if.png)
+{{< attachedFigure src="if.png" title="JMeter If Controller" >}}
 
 The If Controllers are defined with a **jexl3** expression, asserting the value of the **scenario** variable.
 

content/blog/nginx-with-tls-on-openwrt.md → content/english/blog/nginx-with-tls-on-openwrt/index.md

@@ -4,11 +4,17 @@ date: 2019-12-19T00:00:00+02:00
 opensource: 
 - OpenWRT
 - nginx
+topics:
+- Embedded Systems
+resources:
+- '*.png'
 ---
 
 In the article "[Install OpenWRT on your Raspberry PI](../install-openwrt-raspberry-pi/)", I explained how to install OpenWRT on a Raspberry PI and the first steps as an OpenWRT user.
 As I plan to use my Raspberry PI to host plenty of web applications, I wanted to setup a versatile reverse proxy to protect them all, along with TLS support to meet nowadays security requirements.
 
+<!--more-->
+
 OpenWRT has an [nginx package](https://openwrt.org/packages/pkgdata/nginx), ready to be installed using *opkg* but unfortunately it does not have TLS enabled. So we need to recompile nginx with TLS enabled!
 
 ## Install the OpenWRT SDK
@@ -81,7 +87,7 @@ Enter **Global Build Settings** and:
 * Press space to unset **Select all userspace packages by default**
 * Leave **Cryptographically sign packages** set
 
-![make menuconfig](make-menuconfig.png)
+{{< attachedFigure src="make-menuconfig.png" title="Parameters to activate in your make menuconfig" >}}
 
 Go back to the root menu.
 

content/blog/print-config-file-without-comments.md → content/english/blog/print-config-file-without-comments.md

@@ -9,6 +9,8 @@ Sounds familiar?
 Not that comments are useless in a configuration file but sometimes it's handy to print a configuration file without the comment lines.
 Especially when the file is thousand lines long but the useful lines fit the twenty five lines of a standard terminal.
 
+<!--more-->
+
 The `egrep` command which is standard on most Linux distributions and on MacOS, can strip out the unwanted lines:
 
 ```sh

content/blog/running-redhat-sso-outside-openshift.md → content/english/blog/running-redhat-sso-outside-openshift.md

@@ -3,12 +3,16 @@ title: "Running Red Hat SSO outside of OpenShift"
 date: 2019-10-10T00:00:00+02:00
 opensource: 
 - Keycloak
+topics:
+- Containers
 ---
 
 In an article named [Red Hat Single Sign-On: Give it a try for no cost!](https://developers.redhat.com/blog/2019/02/07/red-hat-single-sign-on-give-it-a-try-for-no-cost/), I explained how to deploy Red Hat SSO very easily in any OpenShift cluster.
 
 As pointed by a reader in a comment, as widespread OpenShift can be, not everyone has access to a running OpenShift cluster. So, here is how to run Red Hat SSO outside of OpenShift: using only plain Docker commands.
 
+<!--more-->
+
 The rest of this procedure assumes you already have a token to access the Red Hat registry (full procedure described in [my article](https://developers.redhat.com/blog/2019/02/07/red-hat-single-sign-on-give-it-a-try-for-no-cost/) and in the [Red Hat SSO Getting Started guide, chapter 3, section 3.1](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/html/red_hat_single_sign-on_for_openshift/get_started)).
 
 Start by logging in with this token using the *docker login* command (do not forget to replace the login and password with yours):

content/blog/secure-openshift-4-openid-connect-authentication.md → content/english/blog/secure-openshift-4-openid-connect-authentication.md

@@ -14,6 +14,8 @@ But this is yet another password to remember!
 OpenShift can handle the [OpenID Connect](https://openid.net/connect/) protocol and thus offers Single Sign On to its users.
 No additional password to remember: you can login to the OpenShift console with your [Google Account](../use-google-account-openid-connect-provider) for instance.
 
+<!--more-->
+
 ## Pre-requisites
 
 The rest of this article assumes you have already setup your OpenID Connect client in the Google Developer Console as explained in this article: [Use your Google Account as an OpenID Connect provider](../use-google-account-openid-connect-provider).

content/blog/secure-quarkus-api-with-keycloak.md → content/english/blog/secure-quarkus-api-with-keycloak.md

@@ -14,6 +14,8 @@ Quarkus can be used for any type of backend development, including API-enabled b
 
 In this article, I'm describing how to secure a Quarkus API with Keycloak using JWT tokens.
 
+<!--more-->
+
 ## Preparation
 
 As a pre-requisite, install [Maven](https://maven.apache.org/), [jq](https://stedolan.github.io/jq/download/) and [jwt-cli](https://github.com/mike-engel/jwt-cli#installation).

content/blog/secure-raspberry-pi-keycloak-gatekeeper.md → content/english/blog/secure-raspberry-pi-keycloak-gatekeeper.md

@@ -13,6 +13,8 @@ Some of the web applications that I installed on my Raspberry PI do not feature
 No authentication means that anybody on the internet could reach those applications and play with them.
 This article explains how to secure applications running on a Raspberry PI with [Keycloak Gatekeeper](https://github.com/keycloak/keycloak-gatekeeper).
 
+<!--more-->
+
 [Keycloak Gatekeeper](https://github.com/keycloak/keycloak-gatekeeper) is a reverse proxy whose sole purpose is to authenticate the end-users using the [OpenID Connect](https://openid.net/connect/) protocol.
 If Keycloak Gatekeeper is best used in conjunction with the [Keycloak Identity Provider](https://www.keycloak.org/), it can also be used with any Identity Provider that conforms to the OpenID Connect specifications.
 

content/blog/send-mails-openwrt-msmtp-gmail.md → content/english/blog/send-mails-openwrt-msmtp-gmail.md

@@ -3,6 +3,8 @@ title: "Send mails on OpenWRT with MSMTP and Gmail"
 date: 2020-04-08T00:00:00+02:00
 opensource:
 - OpenWRT
+topics:
+- Embedded Systems
 ---
 
 A previous article named "[Install OpenWRT on your Raspberry PI](../install-openwrt-raspberry-pi/)" goes through the setup process to use OpenWRT on your Raspberry PI.
@@ -11,6 +13,9 @@ With great power comes great responsibilities.
 So, you might want to be notified when something goes wrong, a cron job failed, a hard disk is dying, etc., so that you can fix the problem at earliest, maybe before anyone else could notice.
 
 This article explains how to send mails on OpenWRT with MSMTP and a GMail account.
+
+<!--more-->
+
 You can adapt this procedure to any email provider that supports SMTP access with a login and password.
 
 ## Configure GMail

content/blog/solving-this-module-requires-the-openshift-python-client-error.md → content/english/blog/solving-this-module-requires-the-openshift-python-client-error.md

@@ -4,6 +4,8 @@ date: 2019-09-13T00:00:00+02:00
 opensource: 
 - OpenShift
 - Ansible
+topics:
+- IT Automation
 ---
 
 If you are using MacOS to develop Operators based on Ansible or simply running Ansible playbooks straight from your Mac, you might encounter this error:

content/blog/testing-hard-drive-ssd-performance.md → content/english/blog/testing-hard-drive-ssd-performance.md

@@ -9,6 +9,8 @@ If your Linux system appears to be slow, it might be an issue with your disks,
 either hard drive or SSD. Hopefully, with a few commands you can get an idea
 of the performances of your disks.
 
+<!--more-->
+
 First, you will have to install `hdparm` using `yum` or `dnf`:
 
 ```sh

content/blog/use-ansible-to-manage-the-qos-of-your-openshift-workload.md → content/english/blog/use-ansible-to-manage-the-qos-of-your-openshift-workload/index.md

@@ -4,12 +4,18 @@ date: 2019-02-06T00:00:00+02:00
 opensource: 
 - OpenShift
 - Ansible
+topics:
+- IT Automation
+resources:
+- src: '*.yaml'
 ---
 
 As I was administering my OpenShift cluster, I found out that I had a too
 much memory requests. To preserve a good quality of service on my cluster,
 I had to tacle this issue.
 
+<!--more-->
+
 Resource requests and limits in OpenShift (and Kubernetes in general) are
 the concepts that helps define the quality of service of every running Pod.
 
@@ -188,6 +194,6 @@ blacklist of critical namespaces that should not be touched.
       when: obj.namespace not in namespace_blacklist
 {{< / highlight >}}
 
-You can find the complete playbook [here](change-qos.yaml). Of course, it is
+You can find the complete playbook [here]({{< attachedFileLink src="change-qos.yaml" >}}). Of course, it is
 very rough and would need to more work to be used on a daily basis but for a
 single use this is sufficient.

content/blog/use-google-account-openid-connect-provider.md → content/english/blog/use-google-account-openid-connect-provider/index.md

@@ -3,6 +3,9 @@ title: "Use your Google Account as an OpenID Connect provider"
 date: 2020-03-27T00:00:00+02:00
 topics:
 - OpenID Connect
+resources:
+- src: '*.png'
+- src: '*.sh'
 ---
 
 We have passwords everywhere: to unlock our computer, to reach our inbox, to login as root on our Raspberry PI, etc.
@@ -10,6 +13,8 @@ Unless you have a password vault to store your credentials securely, it is very
 
 This article goes through all the steps to use your Google Account as an [OpenID Connect](https://openid.net/connect/) provider and subsequent articles (check links at the bottom of this article) explain how to configure the different services and software to use your Google Account as an OpenID Connect provider.
 
+<!--more-->
+
 The article is divided in three parts.
 
 * a general overview of OpenID Connect protocol
@@ -45,15 +50,15 @@ First, connect to the [Google Developer Console](https://console.developers.goog
 
 Click **Create Project**.
 
-![create project](create-project.png)
+{{< attachedFigure src="create-project.png" title="Click 'Create Project'." >}}
 
 Fill-in the **Project name** (free choice). The location does not matter. Click **Create**.
 
-![project name](project-name.png)
+{{< attachedFigure src="project-name.png" title="Fill-in the 'Project name'. Click 'Create'." >}}
 
 Click **OAuth Consent screen**. If you are a Google Suite user, select **Internal**. If you are a regular GMail user, select **External**. Click **Create**.
 
-![oauth-consent](oauth-consent.png)
+{{< attachedFigure src="oauth-consent.png" title="The OAuth Consent screen." >}}
 
 Choose an application name (free choice).
 Leave the default scopes.
@@ -61,15 +66,15 @@ Add your personal domain to the list of **Authorized Domains**.
 For instance, if your target service is at *raspberry-pi.example.test*, add **example.test**.
 **DO NOT FORGET to press Enter!**
 
-![authorized-domains](authorized-domains.png)
+{{< attachedFigure src="authorized-domains.png" title="Add your personal domain to the list of Authorized Domains." >}}
 
 Fill-in the **Application Homepage Link** and **Application Privacy Policy Link** (free choices). Click **Save**.
 
-![links](links.png)
+{{< attachedFigure src="links.png" title="Fill-in the links." >}}
 
 Click **Credentials**. Select **+ Create Credentials**, then **OAuth Client ID**.
 
-![create-credentials](create-credentials.png)
+{{< attachedFigure src="create-credentials.png" title="Create the OAuth credentials." >}}
 
 Under **Application type**, select **Web Application**.
 Choose a name for your application (free choice).
@@ -81,7 +86,7 @@ To be able to do so, we need to add a special Redirect URI: **http://localhost:6
 
 Click **Create**.
 
-![redirect-uri](redirect-uri.png)
+{{< attachedFigure src="redirect-uri.png" title="Fill-in the Redirect URI." >}}
 
 Google generated a **Client ID** and **Client Secret** for you. Keep them somewhere safe!
 
@@ -92,7 +97,7 @@ There are several open source tools to test your OpenID Connect setup but a very
 Download the following script and make it executable.
 
 ```sh
-curl -o test-auth.sh {{< baseurl >}}blog/use-google-account-openid-connect-provider/test-auth.sh
+curl -o test-auth.sh {{< attachedFileLink src="test-auth.sh" >}}
 chmod 755 test-auth.sh
 ```
 
@@ -111,15 +116,15 @@ Now, run this script!
 
 The script generates a URL that you need to copy and paste in your web browser.
 
-![script-start](script-start.png)
+{{< attachedFigure src="script-start.png" title="The script generates a URL that you need to copy and paste in your web browser." >}}
 
 If you are not yet logged in, Google asks you to authenticate.
 
-![auth](auth.png)
+{{< attachedFigure src="auth.png" title="If you are not yet logged in, Google asks you to authenticate." >}}
 
 Once logged in or if you are already logged in, you are redirected to the fake Redirect URI we registered earlier.
 
-![auth-ok](auth-ok.png)
+{{< attachedFigure src="auth-ok.png" title="You are redirected to the fake Redirect URI we registered earlier" >}}
 
 We registered a fake Redirect URI so that we could play each part of the OpenID Connect exchange manually.
 **So, if you see an error message from your web browser saying that it cannot connect to the target service: THIS IS EXPECTED FOR OUR TEST.**
@@ -129,7 +134,7 @@ Once the browser is redirected at `http://localhost:666/stop-here`, copy the red
 Remember that the Authorization Code is very short lived.
 So, be quick!
 
-![script-url](script-url.png)
+{{< attachedFigure src="script-url.png" title="Paste the Redirect URI." >}}
 
 The script contacts the Authorization Server to get an Access Token from the Authorization Code captured in the Redirect URI.
 

content/blog/use-qlkube-to-query-the-kubernetes-api.md → content/english/blog/use-qlkube-to-query-the-kubernetes-api.md

@@ -3,7 +3,7 @@ title: "Use QLKube to query the Kubernetes API"
 date: 2019-06-07T00:00:00+02:00
 opensource: 
 - OpenShift
-topic:
+topics:
 - GraphQL
 ---
 
@@ -12,6 +12,8 @@ topic:
 It strives to reduce the chattiness clients can experience when querying REST APIs.
 It is very useful for mobile application and web development: by reducing the number of roundtrips needed to fetch the relevant data and by fetching only the needed field, the network usage is greatly reduced.
 
+<!--more-->
+
 To install QLKube in OpenShift, use the NodeJS Source-to-Image builder:
 
 {{< highlight sh >}}

content/blog/writing-workshop-instructions-with-hugo-deploy-openshift.md → content/english/blog/writing-workshop-instructions-with-hugo-deploy-openshift/index.md

@@ -4,11 +4,15 @@ date: 2019-02-27T00:00:00+02:00
 opensource: 
 - Hugo
 - OpenShift
+resources:
+- '*.png'
 ---
 
 This is the third part of my series covering how to
 [Write workshop instructions with Hugo](../writing-workshop-instructions-with-hugo/). In this article, we will deploy our [Hugo mini-training](https://github.com/nmasse-itix/hugo-workshop/) as a container in OpenShift.
 
+<!--more-->
+
 Since Hugo is a static website generator, we only need a web server in our container to serve those pages. Let's settle for nginx that is [neatly packaged as a container image, as part of the Software Collections](https://www.softwarecollections.org/en/scls/rhscl/rh-nginx114/).
 
 And to build our final container image that will contain both our website (the static pages to serve) and the web server itself, we will use the [Source-to-image (S2I)](https://github.com/openshift/source-to-image) tool. Hopefully, the nginx image of the Software Collections is already S2I enabled!
@@ -164,25 +168,25 @@ First, get the GitHub Webhook URL of your BuildConfig:
 - Open the **Configuration** tab
 - Copy the **GitHub Webhook URL**
 
-![The BuildConfig on OpenShift](openshift-buildconfig-webhook.png)
+{{< attachedFigure src="openshift-buildconfig-webhook.png" title="The BuildConfig on OpenShift." >}}
 
 Then, go on your GitHub repository and add a webhook:
 
 - Go to **Settings** > **Webhooks**
 - Click **Add webhook**
 
-![Add a webhook on GitHub](github-add-webhook.png)
+{{< attachedFigure src="github-add-webhook.png" title="Add a webhook on GitHub." >}}
 
 - Paste your Webhook URL in the **Payload URL** field
 - Select `application/json` in the **Content type** dropdown list
 - Check **Disable** in the **SSL verification** section if your OpenShift console has a self-signed certificate
 - Click **Add webhook**
 
-![The GitHub webhook](github-webhook.png)
+{{< attachedFigure src="github-webhook.png" title="The GitHub webhook." >}}
 
 Try to push some changes to your GitHub repository and see OpenShift rebuilding and deploying your website!
 
-![OpenShift rebuilding and redeploying your website](openshift-rebuild.png)
+{{< attachedFigure src="openshift-rebuild.png" title="OpenShift rebuilding and redeploying your website" >}}
 
 ## Conclusion
 

content/blog/writing-workshop-instructions-with-hugo-variables.md → content/english/blog/writing-workshop-instructions-with-hugo-variables.md

@@ -16,6 +16,8 @@ In the first part, we saw how to:
 For this second part, we will add variables to our content so that we can easily
 adjust the workshop instructions to different use cases.
 
+<!--more-->
+
 One of the most common usage we have for variables is to deliver the same workshop
 on different environments. This means URLs, username and passwords change and we
 need to adjust our workshop instructions very quicky to match the new environment.
@@ -47,7 +49,7 @@ Test locally your changes new website by running:
 hugo server -D
 ```
 
-You can now open [localhost:1313/packaging/git-commit/](http://localhost:1313/packaging/git-commit/)
+You can now open http://localhost:1313/packaging/git-commit/
 and confirm that variables have been expanded:
 
 ```md

content/blog/writing-workshop-instructions-with-hugo.md → content/english/blog/writing-workshop-instructions-with-hugo/index.md

@@ -3,6 +3,8 @@ title: "Writing workshop instructions with Hugo"
 date: 2019-02-20T00:00:00+02:00
 opensource: 
 - Hugo
+resources:
+- '*.png'
 ---
 
 In my professional life, I often have to lead workshops with customers or
@@ -29,6 +31,8 @@ but is difficult to work with for the participants.
 
 Hopefully [Hugo](https://gohugo.io/) can help us!
 
+<!--more-->
+
 As an example, in the rest of this article, we will craft a mini-training
 about Hugo!
 
@@ -197,7 +201,7 @@ git push -u origin master
 Congratulations! You now have your training instructions neatly organised and
 clearly presented. Maintenance and collaboration have been greatly simplified!
 
-![Screenshot of our mini-training](hugo-screenshot.png)
+{{< attachedFigure src="hugo-screenshot.png" title="Screenshot of our mini-training." >}}
 
 In this first part of the series, we presented a very light introduction to
 Hugo and its application to workshop instructions. Be sure to read [part 2: Writing workshop instructions with Hugo, with variables in your content](../writing-workshop-instructions-with-hugo-variables/) to discover advanced usages.

content/contact/index.md → content/english/contact/index.md

@@ -1,7 +1,5 @@
 ---
 title: "Contact me"
-date: 2018-01-01T00:00:00+02:00
-draft: false
 ---
 
 Do you need something from me ?
@@ -11,7 +9,7 @@ email address or on twitter at [@nmasse_itix](https://twitter.com/nmasse_itix).
 
 ![My Email](/images/my-email.png)
 
-If you want to know more about my professional career, you can find it on [Linkedin](https://www.linkedin.com/in/nicolasmasse/) but I can also provide a current CV or bio upon request.
+If you want to know more about my professional career, you can find it on [Linkedin](https://www.linkedin.com/in/nicolasmasse/) but I can also provide a current CV or biography upon request.
 
 If you are reaching out to me for one of my [Open Source projects](https://github.com/nmasse-itix?tab=repositories)
 or one of my contributions, please open an issue in the relevant GitHub repository

content/english/opensource/_index.md

@@ -0,0 +1,6 @@
+---
+title: "Open Source"
+---
+
+In my daily work I use many Open Source communities, on which I have written articles.
+Each Open Source community below is a link to the list of matching articles.

content/english/speaking/_index.md

@@ -0,0 +1,6 @@
+---
+title: "Speaking"
+---
+
+I am occasionally invited to customers or corporate events to talk about APIs and SSO.
+I have compiled the list of my latest talks below.

content/english/speaking/devoteam-tech-for-people-2018/index.md

@@ -0,0 +1,16 @@
+---
+title: "Devoteam #TechForPeople 2018"
+date: 2018-10-10T00:00:00+02:00
+draft: false
+resources:
+- '*.png'
+---
+
+The 10th Septembre 2018, I co-presented a session named _"No API, No Future"_
+in which I exhibited the Red Hat's API Lifecycle Automation. The event
+`#TechForPeople` was organized by Devoteam.
+
+{{< attachedFigure src="2018-10-10-Devoteam-TechForPeople-1.jpg" >}}
+{{< attachedFigure src="2018-10-10-Devoteam-TechForPeople-2.jpg" >}}
+{{< attachedFigure src="2018-10-10-Devoteam-TechForPeople-3.jpg" >}}
+{{< attachedFigure src="2018-10-10-Devoteam-TechForPeople-4.jpg" >}}

content/speaking/red-hat-tech-exchange-2018.md → content/english/speaking/red-hat-tech-exchange-2018/index.md

@@ -2,6 +2,8 @@
 title: "Red Hat Tech Exchange 2018"
 date: 2018-09-21T00:00:00+02:00
 draft: false
+resources:
+- '*.jpg'
 ---
 
 From the 17th to 21th Septembre 2018, I co-presented two sessions:
@@ -12,4 +14,4 @@ From the 17th to 21th Septembre 2018, I co-presented two sessions:
 For the session _An API Journey: from mock to deployment_, we received an award
 based on the amazing feedbacks from the public! 
 
-![We received our award, on-stage!](/speaking/2018-10-21-RHTE-Award.jpg)
+{{< attachedFigure src="2018-10-21-RHTE-Award.jpg" title="We received our award, on-stage!" >}}

content/speaking/red-hat-tech-exchange-2019.md → content/english/speaking/red-hat-tech-exchange-2019/index.md

@@ -2,6 +2,8 @@
 title: "Red Hat Tech Exchange 2019"
 date: 2019-10-21T00:00:00+02:00
 draft: false
+resources:
+- '*.png'
 ---
 
 During the three Red Hat Tech Exchange sessions (Americas, EMEA and APAC), I presented two sessions:
@@ -11,4 +13,4 @@ During the three Red Hat Tech Exchange sessions (Americas, EMEA and APAC), I pre
 
 The session _Leverage the power of open source communities to manage your APIs_ has been the second best voted session in RHTE APAC!
 
-![I received an award!](/speaking/2019-10-21-RHTE-Award.png)
+{{< attachedFigure src="2019-10-21-RHTE-Award.png" title="I received an award!" >}}

content/english/topics/_index.md

@@ -0,0 +1,6 @@
+---
+title: "Expertise"
+---
+
+During my various interventions on customer site, I had to work on various subjects for which I have written one or more articles.
+Each subject is a link to the list of matching articles.

content/english/writing/_index.md

@@ -0,0 +1,5 @@
+---
+title: "Writing"
+---
+
+I post articles from time to time on various websites as a guest. I have gathered a list of my recent posts below.