Merge pull request #73 from Smana/update_opentofu_openbao

Update opentofu openbao
Smana · Nov 23, 2024 · 23f076e · 23f076e
2 parents 58e678f + 5936f0e
commit 23f076e
Show file tree

Hide file tree

Showing 15 changed files with 80 additions and 65 deletions.
diff --git a/.github/workflows/gh-pages.yaml b/.github/workflows/gh-pages.yaml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   deploy:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
         with:
@@ -20,7 +20,7 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@v2
         with:
-          hugo-version: "0.128.2"
+          hugo-version: "0.139.0"
           extended: true
 
       - name: Build

diff --git a/config/_default/menus/menu.en.toml b/config/_default/menus/menu.en.toml
@@ -13,9 +13,9 @@ name = "LinkedIn"
 parent = "Links"
 url = "https://www.linkedin.com/in/sma%C3%AFne-kahlouch-44374110/"
 [[main]]
-name = "Twitter"
+name = "Bluesky"
 parent = "Links"
-url = "https://twitter.com/_smana_"
+url = "https://bsky.app/profile/smana.dev"
 
 [[main]]
 name = "About"
@@ -30,10 +30,9 @@ type = "social"
 url = "https://github.com/Smana"
 weight = 1
 [[social]]
-name = "twitter"
-url = "https://twitter.com/_smana_"
-weight = 2
-[[social]]
 name = "linkedin"
 url = "https://www.linkedin.com/in/sma%C3%AFne-kahlouch-44374110/"
 weight = 3
+[[social]]
+name = "bluesky"
+url = "https://bsky.app/profile/smana.dev"
diff --git a/config/_default/menus/menu.fr.toml b/config/_default/menus/menu.fr.toml
@@ -13,9 +13,9 @@ name = "LinkedIn"
 parent = "Liens"
 url = "https://www.linkedin.com/in/sma%C3%AFne-kahlouch-44374110/"
 [[main]]
-name = "Twitter"
-parent = "Liens"
-url = "https://twitter.com/_smana_"
+name = "Bluesky"
+parent = "Links"
+url = "https://bsky.app/profile/smana.dev"
 
 [[main]]
 name = "Apropos"
@@ -30,8 +30,8 @@ type = "social"
 url = "https://github.com/Smana"
 weight = 1
 [[social]]
-name = "twitter"
-url = "https://twitter.com/_smana_"
+name = "bluesky"
+url = "https://bsky.app/profile/smana.dev"
 weight = 2
 [[social]]
 name = "linkedin"

diff --git a/config/_default/params.toml b/config/_default/params.toml
@@ -4,7 +4,7 @@ enableSearch = true
 # socials
 introDescription = "Lead SRE/DevOps, Team leader, Open Source enthusiast."
 largeTwitterCard = false # set to true if you want to show a large twitter card image. The default is a small twitter card image
-twitter = "@_smana_"
+twitter = "@smana.dev"
 # introURL = "about/" # set the url for the 'read more' button below the introDescription, or set to false to not show the button
 # description = "A theme based on VMware's Clarity Design System for publishing technical blogs with Hugo." # Set your site's meta tag (SEO) description here. Alternatively set this description in your home page content file e.g. content/_index.md. Whatever is set in the latter will take precedence.
 # keywords = ["design", "clarity", "hugo theme"] # Set your site's meta tag (SEO) keywords here. Alternatively set these in your home page content file e.g. content/_index.md. Whatever is set in the latter will take precedence.

diff --git a/content/en/post/cilium-gateway-api/index.md b/content/en/post/cilium-gateway-api/index.md
@@ -53,9 +53,9 @@ Let's see how GAPI is used in practice with Cilium 🚀!
 
 ## :ballot_box_with_check: Prerequisites
 
-For the remainder of this article, we assume an EKS cluster has been deployed. If you're not using the [method suggested in the demo repo](https://github.com/Smana/cilium-gateway-api/tree/main/terraform/eks) as the basis for this article, there are a few **points to check** for GAPI to be usable.
+For the remainder of this article, we assume an EKS cluster has been deployed. If you're not using the [method suggested in the demo repo](https://github.com/Smana/cilium-gateway-api/tree/main/opentofu/eks) as the basis for this article, there are a few **points to check** for GAPI to be usable.
 
-ℹ️ The installation method described here is based on `Helm`, all the `values` can be viewed [here](https://github.com/Smana/cilium-gateway-api/blob/main/terraform/eks/helm_values/cilium.yaml).
+ℹ️ The installation method described here is based on `Helm`, all the `values` can be viewed [here](https://github.com/Smana/cilium-gateway-api/blob/main/opentofu/eks/helm_values/cilium.yaml).
 
 * **Install** the `CRDs` available in the [Gateway API](https://github.com/kubernetes-sigs/gateway-api/tree/main/config/crd) repository.
 {{% notice note Note %}}
@@ -618,4 +618,4 @@ While I've only scratched the surface of what Cilium's GAPI can offer (honestly,
 * <https://docs.cilium.io/en/latest/network/servicemesh/gateway-api/gateway-api/#gs-gateway-api>
 * <https://isovalent.com/blog/post/cilium-gateway-api/>
 * <https://isovalent.com/blog/post/tutorial-getting-started-with-the-cilium-gateway-api/>
-* Isovalent's [labs](https://isovalent.com/resource-library/labs/) are great to start playing with Gateway API and you'll get new badges to add to your collection 😄 <img src="badges.png" width="330" height="330" alt="">
+* Isovalent's [labs](https://isovalent.com/resource-library/labs/) are great to start playing with Gateway API and you'll get new badges to add to your collection 😄 <img src="badges.png" width="330" height="330" alt="">
diff --git a/content/en/post/crossplane_composition_functions/index.md b/content/en/post/crossplane_composition_functions/index.md
@@ -15,6 +15,10 @@ tags = [
 thumbnail= "thumbnail.png"
 +++
 
+{{% notice info "Update 2024-11-23" %}}
+I'm now using the [KCL (Kusion Configuration Language)](https://www.kcl-lang.io/) for crossplane compositions.
+{{% /notice %}}
+
 With the emergence of _[Platform Engineering](https://thenewstack.io/how-is-platform-engineering-different-from-devops-and-sre/)_, we are witnessing a shift towards the creation of **self-service** solutions for developers. This approach facilitates the standardization of DevOps practices, enhances the developer experience, and reduces the cognitive load associated with managing tools.
 
 `Crossplane`, an "Incubating" project under the [Cloud Native Computing Foundation (CNCF)](https://www.cncf.io/projects/crossplane/), aims to become the leading framework for creating Cloud Native platforms. In my [first article about Crossplane](https://blog.ogenki.io/post/crossplane_k3d/), I introduced this tool and explained how it leverages **GitOPs** principles for infrastructure, enabling the creation of a `GKE` cluster.
@@ -371,4 +375,4 @@ I encourage you to closely follow the project's evolution in the coming months
 * Crossplane blog: [Improve Crossplane Compositions Authoring with go-templating-function](https://blog.upbound.io/go-templating-function)
 * [Dev XP Roadmap](https://github.com/crossplane/crossplane/issues/4654)
 * Video (Kubecon NA 2023): [Crossplane Intro and Deep Dive - the Cloud Native Control Plane Framework](https://www.youtube.com/watch?v=I5Rd0X7AROw)
-* Video (DevOps Toolkit): [Crossplane Composition Functions: Unleashing the Full Potential](https://www.youtube.com/watch?v=jjtpEhvwgMw)
+* Video (DevOps Toolkit): [Crossplane Composition Functions: Unleashing the Full Potential](https://www.youtube.com/watch?v=jjtpEhvwgMw)
diff --git a/content/en/post/pki-gapi/index.md b/content/en/post/pki-gapi/index.md
@@ -86,10 +86,10 @@ To enhance the security of the certificate management system, it's recommended t
 
 * Generate the **certificate for the Vault server from the Intermediate CA**: This ensures a trust chain from the Root CA to the end-user certificates, through the Intermediate CA.
 
-By following the procedure described [**here**](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/cluster/docs/pki_requirements.md), you should obtain the following files which will be used throughout the rest of this article. This is a suggestion based on `openssl`, and you may use the method that best suits you to achieve the same outcome.
+By following the procedure described [**here**](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/cluster/docs/pki_requirements.md), you should obtain the following files which will be used throughout the rest of this article. This is a suggestion based on `openssl`, and you may use the method that best suits you to achieve the same outcome.
 
 ```console
-cd terraform/vault/cluster
+cd opentofu/openbao/cluster
 
 ls .tls/*.pem
 .tls/bundle.pem  .tls/ca-chain.pem  .tls/intermediate-ca-key.pem  .tls/intermediate-ca.pem  .tls/root-ca-key.pem  .tls/root-ca.pem  .tls/vault-key.pem  .tls/vault.pem
@@ -114,7 +114,7 @@ There are several methods to deploy a Vault cluster, but I couldn't find one tha
 
 * **Vault Auto-Unseal feature**: This function is crucial given the ephemeral nature of our nodes. It minimizes downtime and eliminates the need for manual interventions for Vault unsealing.
 
-This article does not aim to describe all the steps, which are available in the [GitHub repo documentation](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/cluster/docs/getting_started.md). Here is an example of `Opentofu` variables:
+This article does not aim to describe all the steps, which are available in the [GitHub repo documentation](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/cluster/docs/getting_started.md). Here is an example of `Opentofu` variables:
 
 ```hcl
 name                  = "ogenki-vault"
@@ -144,7 +144,7 @@ Deploying a complete platform is carried out sequentially, in **distinct steps**
 
 Obviously, supporting resources such as network components are required to deploy machines, then the Vault cluster can be installed and configured before considering the addition of other infrastructure elements, which will likely depend on the sensitive information stored in Vault.
 
-The Vault configuration is applied using the [Terraform provider](https://registry.terraform.io/providers/hashicorp/vault/latest/docs), which authenticates using a token generated from the Vault instance. The proposal [**here**](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/vault/management) demonstrates how to configure the PKI and allow internal applications to access to Vault's API, particularly on how to configure `Cert-Manager`.
+The Vault configuration is applied using the [Terraform provider](https://registry.terraform.io/providers/hashicorp/vault/latest/docs), which authenticates using a token generated from the Vault instance. The proposal [**here**](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/openbao/management) demonstrates how to configure the PKI and allow internal applications to access to Vault's API, particularly on how to configure `Cert-Manager`.
 
 Here are the organization's specific variables:
 
@@ -384,10 +384,10 @@ spec:
 ```
 
 * The URL specified is that of the Vault server. It must be accessible from the pods within Kubernetes.
-* The `path` in Vault is part of the [Vault configuration phase](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/roles.tf). It refers to the role authorized to generate certificates.
-* Here, we are using authentication via an [Approle](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/docs/approle.md).
+* The `path` in Vault is part of the [Vault configuration phase](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/roles.tf). It refers to the role authorized to generate certificates.
+* Here, we are using authentication via an [Approle](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/docs/approle.md).
 
-For more details on all the actions necessary for configuring Cert-Manager with Vault, refer to [this procedure](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/docs/cert-manager.md).
+For more details on all the actions necessary for configuring Cert-Manager with Vault, refer to [this procedure](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/docs/cert-manager.md).
 
 The main difference with the method used for Let's Encrypt lies in the fact that **the certificate must be explicitly created**. Indeed, the previous method allowed for automatic creation with an annotation.
 
@@ -527,4 +527,4 @@ It's important to recall some recommendations and best practices before consider
   - [Deployment Guide](https://developer.hashicorp.com/vault/tutorials/day-one-raft/raft-deployment-guide)
   - [AWS](https://developer.hashicorp.com/vault/tutorials/raft/raft-storage-aws)
 * [Production hardening](https://developer.hashicorp.com/vault/tutorials/day-one-raft/production-hardening)
-* [PKI](https://developer.hashicorp.com/vault/tutorials/secrets-management/pki-engine-external-ca)
+* [PKI](https://developer.hashicorp.com/vault/tutorials/secrets-management/pki-engine-external-ca)
diff --git a/content/en/post/tailscale/index.md b/content/en/post/tailscale/index.md
@@ -110,7 +110,7 @@ We can then **reach Cloud subnets through Tailscale's VPN**.
 ### 🚀 Deploying a Subnet Router
 
 Let's dive in and deploy a _Subnet router_ on an AWS network!</br>
-Everything is done using the **Terraform** code present in the directory [terraform/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/network). We will analyze the Tailscale-specific configuration present in the [tailscale.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/network/tailscale.tf) file before deploying.
+Everything is done using the **Terraform** code present in the directory [opentofu/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/network). We will analyze the Tailscale-specific configuration present in the [tailscale.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/network/tailscale.tf) file before deploying.
 
 #### The Terraform provider
 
@@ -247,7 +247,7 @@ module "tailscale_subnet_router" {
 
 Now that we've examined the various parameters, it's time to **start our Subnet router** 🚀 !! </br>
 
-First, you need to create a `variable.tfvars` file in the [terraform/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/network) directory.
+First, you need to create a `variable.tfvars` file in the [opentofu/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/network) directory.
 
 ```hcl
 env                 = "dev"
@@ -380,7 +380,7 @@ In our setup, we already have a _Subnet router_ that routes the entire VPC netwo
 
 To access the Kubernetes API, it's essential to **authorize the Subnet router**. This is accomplished by setting the following rule for the source _security group_.
 
-[terraform/eks/main.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/eks/main.tf#L44)
+[opentofu/eks/main.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/eks/main.tf#L44)
 
 ```hcl
 module "eks" {