From 8d3282a4401964fbaecf7c594617ce813b2ee7be Mon Sep 17 00:00:00 2001
From: Smaine Kahlouch <smainklh@gmail.com>
Date: Sat, 23 Nov 2024 10:02:30 +0100
Subject: [PATCH 1/3] chore: use bluesky profile instead of twitter

---
 config/_default/menus/menu.en.toml | 11 +++++------
 config/_default/menus/menu.fr.toml | 10 +++++-----
 config/_default/params.toml        |  2 +-
 themes/hugo-clarity                |  2 +-
 4 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/config/_default/menus/menu.en.toml b/config/_default/menus/menu.en.toml
index 4a3d532..96a7ed7 100644
--- a/config/_default/menus/menu.en.toml
+++ b/config/_default/menus/menu.en.toml
@@ -13,9 +13,9 @@ name = "LinkedIn"
 parent = "Links"
 url = "https://www.linkedin.com/in/sma%C3%AFne-kahlouch-44374110/"
 [[main]]
-name = "Twitter"
+name = "Bluesky"
 parent = "Links"
-url = "https://twitter.com/_smana_"
+url = "https://bsky.app/profile/smana.dev"
 
 [[main]]
 name = "About"
@@ -30,10 +30,9 @@ type = "social"
 url = "https://github.com/Smana"
 weight = 1
 [[social]]
-name = "twitter"
-url = "https://twitter.com/_smana_"
-weight = 2
-[[social]]
 name = "linkedin"
 url = "https://www.linkedin.com/in/sma%C3%AFne-kahlouch-44374110/"
 weight = 3
+[[social]]
+name = "bluesky"
+url = "https://bsky.app/profile/smana.dev"
diff --git a/config/_default/menus/menu.fr.toml b/config/_default/menus/menu.fr.toml
index 817847d..1cb457c 100644
--- a/config/_default/menus/menu.fr.toml
+++ b/config/_default/menus/menu.fr.toml
@@ -13,9 +13,9 @@ name = "LinkedIn"
 parent = "Liens"
 url = "https://www.linkedin.com/in/sma%C3%AFne-kahlouch-44374110/"
 [[main]]
-name = "Twitter"
-parent = "Liens"
-url = "https://twitter.com/_smana_"
+name = "Bluesky"
+parent = "Links"
+url = "https://bsky.app/profile/smana.dev"
 
 [[main]]
 name = "Apropos"
@@ -30,8 +30,8 @@ type = "social"
 url = "https://github.com/Smana"
 weight = 1
 [[social]]
-name = "twitter"
-url = "https://twitter.com/_smana_"
+name = "bluesky"
+url = "https://bsky.app/profile/smana.dev"
 weight = 2
 [[social]]
 name = "linkedin"
diff --git a/config/_default/params.toml b/config/_default/params.toml
index af528e1..0714f3c 100644
--- a/config/_default/params.toml
+++ b/config/_default/params.toml
@@ -4,7 +4,7 @@ enableSearch = true
 # socials
 introDescription = "Lead SRE/DevOps, Team leader, Open Source enthusiast."
 largeTwitterCard = false # set to true if you want to show a large twitter card image. The default is a small twitter card image
-twitter = "@_smana_"
+twitter = "@smana.dev"
 # introURL = "about/" # set the url for the 'read more' button below the introDescription, or set to false to not show the button
 # description = "A theme based on VMware's Clarity Design System for publishing technical blogs with Hugo." # Set your site's meta tag (SEO) description here. Alternatively set this description in your home page content file e.g. content/_index.md. Whatever is set in the latter will take precedence.
 # keywords = ["design", "clarity", "hugo theme"] # Set your site's meta tag (SEO) keywords here. Alternatively set these in your home page content file e.g. content/_index.md. Whatever is set in the latter will take precedence.
diff --git a/themes/hugo-clarity b/themes/hugo-clarity
index 8412edb..bd484f2 160000
--- a/themes/hugo-clarity
+++ b/themes/hugo-clarity
@@ -1 +1 @@
-Subproject commit 8412edb369414537eabc4de1ecf6f3b8edf70c50
+Subproject commit bd484f2c460ae07c42bd47e8be2c684bec61a2f8

From c83c74086079c9299a2150a00106073287b32d66 Mon Sep 17 00:00:00 2001
From: Smaine Kahlouch <smainklh@gmail.com>
Date: Sat, 23 Nov 2024 10:12:21 +0100
Subject: [PATCH 2/3] refactor: update opentofu and openbao paths

---
 .github/workflows/gh-pages.yaml               |  4 ++--
 content/en/post/cilium-gateway-api/index.md   |  6 ++---
 content/en/post/pki-gapi/index.md             | 16 ++++++-------
 content/en/post/tailscale/index.md            |  6 ++---
 content/en/post/terraform-controller/index.md | 24 +++++++++----------
 content/fr/post/cilium-gateway-api/index.md   |  4 ++--
 content/fr/post/pki-gapi/index.md             | 16 ++++++-------
 content/fr/post/tailscale/index.md            |  4 ++--
 content/fr/post/terraform-controller/index.md | 22 ++++++++---------
 9 files changed, 51 insertions(+), 51 deletions(-)

diff --git a/.github/workflows/gh-pages.yaml b/.github/workflows/gh-pages.yaml
index 26345cc..89c79e5 100644
--- a/.github/workflows/gh-pages.yaml
+++ b/.github/workflows/gh-pages.yaml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   deploy:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
         with:
@@ -20,7 +20,7 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@v2
         with:
-          hugo-version: "0.128.2"
+          hugo-version: "0.139.0"
           extended: true
 
       - name: Build
diff --git a/content/en/post/cilium-gateway-api/index.md b/content/en/post/cilium-gateway-api/index.md
index 1b3c850..6d5a52c 100644
--- a/content/en/post/cilium-gateway-api/index.md
+++ b/content/en/post/cilium-gateway-api/index.md
@@ -53,9 +53,9 @@ Let's see how GAPI is used in practice with Cilium 🚀!
 
 ## :ballot_box_with_check: Prerequisites
 
-For the remainder of this article, we assume an EKS cluster has been deployed. If you're not using the [method suggested in the demo repo](https://github.com/Smana/cilium-gateway-api/tree/main/terraform/eks) as the basis for this article, there are a few **points to check** for GAPI to be usable.
+For the remainder of this article, we assume an EKS cluster has been deployed. If you're not using the [method suggested in the demo repo](https://github.com/Smana/cilium-gateway-api/tree/main/opentofu/eks) as the basis for this article, there are a few **points to check** for GAPI to be usable.
 
-ℹ️ The installation method described here is based on `Helm`, all the `values` can be viewed [here](https://github.com/Smana/cilium-gateway-api/blob/main/terraform/eks/helm_values/cilium.yaml).
+ℹ️ The installation method described here is based on `Helm`, all the `values` can be viewed [here](https://github.com/Smana/cilium-gateway-api/blob/main/opentofu/eks/helm_values/cilium.yaml).
 
 * **Install** the `CRDs` available in the [Gateway API](https://github.com/kubernetes-sigs/gateway-api/tree/main/config/crd) repository.
 {{% notice note Note %}}
@@ -618,4 +618,4 @@ While I've only scratched the surface of what Cilium's GAPI can offer (honestly,
 * <https://docs.cilium.io/en/latest/network/servicemesh/gateway-api/gateway-api/#gs-gateway-api>
 * <https://isovalent.com/blog/post/cilium-gateway-api/>
 * <https://isovalent.com/blog/post/tutorial-getting-started-with-the-cilium-gateway-api/>
-* Isovalent's [labs](https://isovalent.com/resource-library/labs/) are great to start playing with Gateway API and you'll get new badges to add to your collection 😄 <img src="badges.png" width="330" height="330" alt="">
\ No newline at end of file
+* Isovalent's [labs](https://isovalent.com/resource-library/labs/) are great to start playing with Gateway API and you'll get new badges to add to your collection 😄 <img src="badges.png" width="330" height="330" alt="">
diff --git a/content/en/post/pki-gapi/index.md b/content/en/post/pki-gapi/index.md
index 8e02e11..778a884 100644
--- a/content/en/post/pki-gapi/index.md
+++ b/content/en/post/pki-gapi/index.md
@@ -86,10 +86,10 @@ To enhance the security of the certificate management system, it's recommended t
 
 * Generate the **certificate for the Vault server from the Intermediate CA**: This ensures a trust chain from the Root CA to the end-user certificates, through the Intermediate CA.
 
-By following the procedure described [**here**](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/cluster/docs/pki_requirements.md), you should obtain the following files which will be used throughout the rest of this article. This is a suggestion based on `openssl`, and you may use the method that best suits you to achieve the same outcome.
+By following the procedure described [**here**](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/cluster/docs/pki_requirements.md), you should obtain the following files which will be used throughout the rest of this article. This is a suggestion based on `openssl`, and you may use the method that best suits you to achieve the same outcome.
 
 ```console
-cd terraform/vault/cluster
+cd opentofu/openbao/cluster
 
 ls .tls/*.pem
 .tls/bundle.pem  .tls/ca-chain.pem  .tls/intermediate-ca-key.pem  .tls/intermediate-ca.pem  .tls/root-ca-key.pem  .tls/root-ca.pem  .tls/vault-key.pem  .tls/vault.pem
@@ -114,7 +114,7 @@ There are several methods to deploy a Vault cluster, but I couldn't find one tha
 
 * **Vault Auto-Unseal feature**: This function is crucial given the ephemeral nature of our nodes. It minimizes downtime and eliminates the need for manual interventions for Vault unsealing.
 
-This article does not aim to describe all the steps, which are available in the [GitHub repo documentation](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/cluster/docs/getting_started.md). Here is an example of `Opentofu` variables:
+This article does not aim to describe all the steps, which are available in the [GitHub repo documentation](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/cluster/docs/getting_started.md). Here is an example of `Opentofu` variables:
 
 ```hcl
 name                  = "ogenki-vault"
@@ -144,7 +144,7 @@ Deploying a complete platform is carried out sequentially, in **distinct steps**
 
 Obviously, supporting resources such as network components are required to deploy machines, then the Vault cluster can be installed and configured before considering the addition of other infrastructure elements, which will likely depend on the sensitive information stored in Vault.
 
-The Vault configuration is applied using the [Terraform provider](https://registry.terraform.io/providers/hashicorp/vault/latest/docs), which authenticates using a token generated from the Vault instance. The proposal [**here**](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/vault/management) demonstrates how to configure the PKI and allow internal applications to access to Vault's API, particularly on how to configure `Cert-Manager`.
+The Vault configuration is applied using the [Terraform provider](https://registry.terraform.io/providers/hashicorp/vault/latest/docs), which authenticates using a token generated from the Vault instance. The proposal [**here**](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/openbao/management) demonstrates how to configure the PKI and allow internal applications to access to Vault's API, particularly on how to configure `Cert-Manager`.
 
 Here are the organization's specific variables:
 
@@ -384,10 +384,10 @@ spec:
 ```
 
 * The URL specified is that of the Vault server. It must be accessible from the pods within Kubernetes.
-* The `path` in Vault is part of the [Vault configuration phase](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/roles.tf). It refers to the role authorized to generate certificates.
-* Here, we are using authentication via an [Approle](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/docs/approle.md).
+* The `path` in Vault is part of the [Vault configuration phase](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/roles.tf). It refers to the role authorized to generate certificates.
+* Here, we are using authentication via an [Approle](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/docs/approle.md).
 
-For more details on all the actions necessary for configuring Cert-Manager with Vault, refer to [this procedure](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/docs/cert-manager.md).
+For more details on all the actions necessary for configuring Cert-Manager with Vault, refer to [this procedure](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/docs/cert-manager.md).
 
 The main difference with the method used for Let's Encrypt lies in the fact that **the certificate must be explicitly created**. Indeed, the previous method allowed for automatic creation with an annotation.
 
@@ -527,4 +527,4 @@ It's important to recall some recommendations and best practices before consider
   - [Deployment Guide](https://developer.hashicorp.com/vault/tutorials/day-one-raft/raft-deployment-guide)
   - [AWS](https://developer.hashicorp.com/vault/tutorials/raft/raft-storage-aws)
 * [Production hardening](https://developer.hashicorp.com/vault/tutorials/day-one-raft/production-hardening)
-* [PKI](https://developer.hashicorp.com/vault/tutorials/secrets-management/pki-engine-external-ca)
\ No newline at end of file
+* [PKI](https://developer.hashicorp.com/vault/tutorials/secrets-management/pki-engine-external-ca)
diff --git a/content/en/post/tailscale/index.md b/content/en/post/tailscale/index.md
index 4cc0ea2..c0870b9 100644
--- a/content/en/post/tailscale/index.md
+++ b/content/en/post/tailscale/index.md
@@ -110,7 +110,7 @@ We can then **reach Cloud subnets through Tailscale's VPN**.
 ### 🚀 Deploying a Subnet Router
 
 Let's dive in and deploy a _Subnet router_ on an AWS network!</br>
-Everything is done using the **Terraform** code present in the directory [terraform/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/network). We will analyze the Tailscale-specific configuration present in the [tailscale.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/network/tailscale.tf) file before deploying.
+Everything is done using the **Terraform** code present in the directory [opentofu/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/network). We will analyze the Tailscale-specific configuration present in the [tailscale.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/network/tailscale.tf) file before deploying.
 
 #### The Terraform provider
 
@@ -247,7 +247,7 @@ module "tailscale_subnet_router" {
 
 Now that we've examined the various parameters, it's time to **start our Subnet router** 🚀 !! </br>
 
-First, you need to create a `variable.tfvars` file in the [terraform/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/network) directory.
+First, you need to create a `variable.tfvars` file in the [opentofu/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/network) directory.
 
 ```hcl
 env                 = "dev"
@@ -380,7 +380,7 @@ In our setup, we already have a _Subnet router_ that routes the entire VPC netwo
 
 To access the Kubernetes API, it's essential to **authorize the Subnet router**. This is accomplished by setting the following rule for the source _security group_.
 
-[terraform/eks/main.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/eks/main.tf#L44)
+[opentofu/eks/main.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/eks/main.tf#L44)
 
 ```hcl
 module "eks" {
diff --git a/content/en/post/terraform-controller/index.md b/content/en/post/terraform-controller/index.md
index b124f04..64e5780 100644
--- a/content/en/post/terraform-controller/index.md
+++ b/content/en/post/terraform-controller/index.md
@@ -15,7 +15,7 @@ thumbnail= "thumbnail.png"
 
 **Terraform** is probably the most used "Infrastructure As Code" tool for building, modifying, and versioning Cloud infrastructure changes.
 It is an Open Source project developed by Hashicorp that uses the [HCL](https://github.com/hashicorp/hcl) language to declare the desired state of Cloud resources.
-The state of the created resources is stored in a file called terraform state.
+The state of the created resources is stored in a file called opentofu state.
 
 Terraform can be considered a "semi-declarative" tool as there is no built-in **automatic reconciliation** feature. There are several solutions to address this issue, but generally speaking, a modification will be applied using `terraform apply`. The code is actually written using the HCL configuration files (declarative), but the execution is done imperatively.
 As a result, there can be a drift between the declared and actual state (for example, a colleague who would have changed something directly into the console 😉).
@@ -54,11 +54,11 @@ So we are going to create a **control plane** cluster using the `terraform` comm
 It is crucial that this cluster is resilient, secure, and supervised as it will be responsible for managing all the AWS resources created subsequently.
 {{% /notice %}}
 
-Without going into detail, the control plane cluster was created using [this code](https://github.com/Smana/demo-tf-controller/tree/main/terraform/controlplane). That said, it is important to note that all application deployment operations are done using Flux.
+Without going into detail, the control plane cluster was created using [this code](https://github.com/Smana/demo-tf-controller/tree/main/opentofu/controlplane). That said, it is important to note that all application deployment operations are done using Flux.
 
 {{% notice info Info %}}
 
-By following the instructions in the [README](https://github.com/Smana/demo-tf-controller/blob/main/terraform/controlplane/README.md), an EKS cluster will be created but not only! </br>
+By following the instructions in the [README](https://github.com/Smana/demo-tf-controller/blob/main/opentofu/controlplane/README.md), an EKS cluster will be created but not only! </br>
 Indeed, it is required to give permissions to the Terraform controller so it will able to apply infrastructure changes.
 Furthermore, Flux must be installed and configured to apply the configuration defined [here](https://github.com/Smana/demo-tf-controller/tree/main/clusters/controlplane-0).
 
@@ -163,12 +163,12 @@ In this demo, there are already a several AWS resources declared. Therefore, aft
 [![asciicast](https://asciinema.org/a/guDIpkVdD51Cyog9P5NYnuWSq.png)](https://asciinema.org/a/guDIpkVdD51Cyog9P5NYnuWSq?&speed=2)
 
 {{% notice info Info %}}
-Although the majority of operations are performed declaratively or via the CLIs `kubectl` and `flux`, another tool allows to manage Terraform resources: [tfctl](https://docs.gitops.weave.works/docs/terraform/tfctl/)
+Although the majority of operations are performed declaratively or via the CLIs `kubectl` and `flux`, another tool allows to manage Terraform resources: [tfctl](https://docs.gitops.weave.works/docs/opentofu/tfctl/)
 {{% /notice %}}
 
 ## 🚀 Apply a change
 
-One of the Terraform's [best practices](https://www.terraform-best-practices.com/) is to use **[modules](https://developer.hashicorp.com/terraform/language/modules)**.</br>
+One of the Terraform's [best practices](https://www.terraform-best-practices.com/) is to use **[modules](https://developer.hashicorp.com/opentofu/language/modules)**.</br>
 A module is a set of logically linked Terraform resources bundled into a single reusable unit. They allow to abstract complexity, take inputs, perform specific actions, and produce outputs.
 
 You can create your own modules and make them available as `Sources` or use the many modules shared and maintained by communities.</br>
@@ -191,7 +191,7 @@ spec:
 
 Then we can make use of this Source within a `Terraform` resource:
 
-[vpc/dev.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/terraform/custom-resources/vpc/dev.yaml)
+[vpc/dev.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/opentofu/custom-resources/vpc/dev.yaml)
 
 ```yaml
 apiVersion: infra.contrib.fluxcd.io/v1alpha2
@@ -350,7 +350,7 @@ We can also enable **automatic reconciliation**. To do this, set the `.spec.auto
 
 All IRSA resources are configured in this way:
 
-[external-secrets.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/terraform/irsa/base/external-secrets.yaml)
+[external-secrets.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/opentofu/irsa/base/external-secrets.yaml)
 ```yaml
 piVersion: infra.contrib.fluxcd.io/v1alpha2
 kind: Terraform
@@ -387,7 +387,7 @@ Here we want to be able to delete IRSA roles because they're tightly linked to a
 
 ### 🔄 Inputs/Outputs and modules dependencies
 
-When using Terraform, we often need to share data from one module to another. This is done using the [**outputs**](https://developer.hashicorp.com/terraform/language/values/outputs) that are defined within modules. </br>
+When using Terraform, we often need to share data from one module to another. This is done using the [**outputs**](https://developer.hashicorp.com/opentofu/language/values/outputs) that are defined within modules. </br>
 So we need a way to store them somewhere and import them into another module.
 
 Let's take again the given example above (`vpc-dev`). We can see at the bottom of the YAML file, the following block:
@@ -419,7 +419,7 @@ vpc-0c06a6d153b8cc4db
 
 Some of these are then used to create a dev EKS cluster. Note that you don't have to read them all, you can cherry pick a few chosen outputs from the secret:
 
-[vpc/dev.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/terraform/custom-resources/vpc/dev.yaml)
+[vpc/dev.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/opentofu/custom-resources/vpc/dev.yaml)
 ```yaml
 ...
   varsFrom:
@@ -546,7 +546,7 @@ I recently discovered the efficiency of this feature. Here is how I use it:
 
 The Terraform code that creates an EKS cluster also generates a `ConfigMap` that contains **cluster-specific variables** such as the cluster name, as well as all the parameters that vary between clusters.
 
-[flux.tf](https://github.com/Smana/demo-tf-controller/blob/main/terraform/controlplane/flux.tf#L36)
+[flux.tf](https://github.com/Smana/demo-tf-controller/blob/main/opentofu/controlplane/flux.tf#L36)
 
 ```hcl
 resource "kubernetes_config_map" "flux_clusters_vars" {
@@ -582,7 +582,7 @@ metadata:
 spec:
   prune: true
   interval: 4m0s
-  path: ./infrastructure/controlplane-0/terraform/custom-resources
+  path: ./infrastructure/controlplane-0/opentofu/custom-resources
   postBuild:
     substitute:
       domain_name: "cloud.ogenki.io"
@@ -655,4 +655,4 @@ So, I encourage you to try `tf-controller` yourself, and perhaps even contribute
 
 * The demo I used create quite a few resources, some of which are quite critical (like the network). So, keep in mind that this is just for the demo! I suggest taking a gradual approach if you plan to implement it: start by using drift detection, then create simple resources.
 * I also took some shortcuts in terms of security that should be avoided, such as giving admin rights to the controller.
-{{% /notice %}}
\ No newline at end of file
+{{% /notice %}}
diff --git a/content/fr/post/cilium-gateway-api/index.md b/content/fr/post/cilium-gateway-api/index.md
index c6d0bc8..c442e63 100644
--- a/content/fr/post/cilium-gateway-api/index.md
+++ b/content/fr/post/cilium-gateway-api/index.md
@@ -55,9 +55,9 @@ Voyons comment cela s'utilise concrètement 🚀!
 
 ## :ballot_box_with_check: Prérequis
 
-Pour le reste de cet article nous considérons qu'un cluster EKS a été déployé. Si vous n'utilisez pas la [méthode proposée dans le repo de démo](https://github.com/Smana/cilium-gateway-api/tree/main/terraform/eks) servant de socle à cet article, il y a **certains points à valider** pour que GAPI puisse être utilisé.
+Pour le reste de cet article nous considérons qu'un cluster EKS a été déployé. Si vous n'utilisez pas la [méthode proposée dans le repo de démo](https://github.com/Smana/cilium-gateway-api/tree/main/opentofu/eks) servant de socle à cet article, il y a **certains points à valider** pour que GAPI puisse être utilisé.
 
-ℹ️ La méthode d'installation decrite ici se base sur `Helm`, l'ensemble des `values` peuvent être consultées [ici](https://github.com/Smana/cilium-gateway-api/blob/main/terraform/eks/helm_values/cilium.yaml).
+ℹ️ La méthode d'installation decrite ici se base sur `Helm`, l'ensemble des `values` peuvent être consultées [ici](https://github.com/Smana/cilium-gateway-api/blob/main/opentofu/eks/helm_values/cilium.yaml).
 
 * **Installer** les `CRDs` (resources personnalisés) disponibles dans le repository [Gateway API](https://github.com/kubernetes-sigs/gateway-api/tree/main/config/crd)
 {{% notice note Note %}}
diff --git a/content/fr/post/pki-gapi/index.md b/content/fr/post/pki-gapi/index.md
index 40d2081..ba069bc 100644
--- a/content/fr/post/pki-gapi/index.md
+++ b/content/fr/post/pki-gapi/index.md
@@ -88,10 +88,10 @@ Pour renforcer la sécurité le système de gestion de certificats, il est recom
 
 * Générer le **certificat pour le serveur Vault depuis l'AC Intermédiaire** : Cela assure une chaîne de confiance depuis l'AC Racine jusqu'aux certificats utilisateurs finaux, en passant par l'AC Intermédiaire.
 
-En suivant la procédure décrite [**ici**](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/cluster/docs/pki_requirements.md) vous devriez obtenir les fichiers suivants qui seront utilisés dans le reste de cet article. Il s'agit là d'une proposition basé sur `openssl`, et vous pouvez utiliser la méthode qui vous convient pour parvenir au même résultat
+En suivant la procédure décrite [**ici**](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/vault/cluster/docs/pki_requirements.md) vous devriez obtenir les fichiers suivants qui seront utilisés dans le reste de cet article. Il s'agit là d'une proposition basé sur `openssl`, et vous pouvez utiliser la méthode qui vous convient pour parvenir au même résultat
 
 ```console
-cd terraform/vault/cluster
+cd opentofu/vault/cluster
 
 ls .tls/*.pem
 .tls/bundle.pem  .tls/ca-chain.pem  .tls/intermediate-ca-key.pem  .tls/intermediate-ca.pem  .tls/root-ca-key.pem  .tls/root-ca.pem  .tls/vault-key.pem  .tls/vault.pem
@@ -115,7 +115,7 @@ Il existe plusieurs méthodes pour déployer un cluster Vault mais je n'ai pas t
 
 * **Fonctionnalité de déverrouillage automatique de Vault** (Unseal) : Cette fonction est essentielle compte tenu de la nature éphémère de nos nœuds. Elle permet de minimiser les temps d'arrêt et d'éliminer le besoin d'interventions manuelles pour le déverrouillage de Vault.
 
-Cet article n'a pas pour but de décrire toutes les étapes qui sont disponibles dans la [documentation du repo Github](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/cluster/docs/getting_started.md). Le fichier de variables `Opentofu` contient la configuration souhaitée.
+Cet article n'a pas pour but de décrire toutes les étapes qui sont disponibles dans la [documentation du repo Github](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/cluster/docs/getting_started.md). Le fichier de variables `Opentofu` contient la configuration souhaitée.
 
 ```hcl
 name                  = "ogenki-vault"
@@ -145,7 +145,7 @@ Le déploiement d'une plateforme complète se fait par **étapes distinctes** ca
 
 Il faut bien entendu tous les composants réseaux afin d'y déployer des machines, puis le cluster Vault peut être installé et configuré avant de considérer l'ajout d'autres éléments d'infrastructure, qui dépendront probablement des informations sensibles stockées dans Vault.
 
-La configuration de Vault est appliquée grâce au [provider Terraform](https://registry.terraform.io/providers/hashicorp/vault/latest/docs) dont l'authentification se fait via un token généré depuis l'instance Vault. La proposition [**ici**](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/vault/management) démontre comment configurer la PKI et autoriser les applications internes à interagir avec l'API de Vault et, en particulier, comment configurer `Cert-Manager`.
+La configuration de Vault est appliquée grâce au [provider Terraform](https://registry.terraform.io/providers/hashicorp/vault/latest/docs) dont l'authentification se fait via un token généré depuis l'instance Vault. La proposition [**ici**](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/openbao/management) démontre comment configurer la PKI et autoriser les applications internes à interagir avec l'API de Vault et, en particulier, comment configurer `Cert-Manager`.
 
 Il suffit donc de déclarer les variables propre à votre organisation
 
@@ -381,10 +381,10 @@ spec:
 ```
 
 * L'URL indiquée est celle du serveur Vault. Elle doit être accessible depuis les pods dans Kubernetes
-* Le `path` dans Vault fait partie de la phase de [configuration de Vault](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/roles.tf). Il s'agit du rôle autorisé à généré des certificats.
-* Nous utilisons ici une authentification via un [Approle](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/docs/approle.md).
+* Le `path` dans Vault fait partie de la phase de [configuration de Vault](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/roles.tf). Il s'agit du rôle autorisé à généré des certificats.
+* Nous utilisons ici une authentification via un [Approle](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/docs/approle.md).
 
-Pour plus de détails sur l'ensemble des actions nécessaires à la configuration de Cert-Manager avec Vault, vous référer à [cette procédure](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/vault/management/docs/cert-manager.md).
+Pour plus de détails sur l'ensemble des actions nécessaires à la configuration de Cert-Manager avec Vault, vous référer à [cette procédure](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/openbao/management/docs/cert-manager.md).
 
 La principale différence avec la méthode utilisée pour Let's Encrypt réside dans le faut que **le certificat doit être créé explicitement**. En effet, la méthode précédente permettait de le faire automatiquement avec une annotation.
 
@@ -523,4 +523,4 @@ Il est important de rappeler quelques recommandations et bonnes pratiques avant
   - [Deployment Guide](https://developer.hashicorp.com/vault/tutorials/day-one-raft/raft-deployment-guide)
   - [AWS](https://developer.hashicorp.com/vault/tutorials/raft/raft-storage-aws)
 * [Production hardening](https://developer.hashicorp.com/vault/tutorials/day-one-raft/production-hardening)
-* [PKI](https://developer.hashicorp.com/vault/tutorials/secrets-management/pki-engine-external-ca)
\ No newline at end of file
+* [PKI](https://developer.hashicorp.com/vault/tutorials/secrets-management/pki-engine-external-ca)
diff --git a/content/fr/post/tailscale/index.md b/content/fr/post/tailscale/index.md
index 0ebd782..265aff2 100644
--- a/content/fr/post/tailscale/index.md
+++ b/content/fr/post/tailscale/index.md
@@ -112,7 +112,7 @@ Nous pouvons alors **router des sous réseaux du Clouder à travers le VPN de Ta
 ### 🚀 Déployer un Subnet router
 
 Entrons dans le vif du sujet et deployons un _Subnet router_ sur un réseau AWS!</br>
-Tout est fait en utilisant le code **Terraform** présent dans le répertoire [terraform/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/network). Nous allons analyser la configuration spécifique à Tailscale qui est présente dans le fichier [tailscale.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/terraform/network/tailscale.tf) avant de procéder au déploiement.
+Tout est fait en utilisant le code **Terraform** présent dans le répertoire [opentofu/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/network). Nous allons analyser la configuration spécifique à Tailscale qui est présente dans le fichier [tailscale.tf](https://github.com/Smana/demo-cloud-native-ref/blob/main/opentofu/network/tailscale.tf) avant de procéder au déploiement.
 
 #### Le provider Terraform
 
@@ -246,7 +246,7 @@ module "tailscale_subnet_router" {
 
 Maintenant que nous avons analysé les différents paramètres, il est temps de **démarrer notre Subnet router** 🚀 !! </br>
 
-Il faut au préalable créer un fichier `variable.tfvars` dans le répertoire [terraform/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/terraform/network).
+Il faut au préalable créer un fichier `variable.tfvars` dans le répertoire [opentofu/network](https://github.com/Smana/demo-cloud-native-ref/tree/main/opentofu/network).
 
 ```hcl
 env                 = "dev"
diff --git a/content/fr/post/terraform-controller/index.md b/content/fr/post/terraform-controller/index.md
index f9d1312..5b02335 100644
--- a/content/fr/post/terraform-controller/index.md
+++ b/content/fr/post/terraform-controller/index.md
@@ -53,11 +53,11 @@ Nous allons donc créer un cluster **control plane** en utilisant la ligne de co
 Il est primordial que ce cluster soit résiliant, sécurisé et supervisé car il sera responsable de la gestion de l'ensemble des ressources AWS créées par la suite.
 {{% /notice %}}
 
-Sans entrer dans le détail, le cluster "control plane" a été créé un utilisant [ce code](https://github.com/Smana/demo-tf-controller/tree/main/terraform/controlplane). Celà-dit, il est important de noter que toutes les opérations de déploiement d'application se font en utilisant Flux.
+Sans entrer dans le détail, le cluster "control plane" a été créé un utilisant [ce code](https://github.com/Smana/demo-tf-controller/tree/main/opentofu/controlplane). Celà-dit, il est important de noter que toutes les opérations de déploiement d'application se font en utilisant Flux.
 
 {{% notice info Info %}}
 
-En suivant les instructions du [README](https://github.com/Smana/demo-tf-controller/blob/main/terraform/controlplane/README.md), un cluster EKS sera créé mais pas uniquement! </br>
+En suivant les instructions du [README](https://github.com/Smana/demo-tf-controller/blob/main/opentofu/controlplane/README.md), un cluster EKS sera créé mais pas uniquement! </br>
 Il faut en effet donner les permissions au controlleur Terraform pour appliquer les changements d'infrastructure.
 De plus, Flux doit être installé et configuré afin d'appliquer la configuration définie [ici](https://github.com/Smana/demo-tf-controller/tree/main/clusters/controlplane-0).
 
@@ -163,12 +163,12 @@ Dans le repo de demo il y a déjà un certain nombre de ressources AWS déclaré
 [![asciicast](https://asciinema.org/a/guDIpkVdD51Cyog9P5NYnuWSq.png)](https://asciinema.org/a/guDIpkVdD51Cyog9P5NYnuWSq?&speed=2)
 
 {{% notice info Info %}}
-Bien que la majorité des tâches puisse être réalisée de manière déclarative ou via les utilitaires de ligne de commande tels que `kubectl` et `flux`, un autre outil existe qui offre la possibilité d'interagir avec les ressources terraform : [tfctl](https://docs.gitops.weave.works/docs/terraform/tfctl/)
+Bien que la majorité des tâches puisse être réalisée de manière déclarative ou via les utilitaires de ligne de commande tels que `kubectl` et `flux`, un autre outil existe qui offre la possibilité d'interagir avec les ressources terraform : [tfctl](https://docs.gitops.weave.works/docs/opentofu/tfctl/)
 {{% /notice %}}
 
 ## 🚀 Appliquer un changement
 
-Parmis les [bonnes pratiques](https://www.terraform-best-practices.com/) avec Terraform, il y a l'usage de **[modules](https://developer.hashicorp.com/terraform/language/modules)**.</br>
+Parmis les [bonnes pratiques](https://www.terraform-best-practices.com/) avec Terraform, il y a l'usage de **[modules](https://developer.hashicorp.com/opentofu/language/modules)**.</br>
 Un module est un ensemble de ressources Terraform liées logigement afin d'obtenir une seule unité réutilisable. Cela permet d'abstraire la complexité, de prendre des entrées, effectuer des actions spécifiques et produire des sorties.
 
 Il est possible de créer ses propres modules et de les mettre à disposition dans des `Sources` ou d'utiliser les nombreux modules partagés et maintenus par les communautés.</br>
@@ -176,7 +176,7 @@ Il suffit alors d'indiquer quelques `variables` afin de l'adapter au contexte.
 
 Avec `tf-controller`, la première étape consiste donc à indiquer la `Source` du module. Ici nous allons configurer le socle réseau sur AWS (vpc, subnets...) avec le module [terraform-aws-vpc](https://github.com/terraform-aws-modules/terraform-aws-vpc).
 
-[sources/terraform-aws-vpc.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/terraform/custom-resources/sources/terraform-aws-vpc.yaml)
+[sources/terraform-aws-vpc.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/opentofu/custom-resources/sources/terraform-aws-vpc.yaml)
 
 ```yaml
 apiVersion: source.toolkit.fluxcd.io/v1
@@ -193,7 +193,7 @@ spec:
 
 Nous pouvons ensuite créer la ressource `Terraform` qui en fait usage:
 
-[vpc/dev.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/terraform/custom-resources/vpc/dev.yaml)
+[vpc/dev.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/opentofu/custom-resources/vpc/dev.yaml)
 
 ```yaml
 apiVersion: infra.contrib.fluxcd.io/v1alpha2
@@ -352,7 +352,7 @@ Nous pouvons aussi activer la **réconciliation** automatique. Pour ce faire il
 
 Toutes les ressources IRSA sont configurées de la sorte:
 
-[external-secrets.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/terraform/irsa/base/external-secrets.yaml)
+[external-secrets.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/opentofu/irsa/base/external-secrets.yaml)
 
 ```yaml
 piVersion: infra.contrib.fluxcd.io/v1alpha2
@@ -391,7 +391,7 @@ Ici nous voulons la possibilité de supprimer les rôles IRSA. Ils sont en effet
 
 ### 🔄 Entrées et sorties: dépendances entre modules
 
-Lorsque qu'on utilise Terraform, on a souvent besoin de passer des données d'un module à l'autre. Généralement ce sont les [**outputs**](https://developer.hashicorp.com/terraform/language/values/outputs) du module qui exportent ces informations. Il faut donc un moyen de les importer dans un autre module.
+Lorsque qu'on utilise Terraform, on a souvent besoin de passer des données d'un module à l'autre. Généralement ce sont les [**outputs**](https://developer.hashicorp.com/opentofu/language/values/outputs) du module qui exportent ces informations. Il faut donc un moyen de les importer dans un autre module.
 
 Reprenons encore l'exemple donné ci-dessus (`vpc-dev`). Nous notons en bas du YAML la directive suivante:
 
@@ -422,7 +422,7 @@ vpc-0c06a6d153b8cc4db
 
 Certains de ces éléments d'informations sont ensuite utilisés pour créer un cluster EKS de dev:
 
-[vpc/dev.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/terraform/custom-resources/vpc/dev.yaml)
+[vpc/dev.yaml](https://github.com/Smana/demo-tf-controller/blob/main/infrastructure/controlplane-0/opentofu/custom-resources/vpc/dev.yaml)
 
 ```yaml
 ...
@@ -553,7 +553,7 @@ J'ai découvert l'efficacité de cette fonctionnalité très récemment. Je vais
 Le code terraform qui crée un cluster EKS, génère aussi une `ConfigMap` qui contient les **variables propres au cluster**.
 On y retrouvera, bien sûr, le nom du cluster, mais aussi tous les paramètres qui varient entre les clusters et qui sont utilisés dans les manifests Kubernetes.
 
-[flux.tf](https://github.com/Smana/demo-tf-controller/blob/main/terraform/controlplane/flux.tf#L36)
+[flux.tf](https://github.com/Smana/demo-tf-controller/blob/main/opentofu/controlplane/flux.tf#L36)
 
 ```hcl
 resource "kubernetes_config_map" "flux_clusters_vars" {
@@ -589,7 +589,7 @@ metadata:
 spec:
   prune: true
   interval: 4m0s
-  path: ./infrastructure/controlplane-0/terraform/custom-resources
+  path: ./infrastructure/controlplane-0/opentofu/custom-resources
   postBuild:
     substitute:
       domain_name: "cloud.ogenki.io"

From 5936f0e0a6188ff7006e75a747b3104bc66a74e1 Mon Sep 17 00:00:00 2001
From: Smaine Kahlouch <smainklh@gmail.com>
Date: Sat, 23 Nov 2024 10:20:44 +0100
Subject: [PATCH 3/3] chore: add a few updates on deprecated things

---
 content/en/post/crossplane_composition_functions/index.md | 6 +++++-
 content/en/post/terraform-controller/index.md             | 4 ++++
 content/fr/post/crossplane_composition_functions/index.md | 4 ++++
 content/fr/post/terraform-controller/index.md             | 4 ++++
 themes/hugo-clarity                                       | 2 +-
 5 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/content/en/post/crossplane_composition_functions/index.md b/content/en/post/crossplane_composition_functions/index.md
index fd4fc0c..4f6e4ce 100644
--- a/content/en/post/crossplane_composition_functions/index.md
+++ b/content/en/post/crossplane_composition_functions/index.md
@@ -15,6 +15,10 @@ tags = [
 thumbnail= "thumbnail.png"
 +++
 
+{{% notice info "Update 2024-11-23" %}}
+I'm now using the [KCL (Kusion Configuration Language)](https://www.kcl-lang.io/) for crossplane compositions.
+{{% /notice %}}
+
 With the emergence of _[Platform Engineering](https://thenewstack.io/how-is-platform-engineering-different-from-devops-and-sre/)_, we are witnessing a shift towards the creation of **self-service** solutions for developers. This approach facilitates the standardization of DevOps practices, enhances the developer experience, and reduces the cognitive load associated with managing tools.
 
 `Crossplane`, an "Incubating" project under the [Cloud Native Computing Foundation (CNCF)](https://www.cncf.io/projects/crossplane/), aims to become the leading framework for creating Cloud Native platforms. In my [first article about Crossplane](https://blog.ogenki.io/post/crossplane_k3d/), I introduced this tool and explained how it leverages **GitOPs** principles for infrastructure, enabling the creation of a `GKE` cluster.
@@ -371,4 +375,4 @@ I encourage you to closely follow the project's evolution in the coming months 
 * Crossplane blog: [Improve Crossplane Compositions Authoring with go-templating-function](https://blog.upbound.io/go-templating-function)
 * [Dev XP Roadmap](https://github.com/crossplane/crossplane/issues/4654)
 * Video (Kubecon NA 2023): [Crossplane Intro and Deep Dive - the Cloud Native Control Plane Framework](https://www.youtube.com/watch?v=I5Rd0X7AROw)
-* Video (DevOps Toolkit): [Crossplane Composition Functions: Unleashing the Full Potential](https://www.youtube.com/watch?v=jjtpEhvwgMw)
\ No newline at end of file
+* Video (DevOps Toolkit): [Crossplane Composition Functions: Unleashing the Full Potential](https://www.youtube.com/watch?v=jjtpEhvwgMw)
diff --git a/content/en/post/terraform-controller/index.md b/content/en/post/terraform-controller/index.md
index 64e5780..c9a3f22 100644
--- a/content/en/post/terraform-controller/index.md
+++ b/content/en/post/terraform-controller/index.md
@@ -13,6 +13,10 @@ tags = [
 thumbnail= "thumbnail.png"
 +++
 
+{{% notice info "Update 2024-11-23" %}}
+Weave Gitops is deprecated. Using the Headlamp plugin now for displaying Flux resources.
+{{% /notice %}}
+
 **Terraform** is probably the most used "Infrastructure As Code" tool for building, modifying, and versioning Cloud infrastructure changes.
 It is an Open Source project developed by Hashicorp that uses the [HCL](https://github.com/hashicorp/hcl) language to declare the desired state of Cloud resources.
 The state of the created resources is stored in a file called opentofu state.
diff --git a/content/fr/post/crossplane_composition_functions/index.md b/content/fr/post/crossplane_composition_functions/index.md
index 1640d5c..761d140 100644
--- a/content/fr/post/crossplane_composition_functions/index.md
+++ b/content/fr/post/crossplane_composition_functions/index.md
@@ -15,6 +15,10 @@ tags = [
 thumbnail= "thumbnail.png"
 +++
 
+{{% notice info "Update 2024-11-23" %}}
+J'utilise désormais [KCL (Kusion Configuration Language)](https://www.kcl-lang.io/) pour les compositions Crossplane.
+{{% /notice %}}
+
 Avec l'émergence du _[Platform engineering](https://thenewstack.io/how-is-platform-engineering-different-from-devops-and-sre/)_, on assiste à une évolution vers la création de solutions dites "**self-service**" à destination des développeurs. Cette approche permet une standardisation des pratiques DevOps, une meilleure expérience pour les développeurs, et une réduction de la charge cognitive liée à la gestion des outils.
 
 `Crossplane`, un projet [sous l'égide de la Cloud Native Computing Foundation (CNCF)](https://www.cncf.io/projects/crossplane/) vise à devenir le framework incontournable pour créer des plateformes Cloud Natives. Dans mon [premier article sur Crossplane](https://blog.ogenki.io/fr/post/crossplane_k3d/), j'ai présenté cet outil et expliqué comment il utilise les principes **GitOPs** pour l'infrastructure, permettant ainsi de créer un cluster `GKE`.
diff --git a/content/fr/post/terraform-controller/index.md b/content/fr/post/terraform-controller/index.md
index 5b02335..770af95 100644
--- a/content/fr/post/terraform-controller/index.md
+++ b/content/fr/post/terraform-controller/index.md
@@ -13,6 +13,10 @@ tags = [
 thumbnail= "thumbnail.png"
 +++
 
+{{% notice info "Update 2024-11-23" %}}
+Ne plus utiliser Weave Gitops pour les ressources Flux. Il existe désormais un plugin Headlamp.
+{{% /notice %}}
+
 **Terraform** est probablement l'outil "Infrastructure As Code" le plus utilisé pour construire, modifier et versionner les changements d'infrastructure Cloud.
 Il s'agit d'un projet Open Source développé par Hashicorp et qui utilise le langage [HCL](https://github.com/hashicorp/hcl) pour déclarer l'état souhaité de ressources Cloud.
 L'état des ressources créées est stocké dans un fichier d'état (terraform state).
diff --git a/themes/hugo-clarity b/themes/hugo-clarity
index bd484f2..174a5e6 160000
--- a/themes/hugo-clarity
+++ b/themes/hugo-clarity
@@ -1 +1 @@
-Subproject commit bd484f2c460ae07c42bd47e8be2c684bec61a2f8
+Subproject commit 174a5e638704181c744934b75c327c665844ab04