Posts on Hoarau Jerome | Hands-on Cloud & Kubernetes

Why You Can’t Terminate TLS at Traefik for PostgreSQL (and What to Do Instead)

Sat, 27 Sep 2025 14:25:43 -0400

Context

I had the need to allow Power BI to connect to a PostgreSQL database running in Kubernetes, fronted by Traefik using a TCP entrypoint.

At first, I hoped to terminate TLS at Traefik, the same way you’d do for HTTPS traffic. But this turned out not to be possible with standard PostgreSQL clients (psql, libpq, psycopg, etc.). Here’s why.

Why This Happens

Unlike HTTPS, PostgreSQL does not start a TLS handshake immediately.
Instead, a libpq/psql client first sends a special SSLRequest packet:

Fix Vim key repeat in Cursor, Zed, VS Code on macOS

Sun, 13 Jul 2025 09:47:01 -0400

Vim extension in Cursor, Zed, or VS Code on macOS — arrow keys and held hjkl don’t repeat. macOS disables key repeat for some Electron apps by default.

Fix: disable ApplePressAndHoldEnabled for the app (keeps accent popup off, enables key repeat).

Get the app’s bundle ID:

osascript -e 'id of app "Cursor"' # or "Zed" or "Visual Studio Code"

Enable key repeat for that app:

defaults write <BUNDLE_ID> ApplePressAndHoldEnabled -bool false

Examples:

From Goals to Constraints to Costs: Designing a Lean AWS Kubernetes Homelab

Sun, 29 Jun 2025 14:32:38 -0400

🧭 Why Build a Homelab?

I recently completed the first phase of my cloud-native homelab — a Kubernetes cluster on AWS built from scratch with kubeadm, provisioned using Terraform, Packer, Ansible, and Cilium.

This wasn’t just for fun (though it was). I designed this homelab as:

A hands-on way to prepare for the CKA certification
A platform to host real-world workloads later
A personal sandbox to understand what’s happening under the hood, not just run kubectl apply

Automating Kubeadm Init and Join on Aws My Cloud Homelab Approach

Sun, 29 Jun 2025 13:35:45 -0400

When you’re setting up a Kubernetes cluster using kubeadm, one of the first questions is:
“How do I automate the init/join logic without hardcoding IPs or manually copying tokens?”

In my AWS-based Kubernetes homelab, I wanted a fully automated, reproducible setup — including both control plane and worker nodes joining the cluster automatically as soon as they boot.

This blog explains how I accomplished that using:

EC2 instance tags and metadata

How Rosetta Broke My Terraform Setup (and How I Fixed It on Apple Silicon)

Sat, 28 Jun 2025 15:05:01 -0400

🛠️ How Rosetta Broke My Terraform Setup (and How I Fixed It on Apple Silicon)

Everything was working fine — until it wasn’t.

While setting up a Kubernetes homelab using Terraform inside a devbox environment on my M1 Mac (macOS 15.5, Apple Silicon), I started hitting this dreaded error:

Error: Failed to load plugin schemas

Error while loading schemas for plugin components: Failed to obtain provider schema: Could not load the schema for provider registry.terraform.io/hashicorp/aws:
failed to instantiate provider "registry.terraform.io/hashicorp/aws" to obtain schema: timeout while waiting for plugin to start..

Re-running terraform validate or terraform plan produced the same issue, even though terraform init was succeeding.

How to Add git-crypt Contributors to Your Encrypted Git Repository

Sat, 11 Jan 2025 15:07:40 -0400

Managing sensitive information in a Git repository can be challenging, but tools like git-crypt make it easier by encrypting specific files. When adding a new contributor to such a repository, the admin needs to ensure they have the necessary access to decrypt and work with these sensitive values. This tutorial aims to provide a detailed, step-by-step guide to help admins manage contributors effectively, as the official git-crypt repository provides only basic setup instructions.

Linux Cheat Sheet

Sun, 28 Jan 2024 15:09:48 -0400

Remove execution permission to “others” on every regular files inside a directory

find directory_name -type f -exec chmod a-x {} ';'
# Avoid using 'chmod -R' as the execution permission is interpreted differently on a directory compared to a regular file.

Edit your cron configuration file

crontab -e
# Always use -e and not crontab file_name 
# Also do NOT edit it directly in /var/spool/cron/<user>

Write errors to the filesystem playbook

Determine which filesystem (FS) is full and which file is filling it up
1. `df -h` to look for FS that's 100% or more (possible) full
2. `du -h XX | sort -h` on the identified FS to determine which directory is using the most space. Rinse & repeat command until all the large files are discovered
3. Try `fuser` or `lsof` in case you cant determine which process is using a file

Note: `df` & `du` can have disparity in the space reported

Write useful shell scripts error messages

* Error messages in STDERR
* Include name of the program that's issuing the error
* State what function / operation failed
* If a system call fails, include the perror string
* Exit with some code other than 0

Write shell script steps

1. Develop the script as a pipeline, 1 step at a time, on the command line. Use bash.
2. Send output to stdout and check to be sure it looks right
3. At each step, use the shell's command history to recall pipelines and tweak them
4. Once the output is correct, execute the actual commands and verify they worked
5. Use `fc` to capture your work

Ex: `find . -type f -name '*.log' | grep -v .do-not-touch | while read fname; do echo mv $fname `echo $fname | sed s/.log/.LOG/`; done | sh -x`

Save systemd journal between reboots

Dockerizing CDKTF with Python

Sun, 31 Dec 2023 15:11:05 -0400

Cloud Development Kit for Terraform (CDKTF) is a framework that allows you to use familiar programming languages to define and provision infrastructure using Terraform. CDKTF supports multiple languages, including Python, which is a popular choice for DevOps engineers.

Unfortunately, there is currently no official Docker image for it. Using a Dockerfile, you can ensure that your CDKTF application has all the dependencies and configurations needed to run smoothly and consistently. In this blog post, I will show you the Dockerfile I built for my project that uses CDKTF with Python to create a Kubernetes cluster.

DevOps - 4 Practices to Reduce Your Lead Time

Tue, 22 Feb 2022 15:12:28 -0400

Create on-demand environments dynamically triggered by a CI/CD pipeline, so teams don’t have to wait weeks.
Automate your deployments as much as possible, so any developers can autonomously deploy when needed.
Automate your tests and add them to the CI pipeline, so teams can process deployments safely.
Design loosely coupled architecture, so developer’s changes are deployed in smaller chunks more frequently with confidence.

Those strategies allow teams to improve the delay between the time the customer creates a ticket and its completion.

Jenkins As Code With Packer, Ansible, Terraform, and AWS

Mon, 07 Feb 2022 15:14:42 -0400

What Will We Cover

Build an OS image for AWS with a Jenkins ready to use
Provision an EC2 instance to host the Jenkins server

See all the code for this article here: https://github.com/hoaraujerome/devops_cicd

Using Packer with Ansible to build an AMI image

Packer tool is responsible for creating the OS image, while Ansible is responsible for installing everything we need on this image.

The final version of the image has Jenkins (with “GIT”, “Pipeline”, and “Pipeline: AWS Steps” plugins), Docker, AWS CLI, Terraform, and Java installed for running Jenkins pipelines hosted on GitHub.

DynamoDB: 3 ways to use the API

Tue, 14 Dec 2021 15:27:32 -0400

The way you interact with DynamoDB is usually with AWS SDK, where you can perform:

Items-based actions: Anytime you act on a single item - writing, updating, or deleting - you are using an item-based action. You must provide the entire primary key.
Query: Read-only actions that allow you to fetch multiple items in a single request. You must provide the partition key and optionally provide sort key conditions.
Scan: Full table scan that looks at every item in your table. Avoid it unless you are doing an export or ETL. It’s an expensive operation at scale regarding how long it takes to respond to a request and how much capacity you need to service it. Remember that there is a 1MB limit when reading items from the table.

5 Responsibilities Regarding the JWT as an API Provider

Sun, 12 Dec 2021 15:29:02 -0400

As a reminder, a JWT (JSON Web Token) is a way for securely transmitting information between parties as a JSON object.

As an API provider, here are the actions to take on the received JWT:

Validate the signature of the JWT (mandatory)
Check if the scope necessary to use your API is present (mandatory). Your API may require more than one scope.
Check if the JWT is not expired (mandatory)

My Thoughts About Java Reactive Programming

Sat, 11 Dec 2021 15:30:48 -0400

Context

Traditional Java applications use thread pools for simultaneous I/O operations (such as a REST call). Each request consumes a thread freed at the end of the processing only. So, whenever the thread pool is empty, new requests are blocked waiting for an available thread. This programming paradigm is called imperative or blocking.

What is reactive programming?

It is a programming paradigm based on the data transmission from one or more sources called Publishers to other elements called Subscribers in an asynchronous, non-blocking, and functional way. Streams combined with the Observable design pattern process all types of data.

Hexagonal Architecture and Microservices

Fri, 10 Dec 2021 15:32:06 -0400

Presentation

Several technologies make it possible to expose or invoke business functions: SOA, REST / Web API, Messaging / JMS, and others. It is crucial to isolate the code that implements the business logic from the architectures used. The hexagonal architecture is an option to design microservices to address these challenges.

Source: http://tpierrain.blogspot.com/2013/08/a-zoom-on-hexagonalcleanonion.html

P/A stands for “Port/Adapter” and UC stands for “Use Case”

High-level sequencing:

A service receives and sends events to the “outside” via ports. A port is specific to a technology or a protocol: Servlet API, SOAP endpoint, JMS listener, or a JDBC driver.

Modern Website Architecture Overview in AWS

Thu, 09 Dec 2021 15:00:19 -0400

I have recently launched a new website snapvocab on the AWS cloud. This hands-on experience allowed me to practice what I learned in the AWS Cloud Developer Certification. After long hours working on it - more than I expected, I can tell you it was worth it. Nothing can ever replace having our hands dirty!

From a functional point of view, it is simply a CRUD application that allows a user to manage a list of words with a paid plan. On the technical side, my goal was to leverage AWS services to go live as soon as possible and at a lower cost.