GerkinDev
diff --git a/‎.vscode/csak-timelog.json
+2-2 b/‎.vscode/csak-timelog.json
+2-2
diff --git a/‎content/blog/CentOS8-firewalld-tips/index.md
+3-3 b/‎content/blog/CentOS8-firewalld-tips/index.md
+3-3
diff --git a/‎content/blog/kubernetes-qol.md
+18-18 b/‎content/blog/kubernetes-qol.md
+18-18
diff --git a/‎content/talks/RSA-Certificates-guide.md
+6-6 b/‎content/talks/RSA-Certificates-guide.md
+6-6
diff --git a/‎content/test/include-code-file/index.md
+2-2 b/‎content/test/include-code-file/index.md
+2-2
diff --git a/‎content/walkthroughs/kubernetes/00-vpn/index.md
+23-23 b/‎content/walkthroughs/kubernetes/00-vpn/index.md
+23-23
@@ -1,5 +1,5 @@
 {
     "starttime": "3/29/2022, 8:08:48 AM",
-    "totaltimesec": 15540,
-    "lasttime": "3/29/2022, 12:40:43 PM"
+    "totaltimesec": 18720,
+    "lasttime": "3/29/2022, 1:33:30 PM"
 }
@@ -24,9 +24,9 @@ When configuring firewall rules to be as strict as required, you may have some t
 
 ## Enable "*Access Denied*"
 
-{{< expand "References" >}}
+{{<expand "References">}}
  * [How to enable firewalld logging for denied packets on Linux](https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/)
-{{</ expand >}}
+{{</expand>}}
 
 `firewalld` can log events to `rsyslog`, the events journal in most linux distribution. This can be enable either at runtime (that won't persist across service restarts) or by configuration to keep it enabled for longer periods.
 
@@ -40,7 +40,7 @@ sudo sed -i.bak -E 's/#?LogDenied=off/LogDenied=all/' /etc/firewalld/firewalld.c
 sudo firewall-cmd --get-log-denied
 ```
 
-Then, we'll put rejection logs in {{< var "logFileName" >}}.
+Then, we'll put rejection logs in {{<var "logFileName">}}.
 
 ```sh
 cat <<EOF | sudo tee /etc/rsyslog.d/{{logFileName}}.conf
 
@@ -21,9 +21,9 @@ image:
 
 ## `kubectl` auto-complete
 
-{{< expand "References" >}}
+{{<expand "References">}}
 * [:books: kubectl installation manual](https://kubernetes.io/docs/tasks/tools/install-kubectl/#enable-kubectl-autocompletion)
-{{</ expand >}}
+{{</expand>}}
 
 Autocomplete is nice, and a real time saver. It avoids typos, and it's quite satisfying to type a complete command in 4 keystrokes and a couple of `tab`s correctly placed. (even if I'm always unsure when relying on my browser's autocomplete for https://**anal**ytics.google.com :expressionless:).
 
@@ -33,8 +33,8 @@ But for this one, I can only say one thing, and you have no excuses:
 
 So, short stories short, and depending on your shell, type in:
 
-{{< tabs "zsh" "bash" >}}
-{{< tab >}}
+{{<tabs "zsh" "bash">}}
+{{<tab>}}
 ```sh
 cat <<EOF | tee -a ~/.zshrc
 autoload -Uz compinit
@@ -43,8 +43,8 @@ source <(kubectl completion zsh)
 EOF
 source ~/.zshrc
 ```
-{{</ tab >}}
-{{< tab >}}
+{{</tab>}}
+{{<tab>}}
 
 > All the (bad) flavours come from the natural world.
 
@@ -61,23 +61,23 @@ fi
 echo 'source <(kubectl completion bash)' >> ~/.bashrc
 source ~/.bashrc
 ```
-{{</ tab >}}
-{{</ tabs >}}
+{{</tab>}}
+{{</tabs>}}
 
 ## `kubecolor`: prettier `kubectl` commands outputs with colors
 
-{{< expand "References" >}}
+{{<expand "References">}}
 * [Add ANSI colors to kubectl describe and other outputs](https://github.com/kubernetes/kubectl/issues/524)
 * [kubecolor](https://github.com/dty1er/kubecolor)
-{{</ expand >}}
+{{</expand>}}
 
 ```sh
 go get -u github.com/dty1er/kubecolor/cmd/kubecolor
 # Make sure kubecolor is found
 which kubecolor
 ```
 
-{{< alert theme="warning" >}}
+{{<alert theme="warning">}}
 If the command above did not worked, then you may have a problem with your `$GOPATH` or `$GOHOME` environment variables. If none are set, then the package was installed in `~/go/bin`. Either fix your vars or add `~/go/bin` to your `$PATH`.
 
 ```sh
@@ -86,7 +86,7 @@ PATH="\$PATH:\$HOME/go/bin"
 EOF
 source ~/.zshrc
 ```
-{{</ alert >}}
+{{</alert>}}
 
 Finally, you could either use `kubecolor` instead of `kubectl`, or alias `kubectl` as `kubecolor` with the following code sample:
 
@@ -104,21 +104,21 @@ EOF
 source {{profileFile}}
 ```
 
-{{< alert theme="warning">}}
+{{<alert theme="warning">}}
 I noticed some little things does not work well with `kubecolor`. That's why the script above let you use the original `kubectl` command through `kubectll`. For instance, I noticed that some commands prompting user input (so using *stdin*), such as `kubectl login`, don't work.
 
 So, if you try a command that seems to not work as expected, or stay stuck, fall back to `kubectll`.
-{{</ alert >}}
+{{</alert>}}
 
 ## `helm`: a kubernetes stack template repository
 
 [*Helm*](https://helm.sh/) is a convinient way to use or share configurable kubernetes stacks. For example, it may allow to install easily a front-end, with its API and a database, in a single template, in which you can inject your specific configuration (PVC, ports, environment, etc...).
 
 To install *helm*, run the following command:
 
-{{< alert theme="info">}}
+{{<alert theme="info">}}
 Make sure that OpenSSL is installed before proceeding.
-{{</ alert >}}
+{{</alert>}}
 
 ```sh
 # See https://helm.sh/docs/intro/install/
@@ -127,9 +127,9 @@ curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bas
 
 ## `krew`: a `kubectl` plugins manager
 
-{{< expand "References" >}}
+{{<expand "References">}}
 * [Installing krew](https://krew.sigs.k8s.io/docs/user-guide/setup/install/)
-{{</ expand >}}
+{{</expand>}}
 
 [*krew*](https://krew.sigs.k8s.io/) is a nice small plugin manager for your `kubectl` command. At the time of writing, it has [129 plugins available](https://krew.sigs.k8s.io/plugins/), including some pretty convinient to restart pods, login using OpenId, check the state of your cluster, and more.
 
 
@@ -25,9 +25,9 @@ What does *asymmetric encryption* means ? It is opposed to the *symmetric encryp
 
 While the 2 points above are super great for security and privacy, they come also with some drawbacks: generating, manipulating and using RSA keys can be a bit confusing, and that's why I'm writing this article.
 
-{{< alert theme="info" >}}
+{{<alert theme="info">}}
 See this article like a personal guide I publish in case it can help someone. It is not meant to be precise or exhaustive.
-{{</ alert >}}
+{{</alert>}}
 
 ## File formats
 
@@ -37,11 +37,11 @@ As said above, [*RSA*](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) being a
 
 The private key is one of the 2 keys mentioned above, that is meant to be used by the server.
 
-{{< alert theme="danger" >}}
+{{<alert theme="danger">}}
 As its name suggests, this file is **super** critical: anyone having this can decode messages that are sent to you, encrypted with your [public key](#pub-the-public-key).
 
 You should **never __ever__** send it to untrusted party. Other people should have the [public key](#pub-the-public-key).
-{{</ alert >}}
+{{</alert>}}
 
 #### What does it contains ?
 
@@ -72,7 +72,7 @@ Here, `2048` is the modulus. To be considered safe until 2030, it is recommended
 openssl rsa -text -in foo.key
 ```
 
-{{< expand "Sample output" >}}
+{{<expand "Sample output">}}
 ```
 RSA Private-Key: (512 bit, 2 primes)
 modulus:
@@ -109,7 +109,7 @@ coefficient:
     f9:3e:07:e3:99:59:03:13:5f:49:97:79:86:96:9e:
     a8:c3
 ```
-{{</ expand >}}
+{{</expand>}}
 
 There is a lot of maths involved here, so I won't go any further. But if you're curious, go ahead and find out what those are !
 
 
@@ -17,5 +17,5 @@ categories:
 image:
 ---
 
-{{< includeCodeFile "./foo.yaml" >}}
-{{< includeCodeFile "./bar.conf" "fallback" >}}
+{{<includeCodeFile "./foo.yaml">}}
+{{<includeCodeFile "./bar.conf" "fallback">}}
@@ -12,20 +12,20 @@ tags:
 - Networking
 ---
 
-{{< expand "References" >}}
+{{<expand "References">}}
 * <https://www.digitalocean.com/community/tutorials/how-to-run-openvpn-in-a-docker-container-on-ubuntu-14-04>
 * <https://blog.container-solutions.com/running-docker-containers-with-systemd>
-{{</ expand >}}
+{{</expand>}}
 
-Because we are installing our cluster bare metal on servers exposed on the Internet, we'll need a way to secure all of our network traffic around the critical parts of *kubernetes*. To do so, we'll use OpenVPN to create a virtual secured network where all of our nodes will work. Moreover, this network will also contains *MetalLB* services when {{< linkToPage "/walkthroughs/kubernetes/02-cluster#initialize-metallb" "configuring our bare metal load balancer" >}}.
+Because we are installing our cluster bare metal on servers exposed on the Internet, we'll need a way to secure all of our network traffic around the critical parts of *kubernetes*. To do so, we'll use OpenVPN to create a virtual secured network where all of our nodes will work. Moreover, this network will also contains *MetalLB* services when {{<linkToPage "/walkthroughs/kubernetes/02-cluster#initialize-metallb" "configuring our bare metal load balancer">}}.
 
-{{< alert theme="info" >}}
+{{<alert theme="info">}}
 You **may** need to edit your `/etc/hosts` files to associate `vpn.{{cluster.baseHostName}}` to your future *OpenVPN* server on **each of the devices that will join the cluster** (if `vpn.{{cluster.baseHostName}}` is not a real *DNS* name).
 
 ```sh
 echo '{{vpn.publicServerIp}}	vpn.{{cluster.baseHostName}}' >> /etc/hosts
 ```
-{{</ alert >}}
+{{</alert>}}
 
 See the [docs of kylemanna/openvpn](https://github.com/kylemanna/docker-openvpn$docs) (our *OpenVPN* server).
 
@@ -50,13 +50,13 @@ Once the last command is executed, your *OpenVPN* server should start. If it sta
 
 ## Make a *systemd* service for *OpenVPN* through *docker*
 
-{{< alert theme="info" >}}
+{{<alert theme="info">}}
 If you're not using systemd, see [how to use init.d](https://www.digitalocean.com/community/tutorials/how-to-run-openvpn-in-a-docker-container-on-ubuntu-14-04#step-3-%E2%80%94-launch-the-openvpn-server), and skip this section.
-{{</ alert >}}
+{{</alert>}}
 
-Install the {{< linkToIncludedFile "./systemd/kubernetes-vpn.service" >}} template into `/usr/lib/systemd/system`, then enable this service. It will run our *OpenVPN* server container.
+Install the {{<linkToIncludedFile "./systemd/kubernetes-vpn.service">}} template into `/usr/lib/systemd/system`, then enable this service. It will run our *OpenVPN* server container.
 
-{{< includeCodeFile "./systemd/kubernetes-vpn.service" >}}
+{{<includeCodeFile "./systemd/kubernetes-vpn.service">}}
 
 ```sh
 mv ./systemd/kubernetes-vpn.service /usr/lib/systemd/system
@@ -68,7 +68,7 @@ systemctl enable --now kubernetes-vpn.service
 
 You can check our docker container with `docker container inspect kubernetes-vpn.service` & get our *OpenVPN* logs with `journalctl -u kubernetes-vpn.service`.
 
-Now, get the value of the variable {{< var "vpn.serverIp" >}} with this command:
+Now, get the value of the variable {{<var "vpn.serverIp">}} with this command:
 
 ```sh
 # Show interface informations
@@ -82,11 +82,11 @@ docker exec -it kubernetes-vpn.service ip -4 addr show tun0 `# Get the "tun0" in
 
 ## Setup clients
 
-This section is meant to be repeated for each of your cluster's nodes. For every node, replace the {{< var "node.ip" >}} & {{< var "node.name" >}} variables.
+This section is meant to be repeated for each of your cluster's nodes. For every node, replace the {{<var "node.ip">}} & {{<var "node.name">}} variables.
 
-{{< alert theme="warning" >}}
-**Important**: {{< var "node.ip" >}} is the desired IP of your machine in your VPN. It **must** be on the same network than {{< var "vpn.serverIp" >}} (usually, `192.168.255.XXX`)
-{{</ alert >}}
+{{<alert theme="warning">}}
+**Important**: {{<var "node.ip">}} is the desired IP of your machine in your VPN. It **must** be on the same network than {{<var "vpn.serverIp">}} (usually, `192.168.255.XXX`)
+{{</alert>}}
 
 ### Generate credentials
 
@@ -103,15 +103,15 @@ echo "ifconfig-push {{node.ip}} {{vpn.serverIp}}" | docker run -v {{vpn.volumeNa
 docker run -v {{vpn.volumeName}}:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient {{node.name}} > {{node.name}}.ovpn
 ```
 
-Move this `{{node.name}}.ovpn` file to the {{< var "node.name" >}} node **by a safe mean**. Those files are super critical, so be very careful to not put it anywhere usafe.
+Move this `{{node.name}}.ovpn` file to the {{<var "node.name">}} node **by a safe mean**. Those files are super critical, so be very careful to not put it anywhere usafe.
 
 Next operations have to be run on clients.
 
 ### Install *OpenVPN* client
 
-{{< expand "References" >}}
+{{<expand "References">}}
 * <https://www.vpsserver.com/community/tutorials/4035/install-openvpn-on-centos-8/>
-{{< /expand >}}
+{{</expand>}}
 
 Install required dependencies.
 
@@ -150,21 +150,21 @@ You should be good to go ! :fire:
 
 ## Troubleshoot
 
-{{< expand "References" >}}
+{{<expand "References">}}
 * https://stackoverflow.com/a/63624477/4839162
-{{</ expand >}}
+{{</expand>}}
 
 ### No internet connection on nodes, or no connection between nodes
 
-{{< expand "References" >}}
+{{<expand "References">}}
 * <https://github.com/kylemanna/docker-openvpn#openvpn-details>
 * <https://github.com/kylemanna/docker-openvpn/issues/381#issuecomment-386269991>
 * <https://github.com/kylemanna/docker-openvpn/issues/381#issuecomment-616009737>
-{{</ expand >}}
+{{</expand>}}
 
-{{< alert theme="warning" >}}
+{{<alert theme="warning">}}
 Check in case-by-case.
-{{</ alert >}}
+{{</alert>}}
 
 I had to add a route push in my server configuration to make it work. See <https://openvpn.net/community-resources/how-to/#expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet>
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"starttime": "3/29/2022, 8:08:48 AM",`
`3`		`- "totaltimesec": 15540,`
`4`		`- "lasttime": "3/29/2022, 12:40:43 PM"`
	`3`	`+ "totaltimesec": 18720,`
	`4`	`+ "lasttime": "3/29/2022, 1:33:30 PM"`
`5`	`5`	`}`