Home on Adrien PARRA

Advanced OpenTofu: State Encryption & Multi-Environment Strategies

Sun, 12 Apr 2026 00:00:00 +0000

The intro article covered the why of OpenTofu. This one covers the how in production: state encryption with several key providers, key rotation, migrating an existing state, and the multi-environment patterns that hold up at scale.

Falco: Runtime Security Monitoring on Kubernetes

Sun, 12 Apr 2026 00:00:00 +0000

Trivy scans images, Kyverno validates deployments, but what watches over what happens once the containers are running? Falco, the CNCF project, monitors syscalls in real time and alerts as soon as abnormal behavior is detected.

Docker Swarm to Kubernetes: migration strategies

Sun, 29 Mar 2026 00:00:00 +0000

Migrating from Docker Swarm to Kubernetes doesn’t happen over a weekend. Concept mapping, migration patterns, pitfalls to avoid and a concrete hands-on review of a production migration.

K3S for Local Development: a mini production cluster

Sun, 29 Mar 2026 00:00:00 +0000

K3S isn’t just a cluster for IoT. Here’s how to use it as a local development environment that mirrors your production, without the €2,000 monthly cloud bills.

Kubernetes Monitoring: Prometheus + Grafana stack

Sun, 29 Mar 2026 00:00:00 +0000

Setting up a complete monitoring stack on Kubernetes with kube-prometheus-stack: installation, Grafana dashboards, alerting rules, Alertmanager and production best practices.

Traefik v3 Deep Dive: beyond basic Ingress

Sun, 29 Mar 2026 00:00:00 +0000

Traefik v3 isn’t just an IngressController. Middlewares, IngressRoute CRD, TCP/UDP routing, plugins, dashboard and observability: everything that makes Traefik a complete reverse proxy on Kubernetes.

ArgoCD in practice: GitOps made simple

Sat, 28 Mar 2026 00:00:00 +0000

GitOps is the standard for deploying to Kubernetes, and ArgoCD is its most popular implementation. A hands-on review: how it works, why it’s different from a classic CI/CD pipeline, and how to structure your deployments.

Cloud sovereignty: why switch to a European provider

Sat, 28 Mar 2026 00:00:00 +0000

AWS, GCP and Azure dominate the public cloud, but European providers have matured. A hands-on review of OVHcloud and Scaleway, a technical comparison, and the case for a more sovereign cloud.

Container Security: Trivy and Kyverno in production

Sat, 28 Mar 2026 00:00:00 +0000

Securing a production Kubernetes cluster isn’t just a networking question. Vulnerability scanning, admission policies, least privilege: a hands-on review with Trivy and Kyverno.

Taskfile: the modern replacement for Makefile

Sat, 28 Mar 2026 00:00:00 +0000

Taskfile (Task) is a task runner written in Go that advantageously replaces Make for modern projects. A look at its history, its advantages, and a comparison with Make, Just and shell scripts.

CKA: a hands-on review of the Kubernetes Administrator certification

Sun, 15 Mar 2026 00:00:00 +0000

I sat and passed the CKA (Certified Kubernetes Administrator) in March 2026. Here’s how I prepared, what the exam really tests, and what I concretely took away from it.

nerdctl: the Docker CLI for containerd

Sun, 01 Mar 2026 00:00:00 +0000

nerdctl mirrors Docker’s syntax exactly, but talks to containerd directly. A handy tool for debugging a Kubernetes cluster, working without a Docker daemon, or experimenting with features Docker doesn’t offer yet.

Contributing to open source: a Helm chart for transfer.sh

Fri, 20 Feb 2026 00:00:00 +0000

transfer.sh is a widely used command-line file-sharing tool, but it had no official Helm chart. I filled that gap with an open source contribution and opened a PR on the upstream repository.

GitLab CI/CD: inputs, components and the catalog — the end of copy-paste

Tue, 20 Jan 2026 00:00:00 +0000

GitLab has thoroughly reworked the reusability of its pipelines. Typed inputs replace fragile variables, components structure sharing, and the catalog lets you discover them. A practical overview.

OpenTofu: the open source IaC tool carrying Terraform's torch

Fri, 05 Dec 2025 00:00:00 +0000

In August 2023, HashiCorp changed Terraform’s license. A few weeks later, OpenTofu was born under the Linux Foundation’s umbrella. A look at the project’s genesis, what new things it brings, and why it deserves your attention.

Kubernetes Gateway API: the successor to Ingress is here

Mon, 10 Nov 2025 00:00:00 +0000

The Gateway API has been GA since Kubernetes 1.28. Here’s why it advantageously replaces Ingress, how it works, and how to set it up with Traefik.

About

Mon, 01 Jan 0001 00:00:00 +0000

Platform Engineer with 5 years of experience, specialized in Kubernetes, Cloud, CI/CD pipelines and Linux.

I’m a deeply curious person: I regularly try out new tools, I read release announcements the way others read the news, and I usually have a POC running locally on something that caught my eye the week before. This curiosity isn’t a side hobby: it’s what lets me quickly grasp a new environment, propose solutions the team hadn’t thought of, and stay up to date in a fast-moving ecosystem.

Contact

Mon, 01 Jan 0001 00:00:00 +0000

You can reach me via:

LinkedIn — linkedin.com/in/adrien-parra-5473a0159
GitHub — github.com/Adri3nParra

Based in Nantes (44) · Driving license · Available for hybrid work.

Experience

Mon, 01 Jan 0001 00:00:00 +0000

Platform Engineer #

Conserto · Permanent contract · Jan. 2026 – Present

☁️ Cloud & Kubernetes (OVH)

Deployment and operation of the OVH cloud (OpenStack / OpenTofu)
Deployment of multi-environment Kubernetes clusters (dev, staging, prod, clients)
Management of associated services: storage, S3, managed databases
Migration of applications from Docker Swarm to Kubernetes

🛠️ Platform & DevOps tooling

Deployment and maintenance: ArgoCD, Traefik, Cert-Manager, Prometheus, Loki, Grafana
Setup of cloud-native security building blocks: Trivy Operator, Kyverno, CrowdSec
Management and evolution of CI/CD pipelines (GitLab)

🔄 Cross-functional