<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Aurélie Vache, Author at OVHcloud Blog</title>
	<atom:link href="https://blog.ovhcloud.com/author/aurelie-vache/feed/" rel="self" type="application/rss+xml" />
	<link>https://blog.ovhcloud.com/author/aurelie-vache/</link>
	<description>Innovation for Freedom</description>
	<lastBuildDate>Mon, 29 Jun 2026 17:31:19 +0000</lastBuildDate>
	<language>en-GB</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://blog.ovhcloud.com/wp-content/uploads/2019/07/cropped-cropped-nouveau-logo-ovh-rebranding-32x32.gif</url>
	<title>Aurélie Vache, Author at OVHcloud Blog</title>
	<link>https://blog.ovhcloud.com/author/aurelie-vache/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Secure Image Signing with Cosign and OVHcloud KMS</title>
		<link>https://blog.ovhcloud.com/secure-image-signing-cosign-ovhcloud-kms/</link>
		
		<dc:creator><![CDATA[Aurélie Vache]]></dc:creator>
		<pubDate>Mon, 22 Jun 2026 06:52:50 +0000</pubDate>
				<category><![CDATA[OVHcloud Engineering]]></category>
		<category><![CDATA[Cosign OVHcloud KMS]]></category>
		<category><![CDATA[Open Source]]></category>
		<category><![CDATA[OVHcloud]]></category>
		<category><![CDATA[Public Cloud]]></category>
		<category><![CDATA[Security]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=31702</guid>

					<description><![CDATA[Software supply chains have become more complex and increasingly targeted, making container image security a fundamental requirement for building trust [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fsecure-image-signing-cosign-ovhcloud-kms%2F&amp;action_name=Secure%20Image%20Signing%20with%20Cosign%20and%20OVHcloud%20KMS&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<figure class="wp-block-image aligncenter size-large is-resized"><img fetchpriority="high" decoding="async" width="1018" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Gribouillis-2026-05-07-14.00.13.759-1018x1024.png" alt="" class="wp-image-31768" style="aspect-ratio:0.9941455602881566;width:456px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Gribouillis-2026-05-07-14.00.13.759-1018x1024.png 1018w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Gribouillis-2026-05-07-14.00.13.759-298x300.png 298w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Gribouillis-2026-05-07-14.00.13.759-150x150.png 150w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Gribouillis-2026-05-07-14.00.13.759-768x772.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Gribouillis-2026-05-07-14.00.13.759-70x70.png 70w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Gribouillis-2026-05-07-14.00.13.759.png 1244w" sizes="(max-width: 1018px) 100vw, 1018px" /></figure>



<p class="wp-block-paragraph">Software supply chains have become more complex and increasingly targeted, making container image security a fundamental requirement for building trust in modern delivery pipelines.</p>



<p class="wp-block-paragraph">By signing images with Cosign and protecting signing keys in OVHcloud KMS, teams can keep cryptographic material out of local environments and CI/CD variables, all while making image signing easier to control, audit and integrate into delivery pipelines.</p>



<p class="wp-block-paragraph">In this blog post, you will learn how to use the OVHcloud KMS plugin for Cosign to generate a key, sign a container image with this key and verify that the OCI image has been correctly signed.</p>



<h3 class="wp-block-heading">Cosign</h3>



<figure class="wp-block-image aligncenter size-full"><img decoding="async" width="399" height="126" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-5.png" alt="" class="wp-image-31741" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-5.png 399w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-5-300x95.png 300w" sizes="(max-width: 399px) 100vw, 399px" /></figure>



<p class="wp-block-paragraph"><a href="https://github.com/sigstore/cosign" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Cosign</a> is a tool from the <strong>Sigstore</strong> project used to <strong>sign, verify, and attest</strong> OCI container images and software artifacts.</p>



<p class="wp-block-paragraph">Cosign supports several signing modes, including <strong>keyless</strong> signing through Sigstore, where short-lived certificates are generated at signing time based on your identity (via GitHub, Google or another OIDC provider), as well as ephemeral key generation, hardware and <strong>KMS</strong>-backed signing and custom PKI integration.</p>



<p class="wp-block-paragraph"><code>Cosign</code> supports <a href="https://docs.sigstore.dev/cosign/key_management/overview/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">multiple KMS providers</a> to generate and sign keys. Several external KMS providers are supported, including HashiCorp Vault, AWS KMS, GCP KMS and Azure Key Vault.<br>Cosign can now also be integrated with OVHcloud KMS through the <a href="https://github.com/ovh/sigstore-kms-ovhcloud" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Sigstore Cosign OVHcloud KMS plugin</a> 💪.</p>



<h3 class="wp-block-heading">OVHcloud Key Management Service (KMS)</h3>



<figure class="wp-block-image aligncenter size-full"><img decoding="async" width="100" height="101" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Key-Management-Service-KMS@2x.png" alt="" class="wp-image-31711" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Key-Management-Service-KMS@2x.png 100w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Key-Management-Service-KMS@2x-70x70.png 70w" sizes="(max-width: 100px) 100vw, 100px" /></figure>



<p class="wp-block-paragraph"><a href="https://www.ovhcloud.com/en/identity-security-operations/key-management-service/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OVHcloud KMS</a>, often called <strong>OKMS</strong>, is a managed service that centralizes the creation, storage, and management of encryption keys. Its main goal is to help businesses secure data and control cryptographic operations from a single platform.</p>



<p class="wp-block-paragraph">Each KMS is associated with a region, so the keys stored in that region are guaranteed to stay in that region. You can order multiple KMSs, either in different regions or in the same region.</p>



<h3 class="wp-block-heading">Prerequisites</h3>



<p class="wp-block-paragraph">To be able to use the Sigstore KMS OVHcloud provider, you need to follow some prerequisites:</p>



<ul class="wp-block-list">
<li>Have an OVHcloud account</li>



<li>Have created an <a href="https://www.ovhcloud.com/en/identity-security-operations/key-management-service/" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">OKMS</a> domain (“<em><code class="">305db938-1234-5678-9012-3a0a29291661</code></em>” for example in this blog post)</li>



<li><a href="https://github.com/ovh/public-cloud-examples/tree/main/iam/create-user-and-generate-pat-token-with-cli" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">Have created an IAM local user</a> (“<em>cosign-</em><code class="">305db938-1234-5678-9012-3a0a29291661</code>” for example in this blog post)</li>



<li>Have installed the <a href="https://github.com/ovh/ovhcloud-cli/?tab=readme-ov-file#installation" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">OVHcloud CLI</a></li>



<li>Have <a href="https://man7.org/linux/man-pages/man1/uuidgen.1.html" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">uuidgen</a> CLI installed</li>
</ul>



<p class="wp-block-paragraph">💡The cosign OVHcloud plugin supports both <code>token</code> and <code>mTLS</code> authentication. For the purposes of this blog post, we will use the token authentication mode. Please follow the <a href="https://external-secrets.io/latest/provider/ovhcloud/" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">Sigstore Cosign KMS plugin for OVHcloud</a> guide if you wish to use mTLS authentication mode.</p>



<h4 class="wp-block-heading">Generate a PAT token (for token authentication only)</h4>



<p class="wp-block-paragraph">List the OKMS domains:</p>



<pre class="wp-block-code"><code class="">$ ovhcloud okms list<br>┌──────────────────────────────────────┬─────────────┐<br>│                  id                  │   region    │<br>├──────────────────────────────────────┼─────────────┤<br>│ 305db938-1234-5678-9012-3a0a29291661 │ eu-west-par │<br>│ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx │ eu-west-par │<br>└──────────────────────────────────────┴─────────────┘</code></pre>



<p class="wp-block-paragraph">Save the OKMS ID in an environment variable:</p>



<pre class="wp-block-code"><code class="">export KMS_RESTAPI_OKMSID="305db938-1234-5678-9012-3a0a29291661"</code></pre>



<p class="wp-block-paragraph">The cosign OVHcloud plugin needs the permission to create and fetch keys from the OVHcloud KMS.</p>



<p class="wp-block-paragraph">If you want to use token autentication, you’ll need a token (PAT). You can use the <strong>ovhcloud CLI </strong>to do that:</p>



<pre class="wp-block-code"><code class="">PAT_TOKEN=$(ovhcloud iam user token create &lt;iam-local-user-name&gt; --name pat-&lt;iam-local-user-name&gt; --description "PAT cosign for domain $KMS_RESTAPI_OKMSID" -o json  | jq .details.token |  tr -d '"')<br><br>echo $PAT_TOKEN</code></pre>



<p class="wp-block-paragraph">You should have a result like this:</p>



<pre class="wp-block-code"><code class="">$ PAT_TOKEN=$(ovhcloud iam user token create cosign-305db938-1234-5678-9012-3a0a29291661 --name pat-cosign-305db938-1234-5678-9012-3a0a29291661 --description "PAT cosign for domain 305db938-1234-5678-9012-3a0a29291661" -o json  | jq .details.token |  tr -d '"')<br>2026/05/07 08:48:34 Final parameters:<br>{<br> "description": "PAT cosign for domain 305db938-1234-5678-9012-3a0a29291661",<br> "name": "pat-cosign-305db938-1234-5678-9012-3a0a29291661"<br>}<br><br>$ echo $PAT_TOKEN<br>eyJhbGciOiJFZE...ASgXy55_DDFHdy4Z5uSq8lww-Bw</code></pre>



<h4 class="wp-block-heading">Save the KMS information</h4>



<p class="wp-block-paragraph">Save the KMS information in environment variables. For example:</p>



<pre class="wp-block-code"><code class="">export KMS_RESTAPI_ENDPOINT=$(ovhcloud okms get $KMS_RESTAPI_OKMSID -o json | jq .restEndpoint | xargs)<br>export KMS_RESTAPI_TYPE="token"<br>export KMS_RESTAPI_TOKEN=$PAT_TOKEN</code></pre>



<p class="wp-block-paragraph">Display the saved information:</p>



<pre class="wp-block-code"><code class="">$ echo $KMS_RESTAPI_ENDPOINT<br>https://eu-west-par.okms.ovh.net<br><br>$ echo $KMS_RESTAPI_OKMSID<br>305db938-1234-5678-9012-3a0a29291661<br><br>$ echo $KMS_RESTAPI_TYPE<br>token<br><br>$ echo $KMS_RESTAPI_TOKEN<br>eyJ...BIoHCA</code></pre>



<h4 class="wp-block-heading">Cosign KMS plugin installation</h4>



<p class="wp-block-paragraph">Install the plugin locally:</p>



<pre class="wp-block-code"><code class="">curl -fsSL https://raw.githubusercontent.com/ovh/sigstore-kms-ovhcloud/main/install.sh | sh</code></pre>



<p class="wp-block-paragraph">⚠️ The binary is installed in <code>$HOME/.local/bin</code> by default (created if it does not exist). Make sure this directory is in your <code>PATH</code>.</p>



<p class="wp-block-paragraph">Or follow the other <a href="https://github.com/ovh/sigstore-kms-ovhcloud#installation" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">installation methods.</a></p>



<p class="wp-block-paragraph">Now you can use the OVHcloud KMS plugin directly in the cosign command 🎉.</p>



<h3 class="wp-block-heading">Let&#8217;s use Cosign with the OVHcloud KMS!</h3>



<h4 class="wp-block-heading">Generate a key</h4>



<p class="wp-block-paragraph">First, to sign an image, we need to generate a key pair. To do that we need to generate a UUID and use it in the <code>cosign generate-key-pair</code> command.</p>



<pre class="wp-block-code"><code class="">export KEY_ID=$(uuidgen)<br>cosign generate-key-pair --kms ovhcloud://$KEY_ID</code></pre>



<p class="wp-block-paragraph">The signing key is created in OVHcloud KMS, and the public key is written locally.</p>



<p class="wp-block-paragraph">You should see an output like this:</p>



<pre class="wp-block-code"><code class="">$ export KEY_ID=$(uuidgen)<br>$ cosign generate-key-pair --kms ovhcloud://$KEY_ID<br><br>Public key written to cosign.pub</code></pre>



<p class="wp-block-paragraph">The command generates a key pair using the ECDSA algorithm and writes the public key to <code>cosign.pub</code>.</p>



<p class="wp-block-paragraph">Check the keys have been created:</p>



<pre class="wp-block-code"><code class="">$ ls -l cosign.pub<br>-rw-------  1 avache  staff  178 18 juin  16:06 cosign.pub<br><br>$ cat cosign.pub<br><br>-----BEGIN PUBLIC KEY-----<br>MFkw...QgwA==<br>-----END PUBLIC KEY-----<br></code></pre>



<p class="wp-block-paragraph"><br>Once the key pair has been generated, use the corresponding OVHcloud KMS key ID in the <code>ovhcloud://$KEY_ID</code> URI when signing and verifying images.</p>



<h4 class="wp-block-heading">Or get an existing public key (optional)</h4>



<p class="wp-block-paragraph">Instead of creating a new public key, you can retrieve an existing one with the following command:</p>



<pre class="wp-block-code"><code class="">cosign public-key --key ovhcloud://$KEY_ID --outfile cosign-ovhcloud.pub</code></pre>



<h4 class="wp-block-heading">Sign an image</h4>



<p class="wp-block-paragraph">Replace the <code>$IMAGE@sha256:$HASH</code> parameter with the URI to your image and the hash to your image and execute this command:</p>



<pre class="wp-block-code"><code class="">cosign sign --key ovhcloud://$KEY_ID $IMAGE@sha256:$HASH</code></pre>



<p class="wp-block-paragraph">You should see an output like this:</p>



<pre class="wp-block-code"><code class="">$ cosign sign --key ovhcloud://$KEY_ID 12345678.c1.de1.container-registry.ovh.net/my-project/my-image@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx</code></pre>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="278" height="282" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-6.png" alt="" class="wp-image-31773" style="width:114px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-6.png 278w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-6-70x70.png 70w" sizes="auto, (max-width: 278px) 100vw, 278px" /></figure>



<h4 class="wp-block-heading">Verify the image has been signed</h4>



<pre class="wp-block-code"><code class="">cosign verify --key ovhcloud://$KEY_ID $IMAGE@sha256:$HASH</code></pre>



<p class="wp-block-paragraph">You should see an output like this:</p>



<pre class="wp-block-code"><code class="">$ cosign verify --key ovhcloud://$KEY_ID 12345678.c1.de1.container-registry.ovh.net/my-project/my-image@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx<br><br>Verification for 12345678.c1.de1.container-registry.ovh.net/my-project/my-image@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx --<br>The following checks were performed on each of these signatures:<br>  - The cosign claims were validated<br>  - Existence of the claims in the transparency log was verified offline<br>  - The signatures were verified against the specified public key<br><br>[{"critical":{"identity":{"docker-reference":"12345678.c1.de1.container-registry.ovh.net/my-project/my-image@sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"},"image":{"docker-manifest-digest":"sha256:b1202...2334e2"},"type":"https://sigstore.dev/cosign/sign/v1"},"optional":{}}]</code></pre>



<h3 class="wp-block-heading">Conclusion</h3>



<p class="wp-block-paragraph">In this blog post, we have shown how to use Cosign with the OVHcloud KMS plugin to generate a key pair, sign a container image and verify its signature.</p>



<p class="wp-block-paragraph">By keeping signing keys in a managed KMS, teams can reduce secret sprawl, protect sensitive cryptographic material and make image signing easier to integrate into secure CI/CD workflows.</p>



<p class="wp-block-paragraph">Feel free to take a look at our <a href="https://github.com/orgs/ovh/projects/16" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">Cloud Roadmap &amp; Changelog</a> to follow the latest features coming to OVHcloud Public Cloud products.</p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fsecure-image-signing-cosign-ovhcloud-kms%2F&amp;action_name=Secure%20Image%20Signing%20with%20Cosign%20and%20OVHcloud%20KMS&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Terraform S3 state locking with OVHcloud Object Storage</title>
		<link>https://blog.ovhcloud.com/terraform-s3-state-locking-ovhcloud-object-storage/</link>
		
		<dc:creator><![CDATA[Aurélie Vache]]></dc:creator>
		<pubDate>Mon, 15 Jun 2026 12:58:44 +0000</pubDate>
				<category><![CDATA[OVHcloud Engineering]]></category>
		<category><![CDATA[OpenTofu S3 state locking]]></category>
		<category><![CDATA[OVHcloud Object Storage]]></category>
		<category><![CDATA[S3-compatible Object Storage]]></category>
		<category><![CDATA[Terraform backend]]></category>
		<category><![CDATA[Terraform S3 state locking]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=32272</guid>

					<description><![CDATA[In a previous blog post, I explained how to use OVHcloud S3-compatible Object Storage as a Terraform backend for storing [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fterraform-s3-state-locking-ovhcloud-object-storage%2F&amp;action_name=Terraform%20S3%20state%20locking%20with%20OVHcloud%20Object%20Storage&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1608-1-1024x1024.png" alt="" class="wp-image-32328" style="aspect-ratio:1.0008006079081817;width:430px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1608-1-1024x1024.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1608-1-300x300.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1608-1-150x150.png 150w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1608-1-768x767.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1608-1-70x70.png 70w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1608-1.png 1247w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">In a previous blog post, I explained <a href="https://blog.ovhcloud.com/using-ovhcloud-s3-compatible-object-storage-as-terraform-backend-to-store-your-terraform-opentofu-states/" data-wpel-link="internal">how to use OVHcloud S3-compatible Object Storage as a Terraform backend for storing Terraform/OpenTofu state files</a>.</p>



<p class="wp-block-paragraph">Since then, we&#8217;ve enhanced OVHcloud Object Storage, and one of the coolest improvements is the <a href="https://github.com/ovh/public-cloud-roadmap/issues/671" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">support for conditional writes</a>. By preventing concurrent overwrites, this feature enables <a href="https://developer.hashicorp.com/terraform/language/backend/s3#state-locking" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Terraform&#8217;s native S3 state-locking mechanism</a> to work seamlessly with OVHcloud Object Storage.</p>



<p class="wp-block-paragraph">In practice, Terraform/OpenTofu can create a <code>.tflock</code> object only if it does not already exist. If another operation has already created the lock file, the conditional write fails and the second operation is blocked.</p>



<p class="wp-block-paragraph">With this blog post, I explain how we can configure our Terraform/OpenTofu backend to store our states in an OVHcloud S3-compatible Object Storage with S3 state locking.</p>



<h3 class="wp-block-heading">Terraform/OpenTofu S3 State Locking feature</h3>



<p class="wp-block-paragraph">State locking is a critical feature for collaborative Terraform/OpenTofu workflows. It ensures that only one operation can modify a state file at any given time, preventing concurrent writes that could lead to inconsistencies or state corruption.</p>



<p class="wp-block-paragraph">Concretely, when a user runs <code>terraform apply</code> (or <code>tofu apply)</code>, Terraform creates a <code>.tflock</code> file in the S3 bucket. This lock file indicates that an operation is currently in progress and that the state file is being used. If another user attempts to run <code>terraform apply</code> (or <code>tofu apply)</code> while the lock is active, Terraform detects the existing lock and aborts the operation with an error message. This prevents concurrent modifications of the state file and helps avoid state corruption.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="791" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1610-791x1024.jpeg" alt="" class="wp-image-32336" style="aspect-ratio:0.7724658665702258;width:480px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1610-791x1024.jpeg 791w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1610-232x300.jpeg 232w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1610-768x994.jpeg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1610-1187x1536.jpeg 1187w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1610-1583x2048.jpeg 1583w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/IMG_1610-scaled.jpeg 1978w" sizes="auto, (max-width: 791px) 100vw, 791px" /></figure>



<h3 class="wp-block-heading">Prerequisites</h3>



<p class="wp-block-paragraph">To be able to store your Terraform/OpenTofu states and activate the <code>use_lockfile</code> feature, you need to follow some prerequisites:</p>



<ul class="wp-block-list">
<li>Have an OVHcloud account</li>



<li>Created <a href="https://blog.ovhcloud.com/using-ovhcloud-s3-compatible-object-storage-as-terraform-backend-to-store-your-terraform-opentofu-states/" data-wpel-link="internal">a S3-compatible Object Storage</a> (<em>enable <strong>bucket versioning</strong> for your state bucket so previous state versions can be recovered if needed</em>)</li>



<li>Installed <a href="https://developer.hashicorp.com/terraform/install" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">the Terraform CLI </a>or <a href="https://opentofu.org/docs/intro/install/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OpenTofu CLI</a> (version 1.10 or &gt;)</li>



<li>Installed the <a href="https://github.com/ovh/ovhcloud-cli/?tab=readme-ov-file#installation" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">OVHcloud CLI</a></li>
</ul>



<p class="wp-block-paragraph">Save the s3 user credentials in environment variables (that allows you to access and store files in the bucket):</p>



<pre class="wp-block-code"><code class="">export AWS_ACCESS_KEY_ID="xxxxxxxxx"<br>export AWS_SECRET_ACCESS_KEY="yyyyyyyyy"</code></pre>



<h3 class="wp-block-heading">Configure it</h3>



<p class="wp-block-paragraph">Create a new folder, named <code>my-app</code> (for example), and go into it.</p>



<p class="wp-block-paragraph">Create a <code>provider.tf</code> file with the following content, and replace the bucket value witht he name of the bucket you created:</p>



<pre class="wp-block-code"><code class="">terraform {<br>    backend "s3" {<br>      bucket = "terraform-state-3az" # the name of YOUR bucket<br>      key    = "my-app.tfstate" # the name of the state of your app<br>      region = "eu-west-par" # the region of the bucket<br>      endpoints = {<br>        s3 = "https://s3.eu-west-par.io.cloud.ovh.net/" # the endpoint<br>      }<br>      skip_credentials_validation = true<br>      skip_region_validation      = true<br>      skip_requesting_account_id  = true<br>      skip_s3_checksum            = true<br><br>      use_lockfile = true  # activation of the S3 native state locking feature<br>    }<br>}</code></pre>



<p class="wp-block-paragraph">💡The <code>use_lockfile = true </code>argument enables native S3 state locking. Terraform/OpenTofu uses the <code>.tflock</code> object to prevent two operations from writing to the same state file at the same time.</p>



<h3 class="wp-block-heading">Test it!</h3>



<p class="wp-block-paragraph">Create a <code>resource.tf</code> file with an example resource to create (only for the testing purpose):</p>



<pre class="wp-block-code"><code class="">resource "null_resource" "test" {}</code></pre>



<p class="wp-block-paragraph">Initialise Terraform:</p>



<pre class="wp-block-code"><code class="">$ terraform init<br><br>Initializing the backend...<br><br>Successfully configured the backend "s3"! Terraform will automatically<br>use this backend unless the backend configuration changes.<br>Initializing provider plugins...<br>- Finding latest version of hashicorp/null...<br>- Installing hashicorp/null v3.3.0...<br>- Installed hashicorp/null v3.3.0 (signed by HashiCorp)<br>Terraform has created a lock file .terraform.lock.hcl to record the provider<br>selections it made above. Include this file in your version control repository<br>so that Terraform can guarantee to make the same selections by default when<br>you run "terraform init" in the future.<br><br>Terraform has been successfully initialized!<br><br>You may now begin working with Terraform. Try running "terraform plan" to see<br>any changes that are required for your infrastructure. All Terraform commands<br>should now work.<br><br>If you ever set or change modules or backend configuration for Terraform,<br>rerun this command to reinitialize your working directory. If you forget, other<br>commands will detect it and remind you to do so if necessary.</code></pre>



<p class="wp-block-paragraph">As you can see, Terraform is using “s3” backend and initialized the provider plugins. 💪</p>



<p class="wp-block-paragraph">💡<em>Note that </em><code>.terraform.lock.hcl</code><em> is the provider dependency lock file created during initialization. The state lock file used for S3 backend locking is the <code>.tflock</code> file shown in the bucket during <code>terraform apply</code>.</em></p>



<p class="wp-block-paragraph">Execute the apply command (without answering &#8220;yes&#8221;):</p>



<pre class="wp-block-code"><code class="">$ terraform apply<br><br>Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:<br>  + create<br><br>Terraform will perform the following actions:<br><br>  # null_resource.test will be created<br>  + resource "null_resource" "test" {<br>      + id = (known after apply)<br>    }<br><br>Plan: 1 to add, 0 to change, 0 to destroy.<br><br>Do you want to perform these actions?<br>  Terraform will perform the actions described above.<br>  Only 'yes' will be accepted to approve.<br><br>  Enter a value:</code></pre>



<p class="wp-block-paragraph">Check if a new file appears in the S3 bucket:</p>



<pre class="wp-block-code"><code class="">$ ovhcloud cloud storage object object list terraform-state-3az<br><br>┌───────────────────────┬──────┐<br>│          key          │ size │<br>├───────────────────────┼──────┤<br>│ my-app.tfstate.tflock │ 219  │<br>└───────────────────────┴──────┘<br>💡 Use option -o json or -o yaml to get the raw output with all information</code></pre>



<p class="wp-block-paragraph">A <code>.tflock</code> file appears! 💪</p>



<p class="wp-block-paragraph">You can also check it in the OVHcloud Control Panel:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="338" src="https://blog.ovhcloud.com/wp-content/uploads/2026/06/Capture-decran-2026-06-09-a-15.04.19-1024x338.png" alt="" class="wp-image-32322" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/06/Capture-decran-2026-06-09-a-15.04.19-1024x338.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/Capture-decran-2026-06-09-a-15.04.19-300x99.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/Capture-decran-2026-06-09-a-15.04.19-768x253.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/Capture-decran-2026-06-09-a-15.04.19-1536x507.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/06/Capture-decran-2026-06-09-a-15.04.19-2048x676.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">This <code>.tflock</code> file means that someone is working on this infrastructure. After answering &#8220;yes&#8221; to the <code>terraform apply</code> command, the resources will be deployed, the state will appear and the lock file will disappear:</p>



<pre class="wp-block-code"><code class="">$ terraform apply<br><br>Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:<br>  + create<br><br>Terraform will perform the following actions:<br><br>  # null_resource.test will be created<br>  + resource "null_resource" "test" {<br>      + id = (known after apply)<br>    }<br><br>Plan: 1 to add, 0 to change, 0 to destroy.<br><br>Do you want to perform these actions?<br>  Terraform will perform the actions described above.<br>  Only 'yes' will be accepted to approve.<br><br>  Enter a value: yes<br><br>null_resource.test: Creating...<br>null_resource.test: Creation complete after 0s [id=2048943220587414471]<br><br>Apply complete! Resources: 1 added, 0 changed, 0 destroyed.<br><br><br>$ ovhcloud cloud storage object object list terraform-state-3az<br>┌────────────────┬──────┐<br>│      key       │ size │<br>├────────────────┼──────┤<br>│ my-app.tfstate │ 612  │<br>└────────────────┴──────┘<br>💡 Use option -o json or -o yaml to get the raw output with all information</code></pre>



<p class="wp-block-paragraph">🎉</p>



<h3 class="wp-block-heading">Why this Terraform state locking feature is useful?</h3>



<p class="wp-block-paragraph">If a user executes <code>terraform apply</code> command (without answering yes) and another user executes the same command, an error message will be displayed:</p>



<pre class="wp-block-code"><code class="">$ terraform apply<br><br>╷<br>│ Error: Error acquiring the state lock<br>│<br>│ Error message: operation error S3: PutObject, https response error StatusCode: 412, RequestID: tx7b439680a0104339a2fc7-xxxxxxxxxxxx, HostID: tx7b439680a0104339a2fc7-xxxxxxxxxxxx, api error<br>│ PreconditionFailed: At least one of the pre-conditions you specified did not hold<br>│ Lock Info:<br>│   ID:        xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx<br>│   Path:      terraform-state-3az/my-app.tfstate<br>│   Operation: OperationTypeApply<br>│   Who:       avache@xxxxxxxxxx<br>│   Version:   1.14.9<br>│   Created:   2026-06-09 13:09:05.562244 +0000 UTC<br>│   Info:<br>│<br>│<br>│ Terraform acquires a state lock to protect the state from being written<br>│ by multiple users at the same time. Please resolve the issue above and try<br>│ again. For most commands, you can disable locking with the "-lock=false"<br>│ flag, but this is not recommended.<br>╵</code></pre>



<p class="wp-block-paragraph">This error is expected. It means another Terraform/OpenTofu operation has already acquired the state lock, so the second operation cannot modify the state file at the same time. The user should wait until the first operation is complete and the lock file has been released, then retry. Although Terraform allows locking to be disabled with <code>-lock=false</code>, this is not recommended because it can lead to concurrent state changes and potential state corruption.</p>



<h3 class="wp-block-heading">Conclusion</h3>



<p class="wp-block-paragraph">In this blog post, we have seen one use case of conditional writes, but the feature goes far beyond that. Support for conditional writes does not only help prevent accidental overwrites; it also enables safer concurrent workflows, such as Terraform/OpenTofu state locking.</p>



<p class="wp-block-paragraph">Our team is working on the improvement of Object Storage, so stay tuned for more. And please, as alays, share your thoughts with us!</p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fterraform-s3-state-locking-ovhcloud-object-storage%2F&amp;action_name=Terraform%20S3%20state%20locking%20with%20OVHcloud%20Object%20Storage&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>What’s new with the OVHcloud Developer Advocate team &#8211; May 2026</title>
		<link>https://blog.ovhcloud.com/whats-new-with-the-ovhcloud-developer-advocate-team-may-2026/</link>
		
		<dc:creator><![CDATA[Stéphane Philippart&#160;and&#160;Aurélie Vache]]></dc:creator>
		<pubDate>Wed, 27 May 2026 14:06:16 +0000</pubDate>
				<category><![CDATA[Tranches de Tech & Co — Tech bites]]></category>
		<category><![CDATA[Developer Advocate]]></category>
		<category><![CDATA[OVHcloud]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=32056</guid>

					<description><![CDATA[Every month, the OVHcloud Developer Advocate team creates content, shares knowledge, and connects with the tech community. Here’s a look [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fwhats-new-with-the-ovhcloud-developer-advocate-team-may-2026%2F&amp;action_name=What%E2%80%99s%20new%20with%20the%20OVHcloud%20Developer%20Advocate%20team%20%26%238211%3B%20May%202026&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="576" src="https://blog.ovhcloud.com/wp-content/uploads/2026/03/talks-1024x576.jpg" alt="Illustration of a smiling avocado speaking at an OVHcloud podium on a blue gradient background." class="wp-image-30934" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/03/talks-1024x576.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/03/talks-300x169.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/03/talks-768x432.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/03/talks-1536x864.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/03/talks.jpg 1920w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<hr class="wp-block-separator has-alpha-channel-opacity" />



<p class="wp-block-paragraph">Every month, the OVHcloud Developer Advocate team creates content, shares knowledge, and connects with the tech community. Here’s a look at what we did in May 2026. 🚀</p>



<h3 class="wp-block-heading">🎙️ “Tranches de Tech” – Our monthly podcast</h3>



<p class="wp-block-paragraph">A new episode of our French-language podcast Tranches de Tech 🥑 just dropped!</p>



<h5 class="wp-block-heading">🎧 Episode 28: <a href="https://smartlink.ausha.co/tranches-de-tech/tranches-de-tech-28-la-dream-team-au-complet" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">La dream team au complet</a></h5>



<p class="wp-block-paragraph">In this episode of Tranche de Tech, Stephane and Aurelie welcome former team member Thierry for a wide-ranging conversation on tech, conferences, and community.<br>They reflect on recent events like Devoxx France and MiXiT, sharing highlights from talks, trends, and the growing role of AI in today’s software landscape.<br>The discussion explores how AI is evolving from pure model innovation toward software patterns, developer tooling, and more practical, structured usage.<br>Thierry also introduces CALM, his weekly Twitch show, and revisits the inspiring story behind Mixtine, a kids’ tech initiative that brings programming and digital culture to younger generations.<br>More than a tech recap, this episode is a celebration of curiosity, knowledge sharing, and the importance of building inclusive communities around technology.</p>



<p class="wp-block-paragraph">See episode <a href="https://blog.ovhcloud.com/tranches-de-tech-28-la-dream-team-au-complet/" data-wpel-link="internal">shownotes</a></p>



<h3 class="wp-block-heading">📺 Live on Twitch</h3>



<p class="wp-block-paragraph">We streamed live on&nbsp;<a href="https://www.twitch.tv/ovhcloud_com" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Twitch</a>&nbsp;this month! Here’s what we covered:<br>🎥 Rémy Vandepoel discussed with Magali De Labareyre about ou human resource management and the OVHcloud culture. <br>Catch the replay on&nbsp;<a href="https://youtu.be/GgkPryJbrC4" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">YouTube ▶️</a>.</p>



<h3 class="wp-block-heading">🎤 Conference Talks</h3>



<p class="wp-block-paragraph">The team hit the road (and the stage) at several conferences this month:</p>



<h5 class="wp-block-heading" id="kubecon-amsterdam---amsterdam-netherlands-">🏴󠁧󠁢󠁥󠁮󠁧󠁿 <a href="https://www.devoxx.co.uk/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Devoxx UK</a>, Londres 🏴󠁧󠁢󠁥󠁮󠁧󠁿</h5>



<p class="wp-block-paragraph">Stéphane gave a talk: <a href="https://m.devoxx.com/events/devoxxuk26/talks/5213/-dev-containers-the-ultimate-toolbox-for-developers" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">🧰 Dev Containers: the ultimate toolbox for developers?</a></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="652" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/55259621965_0c7bb4e8ac_o-1024x652.jpg" alt="" class="wp-image-32058" style="width:600px" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/55259621965_0c7bb4e8ac_o-1024x652.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/55259621965_0c7bb4e8ac_o-300x191.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/55259621965_0c7bb4e8ac_o-768x489.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/55259621965_0c7bb4e8ac_o-1536x979.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/55259621965_0c7bb4e8ac_o-2048x1305.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph"></p>



<h5 class="wp-block-heading">🇫🇮 <a href="https://community2.cncf.io/events/details/cncf-kcd-helsinki-presents-kubernetes-community-days-helsinki-2026/" id="https://community2.cncf.io/events/details/cncf-kcd-helsinki-presents-kubernetes-community-days-helsinki-2026/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">KCD Helsinki</a>, Helsinki 🏴󠁧󠁢󠁥󠁮󠁧󠁿</h5>



<p class="wp-block-paragraph">Aurélie Vache gave a talk: <a href="https://sessionize.com/api/v2/es08xsn7/view/GridSmart" id="https://sessionize.com/api/v2/es08xsn7/view/GridSmart" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">The Ultimate Kubernetes Challenge: An Interactive Trivia Game on concepts, components, usage&#8230;</a></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="771" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/IMG-20260520-WA0039-771x1024.jpg" alt="" class="wp-image-32081" style="aspect-ratio:0.752923875830059;width:571px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/IMG-20260520-WA0039-771x1024.jpg 771w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/IMG-20260520-WA0039-226x300.jpg 226w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/IMG-20260520-WA0039-768x1020.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/IMG-20260520-WA0039-1157x1536.jpg 1157w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/IMG-20260520-WA0039-1542x2048.jpg 1542w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/IMG-20260520-WA0039-scaled.jpg 1928w" sizes="auto, (max-width: 771px) 100vw, 771px" /></figure>



<p class="wp-block-paragraph"></p>



<h5 class="wp-block-heading">🇨🇭 <a href="https://devopsdays.org/events/2026-geneva/welcome/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Devopsdays Geneva</a>, Geneva 🇫🇷</h5>



<p class="wp-block-paragraph">Stéphane Philippart gave a workshop <a href="https://devopsdays-geneva.ch/talk.php?thetid=46a89a1603f832400e4f070231814e6b47e6126f" id="https://devopsdays-geneva.ch/talk.php?thetid=46a89a1603f832400e4f070231814e6b47e6126f" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Développer avec l&#8217;IA : et si c&#8217;était aussi simple qu&#8217;ajouter une librairie ?</a></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="576" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/devopsday-geneva-stef-1024x576.jpg" alt="" class="wp-image-32100" style="width:600px" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/devopsday-geneva-stef-1024x576.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/devopsday-geneva-stef-300x169.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/devopsday-geneva-stef-768x432.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/devopsday-geneva-stef-1536x864.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/devopsday-geneva-stef-2048x1152.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<h3 class="wp-block-heading" id="-community-engagement">📝 Our latest blog posts</h3>



<p class="wp-block-paragraph">Here are the articles our team published on the OVHcloud Blog this month.</p>



<h5 class="wp-block-heading">📝 <a href="https://blog.ovhcloud.com/devoxx-france-2026/" data-wpel-link="internal">Devoxx France 2026: feedback and highlights</a> &#8211; by Aurélie Vache</h5>



<p class="wp-block-paragraph">This blog post explains what stood out at Devoxx France 2026, from major conference highlights to the key technology trends shaping the developer ecosystem.<br>It shows how AI dominated the event, with strong attention on agentic systems, governance, production use cases, and the broader impact of AI on software engineering.<br>The article also highlights OVHcloud’s strong presence through its booth, community engagement, and a large number of accepted talks and speakers.<br>Beyond AI, it captures wider themes such as platform engineering, security, cloud resilience, developer experience, open source, and digital sovereignty.<br>Overall, it offers both a conference recap and a clear snapshot of where the industry is heading in 2026.</p>



<h5 class="wp-block-heading">📝 <a href="https://blog.ovhcloud.com/navigating-ovhcloud-enterprise-file-storage-efs-with-trident-csi-on-kubernetes-clusters-mks/" data-wpel-link="internal">Navigating OVHcloud Enterprise File Storage (EFS) with Trident CSI On Kubernetes clusters (MKS)</a> &#8211; by Aurélie Vache</h5>



<p class="wp-block-paragraph">This blog post explains how to connect OVHcloud Enterprise File Storage (EFS) to Managed Kubernetes Service (MKS) clusters using NetApp Trident CSI.<br>It walks readers through provisioning the required OVHcloud resources with Terraform, including EFS, OAuth2 credentials, IAM policies, and vRack Services networking.<br>The article then shows how to install Trident, configure the backend securely, and integrate EFS as dynamic shared storage for Kubernetes workloads.<br>It highlights key capabilities such as high availability, predictable performance, and <code>ReadWriteMany</code> access for production-ready persistent storage.<br>Overall, it serves as a practical step-by-step guide for teams that need scalable shared file storage in OVHcloud Kubernetes environments.</p>



<h5 class="wp-block-heading">📝 <a href="https://blog.ovhcloud.com/copy-fail-cve-2026-31431-how-to-rapidly-protect-ovhcloud-mks-clusters-from-the-linux-kernel-zero-day/" data-wpel-link="internal">Copy.Fail (CVE-2026-31431): How to Rapidly Protect OVHcloud MKS Clusters from the Linux Kernel Zero-Day</a> &#8211; by Aurélie Vache</h5>



<p class="wp-block-paragraph">This blog post explains how the Copy.Fail (CVE-2026-31431) Linux kernel zero-day can rapidly compromise systems through reliable privilege escalation.<br>It shows how the flaw abuses the algif_aead crypto module to hijack trusted binaries in memory without changing files on disk, making detection harder.<br>The article highlights the risks for Kubernetes clusters, CI/CD runners, shared environments, and multi-tenant infrastructure.<br>It also provides an immediate DaemonSet-based mitigation that OVHcloud MKS users can deploy while waiting for patched cluster versions.<br>Overall, it serves as a practical guide to reducing exposure quickly, while reminding readers that the official security patch is the proper long-term fix.</p>



<h3 class="wp-block-heading">🎙️ Podcasts / Videos 📺</h3>



<p class="wp-block-paragraph">Aurélie was invited in the podcast &#8220;<a href="https://www.youtube.com/watch?v=mtl-59PLkAo" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Biztrot Café #2 &#8211; IA Gen or not IA Gen ?</a>&#8220;.<br>During this second episode of the podcast, Marian, Julien, Jean-Phi and Aurélie discussed about a recurring question: &#8220;AI Gen or not AI Gen?&#8221; and the growing use of generative AI in the tech community. Together, they discuss how AI is being used to create conference talks, presentation slides, blog posts, and even sketchnotes. They share both the benefits and the limitations of these tools, highlighting how generative AI can accelerate content creation while still requiring careful review, creativity, and significant iteration to achieve high-quality results. <br>Watch the replay on&nbsp;<a href="https://www.youtube.com/watch?v=mtl-59PLkAo" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">YouTube ▶️</a>.</p>



<h3 class="wp-block-heading">🗓️ Coming up next</h3>



<p class="wp-block-paragraph">Here’s a sneak peek at what’s coming next.</p>



<h5 class="wp-block-heading">🗓️ &#8211; June, 3 &#8211; 1h PM CET &#8211; Very Tech Talk Twitch about Quantum</h5>



<p class="wp-block-paragraph">📺 <a href="https://www.twitch.tv/ovhcloud_com" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OVHcloud Twitch channel</a></p>



<h5 class="wp-block-heading">🗓️ &#8211; June, 11 &amp; 12 <a href="https://www.devquest.fr/" id="https://www.devquest.fr/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Dev Quest</a> Niort (Niort, France)</h5>



<p class="wp-block-paragraph">🎤 Aurélie Vache is giving one talk (Thursday the 11th at 2h30 PM): <a href="https://www.devquest.fr/sessions/comprendre-kubernetes-de-maniere-visuelle-cmmchtje" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Comprendre Kubernetes de manière visuelle</a></p>



<p class="wp-block-paragraph">🎤 Stéphane Philippart is giving one workshop (Friday the 12th at 10h AM): <a href="https://www.devquest.fr/sessions/ajouter-de-l-ia-a-nos-applications-et-si-c-etait-aussi-simple-qu-ajouter-une-librairie-cmmci1g9" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Ajouter de l&#8217;IA à nos applications : et si c&#8217;était aussi simple qu&#8217;ajouter une librairie ?</a></p>



<h5 class="wp-block-heading">🗓️ &#8211; June, 24, 25 &amp; 26 &#8211; <a href="https://www.breizhcamp.org/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">BreizhCamp</a> (Rennes, France)</h5>



<p class="wp-block-paragraph">🎤 Stéphane Philippart is giving two talks:<br>  &#8211; J<a href="https://www.breizhcamp.org/programme/session/1134531" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Bang, un fichier Java pour les gouverner tous ? 💍</a> (Thurdsay the 25th at 5h PM)<br>  &#8211; <a href="https://www.breizhcamp.org/programme/session/1134503" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">🧰 Les dev containers, la boîte à outils ultime pour les devs ?</a> (Friday the 26th at 4h PM)</p>



<h5 class="wp-block-heading">🗓️ New &#8220;Tranches de Tech&#8221; podcast episode</h5>



<p class="wp-block-paragraph">🎧 All episodes are available on <a href="https://podcast.ausha.co/tranches-de-tech" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Ausha</a> and all your favorite podcast applications!</p>



<h3 class="wp-block-heading">💬 Stay in Touch</h3>



<p class="wp-block-paragraph">Want to chat with us, share your thoughts, or just say hi? Here’s how to get in touch with the Developer Advocate team:</p>



<ul class="wp-block-list">
<li>🟣&nbsp;<strong>Discord</strong>:&nbsp;<a href="https://discord.gg/ovhcloud" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OVHcloud Discord server</a></li>



<li>🐦&nbsp;<strong>X / Twitter</strong>:&nbsp;<a href="https://twitter.com/OVHcloud" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">@OVHcloud</a></li>



<li>💼&nbsp;<strong>LinkedIn</strong>:&nbsp;<a href="https://www.linkedin.com/company/ovhgroup" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OVHcloud LinkedIn</a></li>



<li>🐙&nbsp;<strong>GitHub</strong>:&nbsp;<a href="https://github.com/ovh" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">github.com/ovh</a></li>
</ul>



<p class="wp-block-paragraph">See you next month! 👋</p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fwhats-new-with-the-ovhcloud-developer-advocate-team-may-2026%2F&amp;action_name=What%E2%80%99s%20new%20with%20the%20OVHcloud%20Developer%20Advocate%20team%20%26%238211%3B%20May%202026&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Devoxx France 2026: feedback and highlights</title>
		<link>https://blog.ovhcloud.com/devoxx-france-2026/</link>
		
		<dc:creator><![CDATA[Aurélie Vache]]></dc:creator>
		<pubDate>Tue, 19 May 2026 05:45:45 +0000</pubDate>
				<category><![CDATA[OVHcloud Engineering]]></category>
		<category><![CDATA[Tranches de Tech & Co — Tech bites]]></category>
		<category><![CDATA[Devoxx France]]></category>
		<category><![CDATA[OVHcloud Events]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=31573</guid>

					<description><![CDATA[From April 22 to 24, 2026, the Devoxx France conference took place at the Palais des Congrès in Paris. Aurélie [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fdevoxx-france-2026%2F&amp;action_name=Devoxx%20France%202026%3A%20feedback%20and%20highlights&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">From April 22 to 24, 2026, the <a href="https://www.devoxx.fr/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Devoxx France</a> conference took place at the Palais des Congrès in Paris.</p>



<p class="wp-block-paragraph">Aurélie Vache and Stéphane Philippart attended as dit 19 other OVHcloud employees. In this blog post, they share their thoughts and feedback from this 14th edition of Devoxx France.</p>



<div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex">
<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="818" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-1024x818.png" alt="Devoxx France 2026" class="wp-image-31605" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-1024x818.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-300x240.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-768x614.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image.png 1274w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>



<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<figure class="wp-block-image size-large is-resized"><img loading="lazy" decoding="async" width="768" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/HGv79kIXcAAJ2DT-768x1024.jpg" alt="Devoxx France 2026" class="wp-image-31637" style="aspect-ratio:0.7500000262479178;width:271px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/HGv79kIXcAAJ2DT-768x1024.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/HGv79kIXcAAJ2DT-225x300.jpg 225w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/HGv79kIXcAAJ2DT-1152x1536.jpg 1152w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/HGv79kIXcAAJ2DT.jpg 1536w" sizes="auto, (max-width: 768px) 100vw, 768px" /></figure>
</div>
</div>



<h3 class="wp-block-heading"><strong>Devoxx France 2026: The AI Edition</strong></h3>



<p class="wp-block-paragraph"><strong>Devoxx France 2026</strong> is one of Europe’s biggest independent developer conferences. Formerly focused centrally on Java, over the past few years, the conference has also focused on Architecture, Data &amp; Analytics, Development practices, Front-end &amp; UX, Java/JVM, Security &amp; Privacy, Cloud and non-technical talks about people and culture.</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="576" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777014717443-1024x576.jpg" alt="Devoxx France 2026" class="wp-image-31600" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777014717443-1024x576.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777014717443-300x169.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777014717443-768x432.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777014717443-1536x864.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777014717443.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Key figures from the 2026 edition:</p>



<ul class="wp-block-list">
<li>4,980 attendees (The largest attendance on record)</li>



<li>307 speakers</li>



<li>259 talks</li>



<li>70+ sponsors</li>
</ul>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="576" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777046754791-1024x576.jpg" alt="Devoxx France 2026" class="wp-image-31610" style="aspect-ratio:1.7777426704463952;width:642px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777046754791-1024x576.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777046754791-300x169.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777046754791-768x432.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777046754791-1536x864.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1777046754791.jpg 2000w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">As might be expected, AI was the central theme of this edition, with a large number of the talks focused on AI topics. Indeed, there were 65 sessions out of 259 about AI and Agentic Systems, the most discussed topic!</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="843" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Capture-decran-2026-05-06-a-11.26.15-1024x843.png" alt="The AI talks at Devoxx France 2026" class="wp-image-31621" style="aspect-ratio:1.2147060091174124;width:630px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Capture-decran-2026-05-06-a-11.26.15-1024x843.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Capture-decran-2026-05-06-a-11.26.15-300x247.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Capture-decran-2026-05-06-a-11.26.15-768x632.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Capture-decran-2026-05-06-a-11.26.15-1536x1265.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Capture-decran-2026-05-06-a-11.26.15.png 1858w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Notably this year, and perhaps even more than in previous years, we could clearly see attendees arriving early to secure seats for their favorite talks. Even so, there ended up being a lot of disappointment – especially on the first day – as several sessions were already at full capacity minutes before they even started.</p>



<p class="wp-block-paragraph">This was particularly true for sessions featuring multiple OVHcloud speakers 💪.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="768" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260422_083446173-768x1024.jpg" alt="Full room at Devoxx France 2026" class="wp-image-31596" style="width:335px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260422_083446173-768x1024.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260422_083446173-225x300.jpg 225w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260422_083446173-1152x1536.jpg 1152w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260422_083446173-1536x2048.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260422_083446173-scaled.jpg 1920w" sizes="auto, (max-width: 768px) 100vw, 768px" /></figure>



<h3 class="wp-block-heading">Keynotes</h3>



<p class="wp-block-paragraph">The keynote sessions (“plenary sessions”) were also heavily centered on <strong>Artificial Intelligence</strong>, but with a notably broader lens beyond pure technology. Rather than focusing only on tools or LLM implementation, the talks explored AI through the intersecting dimensions of <strong>power, governance, cybersecurity, human transformation, and geopolitics</strong>.</p>



<p class="wp-block-paragraph">Some highlights from the keynotes:</p>



<ul class="wp-block-list">
<li><em>“In 50 years, AI has multiplied its power, along with the challenges of governance and cybersecurity”</em> &#8211; Laurence Devillers (<a href="https://x.com/lau_devil" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">@lau_devil</a>)</li>
</ul>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="576" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-3-1024x576.png" alt="Laurence Devillers at Devoxx France 2026" class="wp-image-31644" style="aspect-ratio:1.7777426704463952;width:527px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-3-1024x576.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-3-300x169.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-3-768x432.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-3.png 1200w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<ul class="wp-block-list">
<li>Jean-Gabriel Ganascia (<a href="https://x.com/Quecalcoatle" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">@Quecalcoatle</a>) questioned the promise of AI as a force that could free humans from effort, raising deeper reflections on what this means for our relationship with work and meaning.</li>
</ul>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-1-1024x768.png" alt="Jean-Gabriel Ganascia at Devoxx France 2026" class="wp-image-31640" style="width:536px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-1-1024x768.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-1-300x225.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-1-768x576.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-1-1536x1152.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-1.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<ul class="wp-block-list">
<li>Loup Cellard (<a href="https://x.com/CellardLoup" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">@CellardLoup</a>) examined the implications of foreign investments in AI infrastructure, shedding light on the geopolitical and strategic stakes behind these technologies.</li>
</ul>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="768" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-2-768x1024.png" alt="Loup Cellard at Devoxx France 2026" class="wp-image-31641" style="aspect-ratio:0.7500000158067569;width:258px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-2-768x1024.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-2-225x300.png 225w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-2-1152x1536.png 1152w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-2.png 1536w" sizes="auto, (max-width: 768px) 100vw, 768px" /></figure>



<h3 class="wp-block-heading"><strong>Meet &amp; Greet</strong></h3>



<p class="wp-block-paragraph">Devoxx France consists of three days of conferences, sponsor booths to discover, and Thursday evening’s unmissable annual tradition: the Meet &amp; Greet.</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="576" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/1776962145782-1024x576.jpg" alt="Meet and Greet at Devoxx France 2026" class="wp-image-31607" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/1776962145782-1024x576.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1776962145782-300x169.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1776962145782-768x432.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1776962145782-1536x864.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/1776962145782.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Thursday night’s <strong>Meet &amp; Greet</strong> is a major community event built around networking and social sessions like <strong>BOFs (Birds of a Feather)</strong> and seed networking. It’s one of the signature traditions of the conference, beyond talks and sponsor booths.</p>



<p class="wp-block-paragraph">This evening event is free, open to the public with pre-registration, and offers a genuine moment for connection, sharing, and conversation over a drink and a plate of charcuterie and cheese 😇.</p>



<p class="wp-block-paragraph">It’s also the opportunity to discover the fun of “Voxx Jam”, the community-party, music-oriented side of Devoxx/Voxxed culture 🎸.</p>



<h3 class="wp-block-heading">OVHcloud Presence</h3>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="768" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-08-23-06-896-41-768x1024.jpg" alt="OVHcloud booth at Devoxx France 2026" class="wp-image-31574" style="aspect-ratio:0.7499999738121478;width:360px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-08-23-06-896-41-768x1024.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-08-23-06-896-41-225x300.jpg 225w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-08-23-06-896-41-1152x1536.jpg 1152w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-08-23-06-896-41.jpg 1536w" sizes="auto, (max-width: 768px) 100vw, 768px" /></figure>



<p class="wp-block-paragraph">At the OVHcloud booth, we were a team of 8 speakers and 11 colleagues from Tech, HR, and Sales, and their dynamic presence really made a difference. Engaging in topics like AI, Public Cloud, Domain Names, Observability, Quantum technologies, and more, we had many insightful conversations throughout the event.</p>



<p class="wp-block-paragraph">We also discussed AI topics at the booth, which was of course the main theme of the conference, but not the only one.</p>



<p class="wp-block-paragraph">A lot of conversations also focused on sovereignty. Three years ago, people were saying: <em>“I don’t care about sovereignty, I’ll just choose the cheapest option.”</em> This year, the tone has clearly changed, <em>“How can we use your sovereign products?”</em></p>



<p class="wp-block-paragraph"><strong>There is a real shift happening,</strong> and once again, being present at events like this is essential to witness and take part in these evolving discussions.</p>



<p class="wp-block-paragraph">It was truly a top-tier booth experience for all of us💪.</p>



<div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex">
<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<figure class="wp-block-image size-large is-resized"><img loading="lazy" decoding="async" width="768" height="1024" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-24-12-34-31-442-768x1024.jpg" alt="OVHcloud booth at Devoxx France 2026" class="wp-image-31666" style="width:305px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-24-12-34-31-442-768x1024.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-24-12-34-31-442-225x300.jpg 225w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-24-12-34-31-442-1152x1536.jpg 1152w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-24-12-34-31-442.jpg 1536w" sizes="auto, (max-width: 768px) 100vw, 768px" /></figure>
</div>



<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_075255077.MP1_-1024x768.jpg" alt="OVHcloud booth at Devoxx France 2026" class="wp-image-31576" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_075255077.MP1_-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_075255077.MP1_-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_075255077.MP1_-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_075255077.MP1_-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_075255077.MP1_-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>
</div>



<p class="wp-block-paragraph">Of course, the goal of our booth was so attendees could discuss with our teams, but also so we could engage them through our very own video game, “Gaming Camp: Beat Cloud Villains!”. The specially designed video game’s description: <em>“Join the fight against the villains of the cloud. Take on Hidden Cost, Jailor Stack, and Autonomous Zero, and prove yourself as a true Guardian of the Cloud.”</em></p>



<p class="wp-block-paragraph">Players were welcomed to step into a two-player fighting game inspired by the style of <em>Street Fighter</em>, where strategy and skill are your best weapons. Game on!</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-10-15-34-094-1024x768.jpg" alt="Gaming Camp cloud villains game at the OVHcloud booth" class="wp-image-31575" style="width:644px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-10-15-34-094-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-10-15-34-094-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-10-15-34-094-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-10-15-34-094-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-10-15-34-094.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">We also wanted to say a word about the success of our Schrödinger cat (Quantum) swag – socks, keychains, badges – they were a huge hit, and often sparked great conversations throughout the event.</p>



<h3 class="wp-block-heading"><strong>OVHcloud Speakers &amp; Talks</strong></h3>



<p class="wp-block-paragraph">Getting accepted to Devoxx France is not easy, so we were proud to be included with 8 speakers and 11 talks! <strong>We were the most represented company</strong> <strong>in terms of talks at Devoxx France 2026,</strong> and ranked in the top 3 by number of speakers 💪.</p>



<p class="wp-block-paragraph">Congratulations to Benoit Masson, Fanny Bouton, Mathieu Busquet, Sébastien Ferrer, Théo Bougé, and Héla Ben Khalfallah, Stéphane Philippart &amp; Aurélie Vache for their talks 👏. A large number of attendees joined, and the sessions were all very high quality.</p>



<p class="wp-block-paragraph">Find here the topics of their talks:</p>



<h4 class="wp-block-heading">&#8220;Question pour un cluster Kubernetes : Quiz sur Kubernetes &amp; ses concepts&#8221;</h4>



<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 &#8220;The Ultimate Kubernetes Challenge: An Interactive Trivia Game on concepts, components, usage&#8230;&#8221;</em></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-12-1024x768.png" alt="Aurélie Vache speaking at Devoxx France 2026" class="wp-image-31824" style="width:565px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-12-1024x768.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-12-300x225.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-12-768x576.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-12.png 1200w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">🎤 Speaker: Aurélie Vache</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;Kubernetes est devenu le standard de facto pour déployer et exploiter des applications conteneurisées. Nous l&#8217;utilisons, ainsi que son ecosystème, au quotidien, mais le connaît-on si bien ?<br><br>Tout au long de ce talk, avec un mix de quiz et de démos en live, vous découvrirez (ou redécouvrirez) les concepts clés de Kubernetes (pods, secrets, services, namespaces&#8230;), les composants interne mais aussi les bonnes pratiques d&#8217;utilisation.<br><br>Un format original avec un quiz, du fun et des démos, qui conviendra aussi bien aux débutants qu’aux confirmés, afin d&#8217;apprendre, réviser et challenger vos connaissances du merveilleux monde de Kubernetes et de son écosystème, tout en s&#8217;amusant.<br><br>Soyez là ou le plus rapide pour tenter de gagner des cadeaux !&#8221;</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 Kubernetes has become the de facto standard for deploying and operating containerized applications. We use it, as well as its ecosystem, on a daily basis, but do we know them as well as we think we do?<br><br>With a mix of quiz and live demos, come learn and/or improve your knowledge. You will discover (or rediscover) the key concepts of Kubernetes (pods, secrets, services&#8230;), internal components but also best practices.<br><br>In this fun and dynamic talk, come compete throughout the quiz and explore the wonderful world of Kubernetes.<br>Icing on the cake: the first will win some swags.</em></p>
</blockquote>



<p class="wp-block-paragraph">🎥 <a href="https://www.youtube.com/watch?v=mS_Nz44cXlM" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Replay</a>.</p>



<h4 class="wp-block-heading">&#8220;QR Codes : suivez les points sans vous perdre !&#8221;</h4>



<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 &#8220;QR codes: follow the dots without getting lost!</em>&#8220;</p>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="717" height="690" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-11.png" alt="Benoit Masson speaking at Devoxx France 2026" class="wp-image-31822" style="width:389px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-11.png 717w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-11-300x289.png 300w" sizes="auto, (max-width: 717px) 100vw, 717px" /></figure>



<p class="wp-block-paragraph">🎤 Speaker: Benoît Masson &amp; Sébastien Chedor (OnePoint)</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;Les QR Codes, tout le monde connaît et les utilise régulièrement. Mais savez-vous vraiment comment ils fonctionnent, pourquoi c&#8217;est aussi rapide et fiable, même avec une caméra de faible qualité ou un code en partie caché ou détérioré ?<br><br>Nous vous proposons de coder ensemble un lecteur de QR Codes, avec un minimum d&#8217;outils :<br>* capture et analyse de la vidéo issue de la webcam pour détecter la position du code, à l&#8217;aide d&#8217;OpenCV<br>* extraction et décodage du contenu, avec correction d&#8217;erreur grâce à l&#8217;algorithme de Reed-Solomon.<br><br>À la fin de cette session, vous devriez être capables de décoder un QR Code à l&#8217;oeil nu 🕵️ (et un brouillon…)&#8221;.</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 <em>“Everyone knows QR codes and uses them regularly. But do you really know how they work, and why they are so fast and reliable, even with a low-quality camera or a partially hidden or damaged code?</em></em><br><br><em>We propose coding a QR code reader together, using a minimum number of tools:</em><br>* <em>capturing and analysing webcam video to detect the position of the code, using OpenCV</em><br>* <em>extracting and decoding the content, with error correction using the Reed-Solomon algorithm</em><br><br><em>By the end of this session, you should be able to decode a QR code with the naked eye 🕵️— and a rough sheet of paper…”</em></p>
</blockquote>



<p class="wp-block-paragraph">🎥 <a href="https://www.youtube.com/watch?v=iSebbzNcojU" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Replay</a>.</p>



<h4 class="wp-block-heading">&#8220;Noms de domaines : la grande histoire des petites extensions&#8221;</h4>



<p class="wp-block-paragraph">🏴󠁧󠁢󠁥󠁮󠁧󠁿 <em><em>“Domain names: the big story behind small extensions”</em></em></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="626" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Devoxx-2026-Benoit-Theo-1024x626.jpg" alt="Benoit Masson and Theo Bougé speaking at Devoxx France 2026" class="wp-image-31799" style="aspect-ratio:1.6357688113413305;width:548px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Devoxx-2026-Benoit-Theo-1024x626.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Devoxx-2026-Benoit-Theo-300x183.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Devoxx-2026-Benoit-Theo-768x469.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Devoxx-2026-Benoit-Theo-1536x939.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Devoxx-2026-Benoit-Theo.jpg 1800w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">🎤 Speakers: Benoît Masson &amp; Theo Bougé</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;Derrière les quelques lettres qui suivent un point (.com, .fr, .ai…) se cache un univers riche de stratégies techniques, d’enjeux géopolitiques et de batailles commerciales.<br><br>À l’approche du nouveau round de l’ICANN prévu en 2026 qui va autoriser de nouvelles extensions, il est temps de revenir sur les fondations techniques du DNS, ainsi que sur les grands épisodes de cette aventure méconnue. Des TLD historiques aux extensions détournées, des dramas autour du .web aux ambitions du Web3, nous explorerons l’évolution d’un système devenu central dans les logiques de souveraineté numérique et d’innovation commerciale.<br><br>Une plongée dans les coulisses d’un Internet en perpétuelle transformation.&#8221;</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “Behind the few letters that follow a dot — .com, .fr, .ai and others — lies a rich world of technical strategies, geopolitical issues and commercial battles.</em><br><br><em>As the new ICANN round planned for 2026 approaches, which will authorise new extensions, it is time to revisit the technical foundations of DNS, as well as the major episodes in this little-known story. From historic TLDs to repurposed extensions, from the drama around .web to the ambitions of Web3, we will explore the evolution of a system that has become central to digital sovereignty and commercial innovation.</em><br><br><em>A deep dive behind the scenes of an Internet in constant transformation.”</em></p>
</blockquote>



<p class="wp-block-paragraph">🎥 <a href="https://www.youtube.com/watch?v=FZj6VEnxsRI" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Replay</a>.</p>



<h4 class="wp-block-heading">&#8220;Informatique quantique, ce coup-ci on vous dit tout !&#8221;</h4>



<p class="wp-block-paragraph">🏴󠁧󠁢󠁥󠁮󠁧󠁿 <em><em>“Quantum computing: this time, we tell you everything!”</em></em></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-23-13-35-06-078-1024x768.jpg" alt="Fanny Bouton speaking at Devoxx France 2026" class="wp-image-31802" style="width:496px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-23-13-35-06-078-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-23-13-35-06-078-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-23-13-35-06-078-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-23-13-35-06-078-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-23-13-35-06-078.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">🎤 Speaker: Fanny Bouton, Olivier Ezrati (Quantum Energy Initiative) &amp; Guillaume Schurck (Alice &amp; Bob)</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;<strong>Informatique quantique pour développeurs : comprendre, coder, passer à l’échelle</strong><br><br>L’informatique quantique sort du laboratoire et devient progressivement accessible aux développeurs via des SDK open source, des notebooks, des simulateurs et des QPU disponibles dans le cloud. En 2026, la question n’est plus <em>« qu’est-ce que le quantique ? »</em> mais <em>« comment un développeur peut-il s’en emparer concrètement ? »</em><br><br>Nous commencerons par poser les bases essentielles pour comprendre le modèle de calcul quantique : qubit, superposition, intrication, et ce que ces concepts impliquent pour un développeur.<br>Nous passerons ensuite au <strong>code</strong> : écrire et exécuter des circuits quantiques, utiliser des SDK modernes, travailler dans des notebooks, tester sur simulateur puis sur de vrais QPU. Vous verrez à quoi ressemble un workflow quantique aujourd’hui.<br><br>Enfin, nous aborderons les <strong>cas d’usage concrets</strong>, illustrés par le retour d’expérience d’un grand compte : ce qui fonctionne déjà, les limites actuelles, et comment les équipes tech expérimentent le quantique de manière réaliste et industrielle.<br><br>Une session technique pensée pour les développeurs qui veulent anticiper la prochaine évolution majeure du calcul.&#8221;</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “Quantum computing for developers: understand, code and scale up.</em><br><em>Quantum computing is moving out of the laboratory and becoming progressively accessible to developers through open source SDKs, notebooks, simulators and QPUs available in the cloud. In 2026, the question is no longer ‘What is quantum?’ but ‘How can developers make practical use of it?’</em><br><br><em>We will begin by laying out the essential foundations needed to understand the quantum computing model: qubits, superposition, entanglement, and what these concepts mean for developers.</em><br><br><em>We will then move on to code: writing and running quantum circuits, using modern SDKs, working in notebooks, testing on simulators and then on real QPUs. You will see what a quantum workflow looks like today.</em><br><br><em>Finally, we will address concrete use cases, illustrated by the experience of a large account: what already works, the current limitations, and how tech teams are experimenting with quantum computing in a realistic and industrial way.</em><br><br><em>A technical session designed for developers who want to anticipate the next major evolution in computing.”</em></p>
</blockquote>



<p class="wp-block-paragraph">🎥 <a href="https://www.youtube.com/watch?v=zyB2a3rwhYw" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Replay</a>.</p>



<h4 class="wp-block-heading">&#8220;Développer avec l&#8217;IA : et si c&#8217;était aussi simple qu&#8217;ajouter une librairie ?&#8221;</h4>



<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “Developing with AI: what if it were as simple as adding a library?”</em></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="576" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-13-37-09-682-1024x576.jpg" alt="Stéphane Philippart and Mathieu Busquet speaking at Devoxx France 2026" class="wp-image-31807" style="aspect-ratio:1.7777426704463952;width:600px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-13-37-09-682-1024x576.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-13-37-09-682-300x169.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-13-37-09-682-768x432.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-13-37-09-682-1536x864.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/signal-2026-04-22-13-37-09-682.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">🎤 Speakers: Mathieu Busquet &amp; Stéphane Philippart</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;Intégrer de l&#8217;intelligence artificielle (IA) dans nos développements peut nous paraître plus complexe que de les utiliser dans notre quotidien.<br><br>Dois-je apprendre un nouveau langage ou une nouvelle stack ?<br>Durant ce workshop nous vous proposons de vous donner tous les éléments pour intégrer l&#8217;IA sans quitter votre langage de prédilection : Java 😍. Ce sera l&#8217;occasion de découvrir les Frameworks du moments : LangChain4j, Quarkus, …<br><br>Nous vous invitons à découvrir toutes les facettes d&#8217;un chatbot avec l&#8217;IA générative (customiser un prompt, rajouter vos données (RAG), appeler des outils locaux ou distants (MCP) et créer des agents) mais aussi parce que l’IA ne se limite pas aux chatbots : faire de la transcription, créer de l&#8217;audio ou même faire un traducteur.<br><br>Et, toujours pour vous simplifier la vie, venez juste avec votre ordinateur et un navigateur Internet, on se charge du reste pour vous construire un environnement de développement aux petits oignons grâce aux CDE.<br><br>À la suite de ce talk vous repartirez avec une boîte à outils vous permettant d&#8217;intégrer simplement la puissance des modèles d&#8217;IA au sein de vos développements de tous les jours.&#8221;</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “Integrating artificial intelligence into our developments can seem more complex than using it in our daily lives.</em><br><br><em>Do I need to learn a new language or a new stack?</em><br><br><em>During this workshop, we will give you all the tools you need to integrate AI without leaving your favourite language: Java 😍. It will be an opportunity to discover some of today’s key frameworks, including LangChain4j and Quarkus.</em><br><br><em>We invite you to explore all the facets of a chatbot with generative AI — customising a prompt, adding your own data with RAG, calling local or remote tools with MCP, and creating agents — but also to see that AI is not limited to chatbots: it can also be used for transcription, audio creation and even translation.</em><br><br><em>And to make your life even easier, just bring your computer and an internet browser. We will take care of the rest, building a polished development environment for you thanks to CDEs.</em><br><br><em>After this talk, you will leave with a toolkit that will allow you to integrate the power of AI models into your everyday development work.”</em></p>
</blockquote>



<h4 class="wp-block-heading">&#8220;Détectives de la prod : résoudre l’enquête avant le crash&#8221;</h4>



<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “Production detectives: solve the case before the crash”</em></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-7-1024x768.png" alt="Sébastien Ferrer speaking at Devoxx France 2026" class="wp-image-31809" style="width:590px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-7-1024x768.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-7-300x225.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-7-768x576.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-7-1536x1152.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-7.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">🎤 Speaker: Sébastien Ferrer</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;Saviez-vous que, derrière les coulisses de vos outils de travail, se cachent des équipes prêtes à intervenir à tout moment ?<br><br>Ces équipes, souvent discrètes mais essentielles, gèrent des dizaines de projets avec des effectifs réduits. Mais quand une alerte survient, elles doivent réagir vite. Très vite. Comment réussir à diagnostiquer et résoudre un incident en pleine production, sans perdre une précieuse seconde ?<br><br>Dans ce talk je vous emmène au cœur de l’action, où je partage notre méthodologie pour transformer chaque crise en une enquête méthodique et efficace. Nous explorerons comment des outils bien pensés, une organisation affûtée, et un soupçon d’intuition transforment la gestion d’incidents en une véritable enquête… parfois aussi palpitante qu’une partie de Cluedo.<br><br>Au programme : bonnes pratiques de troubleshooting, logging et monitoring, pour que vous repartiez avec des clés concrètes pour dompter les incidents dans vos propres projets.<br><br>Vous verrez qu’en production, chaque problème cache une histoire… à résoudre en équipe !&#8221;</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “Did you know that behind the scenes of your work tools, there are teams ready to intervene at any moment?</em><br><br><em>These teams, often discreet but essential, manage dozens of projects with limited staff. But when an alert occurs, they need to react quickly. Very quickly. How can they diagnose and resolve a production incident without losing precious seconds?</em><br><br><em>In this talk, I will take you into the heart of the action, where I share our methodology for turning every crisis into a structured and efficient investigation. We will explore how well-designed tools, a well-honed organisation and a touch of intuition can transform incident management into a real investigation — sometimes as thrilling as a game of Cluedo.</em><br><br><em>On the agenda: troubleshooting best practices, logging and monitoring, so you leave with concrete keys to taming incidents in your own projects.</em><br><br><em>You will see that in production, every problem hides a story… one to solve as a team!”</em></p>
</blockquote>



<p class="wp-block-paragraph">🎥 <a href="https://www.youtube.com/watch?v=sOQ6oCv0mOU" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Replay</a>.</p>



<h4 class="wp-block-heading">&#8220;Et si écrire du SQL redevenait cool ?&#8221;</h4>



<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “What if writing SQL became cool again?”</em></p>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="800" height="600" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-10.png" alt="Sébastien Ferrer speaking at Devoxx France 2026" class="wp-image-31820" style="width:482px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-10.png 800w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-10-300x225.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-10-768x576.png 768w" sizes="auto, (max-width: 800px) 100vw, 800px" /></figure>



<p class="wp-block-paragraph">🎤 Speaker: Sébastien Ferrer</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;On nous l’a répété maintes fois : “écrire du SQL dans du code source, c’est dépassé”.<br><br>Les ORMs sont partout. Ils ont facilité notre quotidien en nous permettant de manipuler nos bases de données sans nous soucier du SQL. Mais parfois, on aimerait un peu plus de contrôle, un peu plus de performance… sans pour autant revenir aux longues heures de mapping manuel et de requêtes préparées à la main.<br><br>SQLC offre une autre approche. Initialement conçu pour du Go, langage dans lequel cette technologie sera présentée dans ce talk, il permet d’écrire des requêtes SQL tout en générant du code type-safe et performant, sans ajouter de lourdeur ni de dépendances. Pas question ici de rejeter les ORMs, mais plutôt d’explorer un nouvel outil qui vient enrichir notre palette de solutions.<br><br>Dans ce talk, nous verrons comment SQLC fonctionne, dans quels cas il brille, et comment il s’intègre parfaitement dans un stack moderne. Vous aimez le SQL ? Vous voulez juste un peu plus de maîtrise sur vos requêtes ? Venez, vous risquez d’être agréablement surpris.&#8221;</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “We have been told many times: ‘Writing SQL in source code is outdated.’</em><br><br><em>ORMs are everywhere. They have made our daily lives easier by allowing us to manipulate databases without worrying about SQL. But sometimes, we would like a little more control, a little more performance — without going back to long hours of manual mapping and hand-written prepared queries.</em><br><br><em>SQLC offers another approach. Initially designed for Go, the language in which this technology will be presented during the talk, it allows you to write SQL queries while generating type-safe and high-performance code, without adding heaviness or dependencies. The goal here is not to reject ORMs, but rather to explore a new tool that enriches our range of solutions.</em><br><br><em>In this talk, we will see how SQLC works, where it shines, and how it integrates perfectly into a modern stack. Do you like SQL? Do you simply want more control over your queries? Come along — you may be pleasantly surprised.”</em></p>
</blockquote>



<p class="wp-block-paragraph">🎥 <a href="https://www.youtube.com/watch?v=H_macw0wqJ0" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Replay</a>.</p>



<h4 class="wp-block-heading">&#8220;🤖 Apprendre à notre IA à &#8230; apprendre 🧠&#8221;</h4>



<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “🤖 Teaching our AI to… learn 🧠”</em></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="769" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/42793-1024x769.jpg" alt="Stéphane Philippart speaking at Devoxx France 2026" class="wp-image-31816" style="aspect-ratio:1.3315973153489673;width:584px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/42793-1024x769.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/42793-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/42793-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/42793-1536x1153.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/42793.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">🎤 Speaker: Stéphane Philippart</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;RAG, MCP, tooling, function calling, agents, fine tuning, training, …<br>Que de termes barbares mais qui ont tous le même objectif : faire en sorte que le modèle d&#8217;intelligence artificielle que vous utilisez réponde correctement à vos questions et attentes 😅.<br>Et pour ça il va falloir ajouter de la connaissance, des données (privée ou publiques, …).<br><br>Durant ce talk je vous propose d&#8217;y voir un peu plus clair dans cette jungle des acronymes puis, fort de connaître les différences, vous proposer comment l&#8217;implémenter en tant que développeuses et développeurs.<br><br>Chaque approche a ses spécificités, ses avantages et ses inconvénients.<br>A la fin de ce talk, non seulement vous saurez choisir la bonne approche, mais aussi ajouter dans vos développements quotidiens la dose d&#8217;IA utile.&#8221;</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 <em>“RAG, MCP, tooling, function calling, agents, fine tuning, training…</em></em><br><br><em>So many intimidating terms, but they all have the same goal: ensuring that the artificial intelligence model you use responds correctly to your questions and expectations 😅.</em><br><br><em>And to do that, you need to add knowledge and data — private, public or otherwise.</em><br><br><em>During this talk, I will help you see more clearly through this jungle of acronyms, and once you understand the differences, I will show you how to implement them as developers.</em><br><br><em>Each approach has its own specificities, advantages and disadvantages.</em><br><br><em>By the end of this talk, you will not only know how to choose the right approach, but also how to add the right dose of useful AI into your daily development work.”</em></p>
</blockquote>



<p class="wp-block-paragraph">🎥 <a href="https://www.youtube.com/watch?v=N3NzgO6M-Ss" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Replay</a>.</p>



<h4 class="wp-block-heading">&#8220;Refactorer sans tout casser: anatomie des patterns de modernisation incrémentale&#8221;</h4>



<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 “Refactoring without breaking everything: anatomy of incremental modernisation patterns”</em></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="576" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-9-1024x576.png" alt="Héla Ben Khalfallah speaking at Devoxx France 2026" class="wp-image-31818" style="aspect-ratio:1.7777426704463952;width:560px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-9-1024x576.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-9-300x169.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-9-768x432.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-9-1536x864.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/image-9.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">🎤 Speaker: Héla Ben Khalfallah</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">&#8220;Cette session répond à un problème extrêmement courant mais rarement traité de façon structurée : comment moderniser un système legacy sans big bang, sans freeze de la prod, et sans multiplier les régressions. Plutôt que de parler “microservices” ou “rewrite from scratch” de manière abstraite, la session propose un playbook de modernisation incrémentale, articulé autour de patterns éprouvés : Strangler Fig, Parallel Change (Expand/Contract), Branch by Abstraction, décomposition par capacités métier / sous-domaines / transactions, et les patterns de conception (Facade, Adapter, Proxy, Mediator) utilisés comme briques concrètes de migration.<br><br>Le contenu est ancré dans la pratique : il synthétise à la fois des retours d’expérience industriels (Netflix, Khan Academy, etc.) et des travaux de recherche / rédaction. L’objectif n’est pas de présenter un catalogue de patterns, mais de montrer comment les combiner pour construire une trajectoire de migration observable, réversible et livrable en continu.<br><br>Vous repartirez avec une grille de lecture concrète pour garder des migrations observables, réversibles et compatibles avec le rythme produit.&#8221;</p>
</blockquote>



<p class="wp-block-paragraph"></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>🏴󠁧󠁢󠁥󠁮󠁧󠁿 <em><em>“This session addresses an extremely common problem that is rarely handled in a structured way: how to modernise a legacy system without a big bang, without a production freeze, and without multiplying regressions. Rather than talking abstractly about microservices or rewriting from scratch, the session offers an incremental modernisation playbook built around proven patterns: Strangler Fig, Parallel Change — Expand/Contract — Branch by Abstraction, decomposition by business capabilities, subdomains and transactions, as well as design patterns such as Facade, Adapter, Proxy and Mediator used as concrete building blocks for migration.</em></em></em><br><br><em>The content is rooted in practice: it brings together both industrial feedback from companies such as Netflix and Khan Academy, and research and written work. The goal is not to present a catalogue of patterns, but to show how they can be combined to build a migration path that is observable, reversible and continuously deliverable.</em><br><br><em>You will leave with a concrete framework for keeping migrations observable, reversible and compatible with the pace of product development.”</em></p>
</blockquote>



<p class="wp-block-paragraph">🎥 <a href="https://www.youtube.com/watch?v=X2YyWAh336Y" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Replay</a>.</p>



<p class="wp-block-paragraph">📺 Devoxx France published the 232 videos (keynotes, conferences, tools in action, lunch talks &amp; deep dives) on the <a href="https://www.youtube.com/@devoxxfrvideos" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Devoxx France YouTube channel</a>.</p>



<h3 class="wp-block-heading">Podcast</h3>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_091521008-1024x768.jpg" alt="Podcast recording at Devoxx France 2026" class="wp-image-31598" style="width:428px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_091521008-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_091521008-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_091521008-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_091521008-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/PXL_20260423_091521008-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Devoxx France was also an opportunity for OVHcloud’s Aurélie Vache, Stéphane Philippart, and Magali De Labareyre to be interviewed in the Press space for the “Tech en Pratique” podcast.</p>



<p class="wp-block-paragraph">The episodes will be available on <a href="https://www.youtube.com/@ekit3" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">YouTube</a> starting in September! 🙂</p>



<h3 class="wp-block-heading">Key Trends</h3>



<ul class="wp-block-list">
<li><strong>AI moved from hype to production</strong><br>The focus shifted toward agentic systems, RAG, observability, governance, and enterprise integration, with more emphasis on shipping useful AI than experimenting.</li>
</ul>



<ul class="wp-block-list">
<li><strong><strong>Java evolved for modern AI and cloud workloads</strong><br></strong>LangChain4j, GraalVM, native image, and JDK modernization reinforced Java’s role as a serious platform for AI-enabled enterprise systems.</li>
</ul>



<ul class="wp-block-list">
<li><strong>Platform engineering became a core priority</strong><br>CI/CD maturity, OpenRewrite, modernization, and developer productivity all reflected one goal: faster delivery without losing control.</li>
</ul>



<ul class="wp-block-list">
<li><strong>Security moved deeper into developer workflows</strong><br>Shift-left security, AppSec, authorization, Software Supply Chain Security and secure-by-design approaches gained importance, especially with AI-generated code increasing governance needs.</li>
</ul>



<ul class="wp-block-list">
<li><strong>Cloud &amp; architecture focused on operational resilience</strong><br>Kubernetes, containers, observability, and scalable systems remained central, with a stronger focus on practical engineering over hype.</li>
</ul>



<ul class="wp-block-list">
<li><strong>Front-end discussions matured</strong><br>Accessibility, performance, reactivity, and maintainability took priority over framework wars.</li>
</ul>



<ul class="wp-block-list">
<li><strong>Open source and European digital sovereignty gained traction</strong><br>Open models, self-hosted tooling, privacy, and vendor independence became increasingly important themes.</li>
</ul>



<ul class="wp-block-list">
<li><strong>Developer experience (DX) became strategic</strong><br>Tooling, automation, terminal workflows, and reducing cognitive load were seen as key drivers of productivity and competitiveness.</li>
</ul>



<h3 class="wp-block-heading">Conclusion</h3>



<p class="wp-block-paragraph">This Devoxx France edition was a raging success for the speakers, sponsors, and attendees alike ♥️.</p>



<h3 class="wp-block-heading">💬 Stay in Touch</h3>



<p class="wp-block-paragraph">Want to chat with us, share your thoughts, or just say hi? Here’s how to get in touch with us:</p>



<ul class="wp-block-list">
<li>🟣&nbsp;<strong>Discord</strong>:&nbsp;<a href="https://discord.gg/ovhcloud" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">OVHcloud Discord server</a></li>



<li>🐦&nbsp;<strong>X / Twitter</strong>:&nbsp;<a href="https://twitter.com/OVHcloud" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">@OVHcloud</a></li>



<li>💼&nbsp;<strong>LinkedIn</strong>:&nbsp;<a href="https://www.linkedin.com/company/ovhgroup" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">OVHcloud LinkedIn</a></li>



<li>🐙&nbsp;<strong>GitHub</strong>:&nbsp;<a href="https://github.com/ovh" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">github.com/ovh</a></li>
</ul>



<p class="wp-block-paragraph"></p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fdevoxx-france-2026%2F&amp;action_name=Devoxx%20France%202026%3A%20feedback%20and%20highlights&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Navigating OVHcloud Enterprise File Storage (EFS) with Trident CSI On Kubernetes clusters (MKS)</title>
		<link>https://blog.ovhcloud.com/navigating-ovhcloud-enterprise-file-storage-efs-with-trident-csi-on-kubernetes-clusters-mks/</link>
		
		<dc:creator><![CDATA[Aurélie Vache]]></dc:creator>
		<pubDate>Mon, 11 May 2026 12:18:46 +0000</pubDate>
				<category><![CDATA[OVHcloud Engineering]]></category>
		<category><![CDATA[Kubernetes]]></category>
		<category><![CDATA[OVHcloud]]></category>
		<category><![CDATA[Public Cloud]]></category>
		<category><![CDATA[Storage]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=31391</guid>

					<description><![CDATA[If you find yourself in need of shared persistent storage for applications running on OVHcloud Managed Kubernetes Service (MKS), then [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fnavigating-ovhcloud-enterprise-file-storage-efs-with-trident-csi-on-kubernetes-clusters-mks%2F&amp;action_name=Navigating%20OVHcloud%20Enterprise%20File%20Storage%20%28EFS%29%20with%20Trident%20CSI%20On%20Kubernetes%20clusters%20%28MKS%29&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="1020" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG_1587-1024x1020.png" alt="" class="wp-image-31461" style="aspect-ratio:1.0039264898357345;width:426px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG_1587-1024x1020.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG_1587-300x300.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG_1587-150x150.png 150w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG_1587-768x765.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG_1587-70x70.png 70w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG_1587.png 1253w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">If you find yourself in need of shared persistent storage for applications running on OVHcloud Managed Kubernetes Service (MKS), then OVHcloud Enterprise File Storage (EFS) with Trident CSI offers you a practical way to provision and manage it.</p>



<p class="wp-block-paragraph">This blog post explains how to create and connect OVHcloud EFS to your MKS cluster using Trident CSI, so you can dynamically provision persistent storage for Kubernetes workloads.</p>



<h3 class="wp-block-heading">OVHcloud Enterprise File System (EFS)</h3>



<figure class="wp-block-image aligncenter size-full"><img loading="lazy" decoding="async" width="100" height="100" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Enterprise-File-Storage@2x.png" alt="" class="wp-image-31410" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Enterprise-File-Storage@2x.png 100w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Enterprise-File-Storage@2x-70x70.png 70w" sizes="auto, (max-width: 100px) 100vw, 100px" /></figure>



<p class="wp-block-paragraph"><a href="https://www.ovhcloud.com/fr/storage-solutions/enterprise-file-storage/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">EFS</a> is a high-performance, fully managed file storage solution powered by NetApp ONTAP in an active-active architecture. It is designed for enterprise workloads requiring high availability, predictable performance, and seamless integration with cloud-native environments.</p>



<p class="wp-block-paragraph">The service is available in multiple regions, including Roubaix, Gravelines, Strasbourg, Limbourg, and Beauharnois, with a strong SLA of 99.99% uptime. Storage capacity ranges from 50 GB up to 29 TB.</p>



<p class="wp-block-paragraph">EFS delivers guaranteed performance with 4,000 IOPS and 64 MB/s throughput per TiB, scaling linearly with volume size thanks to NVMe SSD infrastructure.</p>



<p class="wp-block-paragraph">Built for modern infrastructures, <a href="https://help.ovhcloud.com/csm/en-gb-public-cloud-storage-netapp-trident-csi?id=kb_article_view&amp;sysparm_article=KB0074862" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">EFS integrates natively with Kubernetes via Trident CSI</a> (compatible with MKS) and supports ReadWriteMany (RWX) access. It operates within a single availability zone (1AZ) and provides low-latency NFS storage over OVHcloud’s secure vRack network, ensuring strong security and compliance.</p>



<h3 class="wp-block-heading">NetApp Trident CSI</h3>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="350" height="387" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-9.png" alt="" class="wp-image-31406" style="width:201px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-9.png 350w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-9-271x300.png 271w" sizes="auto, (max-width: 350px) 100vw, 350px" /></figure>



<p class="wp-block-paragraph"><a href="https://github.com/netApp/trident" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Trident</a> is an open-source, fully supported storage orchestration project maintained by <a href="https://www.netapp.com/fr/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">NetApp</a>. It is designed to help Kubernetes applications consume persistent storage using standard interfaces such as the Container Storage Interface (<a href="https://github.com/container-storage-interface/spec/blob/master/spec.md" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">CSI</a>).</p>



<p class="wp-block-paragraph">Trident runs directly inside Kubernetes clusters as a set of <strong>Pods</strong> and enables dynamic provisioning and management of storage for containerized workloads. It allows applications to easily access persistent storage from NetApp’s ecosystem, including ONTAP systems (like the OVHcloud EFS).</p>



<h3 class="wp-block-heading">Let&#8217;s do it!</h3>



<h4 class="wp-block-heading">EFS creation</h4>



<p class="wp-block-paragraph">We already have a MKS cluster, in GRA11 region, running inside a private network and a subnet, with a gateway.<br>We also already have a vRack and our Public Cloud Project attached to this vRack.<br>So in this blog post we will only create a new EFS in <strong>eu-west-rbx</strong> region, attached to a vRackServices, inside the same subnet that our existing MKS cluster.</p>



<p class="wp-block-paragraph">Here you can see the architecture of all the services:</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="554" src="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Untitled-2026-05-04-11371-1024x554.png" alt="" class="wp-image-31538" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/05/Untitled-2026-05-04-11371-1024x554.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Untitled-2026-05-04-11371-300x162.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Untitled-2026-05-04-11371-768x415.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Untitled-2026-05-04-11371-1536x831.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/05/Untitled-2026-05-04-11371-2048x1107.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">⚠️ EFS and MKS regions may differ; be aware that latency between different regions may impact your storage workloads performance. <strong>It&#8217;s highly recommended to keep your storage and compute as close as possible.</strong></p>



<p class="wp-block-paragraph">We will deploy the EFS in <strong>eu-west-rbx</strong> instead of in <strong>eu-west-gra</strong> region to show you that it is possible.</p>



<p class="wp-block-paragraph">To deploy the EFS, we will use the <a href="https://registry.terraform.io/modules/ovh/efs/ovh/latest" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Terraform OVHcloud EFS module</a>.</p>



<p class="wp-block-paragraph">The module we will use can deploy all the components necessary to use EFS with a MKS cluster (like you can see in the schema).</p>



<p class="wp-block-paragraph">But in this blog post we will assume that we already deployed:</p>



<ul class="wp-block-list">
<li>a vRack</li>



<li>a Private Network</li>



<li>a Private Subnet</li>



<li>a Gateway</li>



<li>a MKS cluster</li>
</ul>



<p class="wp-block-paragraph">So using the Terraform module we will fill the existing resources information and ask Terraform to create:</p>



<ul class="wp-block-list">
<li>an OAuth2 credential</li>



<li>an IAM policy</li>



<li>an EFS</li>



<li>a vRack Services</li>
</ul>



<p class="wp-block-paragraph">Let&#8217;s deploy our components with Terraform!</p>



<p class="wp-block-paragraph">Create a <strong>provider.tf </strong>file and fill it with the information:</p>



<pre class="wp-block-code"><code class="">terraform {<br>  required_providers {<br>    ovh = {<br>      source  = "ovh/ovh"<br>      version = "&gt;= 2.12.0"<br>    }<br>    null = {<br>      source  = "hashicorp/null"<br>      version = "&gt;= 3.0.0"<br>    }<br>  }<br><br>  required_version = "&gt;= 1.7.0"<br>}<br><br>provider "ovh" {<br>}</code></pre>



<p class="wp-block-paragraph">If you don&#8217;t define the provider information inside this file, as was shown in this example, you can instead set the environment variables with your credentials:</p>



<pre class="wp-block-code"><code class=""># OVHcloud provider needed keys<br>export OVH_ENDPOINT="ovh-eu"<br>export OVH_APPLICATION_KEY="xxx"<br>export OVH_APPLICATION_SECRET="xxx"<br>export OVH_CONSUMER_KEY="xxx"<br>export OVH_CLOUD_PROJECT_SERVICE="xxx"</code></pre>



<p class="wp-block-paragraph">Create a <strong>variable.tf.template</strong> file and fill it with these information:</p>



<pre class="wp-block-code"><code class=""># Existing services<br>variable "service_name" {<br>  default = "$OVH_CLOUD_PROJECT_SERVICE"<br>}<br><br>variable "vrack_id" {<br>  default = "pn-1234567" #ID of your existing vRack<br>}<br><br>variable "vlan_id" {<br>  default = "666" #ID of your VLAN<br>}<br><br>variable "private_network_id" {<br>  default = "d111cb65-1234-5678-9012-dac2e93b8944" #ID of your private network<br>}<br><br>variable "private_subnet_id" {<br>  default = "d8dc2469-1234-5678-9012-1f86551d3466" #ID of your subnet<br>}<br><br>variable "vrackservices_subnet_service_range_cidr" {<br>  default = "192.168.168.248/29" #CIDR of your private network<br>}<br><br>variable "private_subnet_cidr" {<br>  default = "192.168.168.0/24" #CIDR of your subnet<br>} <br><br>variable "mks_region" {<br>  default = "GRA11" #Region of your existing MKS cluster<br>}<br><br>variable "mks_cluster_id" {<br>  default = "7c3e1e6e-1234-5678-9012-4fb5a5b145e7" #ID of your existing MKS cluster<br>}<br><br># Services to create<br><br>variable "oauth2_client_name" {<br>  default = "efs-trident-client-example"<br>}<br><br>variable "oauth2_client_description" {<br>  default = "OAuth2 client for EFS Trident integration"<br>}<br><br>variable "iam_policy_name" {<br>  default = "efs-trident-policy-example"<br>}<br><br>variable "iam_policy_description" {<br>  default = "IAM policy for EFS Trident access"<br>}<br><br>variable "vrackservices_attach_to_efs" {<br>  description = "Whether to attach the EFS service endpoint to vRack Services. Set to false before destroying."<br>  type        = bool<br>  default     = true<br>}<br><br>variable "efs_region" {<br>  default = "eu-west-rbx"<br>}<br><br>variable "efs_name" {<br>  default = "my-efs-storage"<br>}<br><br>variable "efs_plan" {<br>  default = "enterprise-file-storage-premium-1tb"<br>}</code></pre>



<p class="wp-block-paragraph">⚠️ In the file, replace the IDs, CIDR &amp; MKS region with your existing resources information.</p>



<p class="wp-block-paragraph">Replace the value of the <strong>OVH_CLOUD_PROJECT_SERVICE</strong> environment variable in the <strong>variables.tf</strong> file: </p>



<pre class="wp-block-code"><code class="">envsubst &lt; variables.tf.template &gt; variables.tf</code></pre>



<p class="wp-block-paragraph">Create a <strong>efs.tf</strong> file and fill it with the information:</p>



<pre class="wp-block-code"><code class="">module "ovh_efs_trident" {<br>  source = "ovh/efs/ovh//modules/efs-trident"<br><br>  # OVH region for EFS and vRack Services<br>  region = var.efs_region<br><br>  # Public Cloud region for MKS and private network<br>  public_cloud_region = var.mks_region<br><br>  # VLAN ID must be the same for vRack Services and Public Cloud private network<br>  vlan_id = var.vlan_id<br><br>  # Set to false before destroying to detach endpoint first<br>  vrackservices_attach_to_efs = var.vrackservices_attach_to_efs<br><br>  # EFS creation<br>  storage_efs_name      = var.efs_name<br>  storage_efs_plan_code = var.efs_plan<br><br>  # --- vRack ---<br>  create_vrack       = false<br>  vrack_service_name = var.vrack_id<br><br>  # --- Cloud Project ---<br>  create_cloud_project        = false<br>  cloud_project_id            = var.service_name<br>  bind_vrack_to_cloud_project = false # Set to false if already bound<br><br>  # --- Private Network ---<br>  create_private_network      = false<br>  private_network_id = var.private_network_id<br><br>  # --- Private Subnet ---<br>  create_private_subnet      = false<br>  private_subnet_id = var.private_subnet_id<br><br>  # --- Gateway ---<br>  create_gateway = false  # Set to false only if existing network has gateway<br><br>  # --- MKS Cluster ---<br>  create_mks_cluster = false<br>  mks_cluster_id     = var.mks_cluster_id # mks-priv-gra11<br>  create_node_pool   = false # Set to false if using existing node pool<br><br>  # OAuth2 and IAM<br>  oauth2_client_name        = var.oauth2_client_name<br>  oauth2_client_description = var.oauth2_client_description<br>  iam_policy_name           = var.iam_policy_name<br>  iam_policy_description    = var.iam_policy_description<br><br>  # Network (shared between vRack Services and Public Cloud)<br>  private_network_subnet_cidr             = var.private_subnet_cidr<br>  vrackservices_subnet_service_range_cidr = var.vrackservices_subnet_service_range_cidr # EFS gets IPs here<br>}</code></pre>



<p class="wp-block-paragraph">Create an <strong>output.tf</strong> file with the following content:</p>



<pre class="wp-block-code"><code class="">output "client_id" {<br>    value = module.ovh_efs_trident.client_id<br>}<br><br>output "client_secret" {<br>    value = module.ovh_efs_trident.client_secret<br>    sensitive = true<br>}<br><br>output "efs_id" {<br>  value       = module.ovh_efs_trident.efs_id<br>}</code></pre>



<p class="wp-block-paragraph">The Terraform configuration is ready. Let&#8217;s init it:</p>



<pre class="wp-block-code"><code class="">terraform init</code></pre>



<p class="wp-block-paragraph">The output should be like this:</p>



<pre class="wp-block-code"><code class="">$ terraform init<br><br>Initializing the backend...<br>Initializing modules...<br>Initializing provider plugins...<br>- Reusing previous version of hashicorp/null from the dependency lock file<br>- Reusing previous version of ovh/ovh from the dependency lock file<br>- Using previously-installed hashicorp/null v3.2.4<br>- Using previously-installed ovh/ovh v2.13.1<br><br>Terraform has been successfully initialized!<br><br>You may now begin working with Terraform. Try running "terraform plan" to see<br>any changes that are required for your infrastructure. All Terraform commands<br>should now work.<br><br>If you ever set or change modules or backend configuration for Terraform,<br>rerun this command to reinitialize your working directory. If you forget, other<br>commands will detect it and remind you to do so if necessary.</code></pre>



<p class="wp-block-paragraph">Apply it:</p>



<pre class="wp-block-code"><code class="">terraform apply</code></pre>



<p class="wp-block-paragraph">The output should be like this:</p>



<pre class="wp-block-code"><code class="">$ terraform apply<br><br>module.ovh_efs_trident.data.ovh_me.my_account: Reading...<br>module.ovh_efs_trident.data.ovh_cloud_project_kube.existing[0]: Reading...<br>module.ovh_efs_trident.data.ovh_cloud_project.existing[0]: Reading...<br>module.ovh_efs_trident.data.ovh_me.my_account: Read complete after 1s [id=xx12345-ovh]<br>module.ovh_efs_trident.data.ovh_cloud_project.existing[0]: Read complete after 0s<br>module.ovh_efs_trident.data.ovh_order_cart.cart: Reading...<br>module.ovh_efs_trident.data.ovh_order_cart.cart: Read complete after 0s [id=d582ab7c-1234-5678-9012-4a6e702ea4c5]<br>module.ovh_efs_trident.data.ovh_cloud_project_kube.existing[0]: Read complete after 5s [id=7c3e1e6e-1234-5678-9012-4fb5a5b145e7]<br><br>Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:<br>  + create<br><br>Terraform will perform the following actions:<br><br>  # module.ovh_efs_trident.null_resource.config_validation will be created<br>  + resource "null_resource" "config_validation" {<br>      + id = (known after apply)<br>    }<br><br>  # module.ovh_efs_trident.ovh_iam_policy.iam_policy will be created<br>  + resource "ovh_iam_policy" "iam_policy" {<br>      + allow       = [<br>          + "storageNetApp:apiovh:get",<br>          + "storageNetApp:apiovh:serviceInfos/get",<br>          + "storageNetApp:apiovh:share/accessPath/get",<br>          + "storageNetApp:apiovh:share/acl/create",<br>          + "storageNetApp:apiovh:share/acl/delete",<br>          + "storageNetApp:apiovh:share/acl/get",<br>          + "storageNetApp:apiovh:share/create",<br>          + "storageNetApp:apiovh:share/delete",<br>          + "storageNetApp:apiovh:share/edit",<br>          + "storageNetApp:apiovh:share/extend",<br>          + "storageNetApp:apiovh:share/get",<br>          + "storageNetApp:apiovh:share/revertToSnapshot",<br>          + "storageNetApp:apiovh:share/snapshot/create",<br>          + "storageNetApp:apiovh:share/snapshot/delete",<br>          + "storageNetApp:apiovh:share/snapshot/edit",<br>          + "storageNetApp:apiovh:share/snapshot/get",<br>        ]<br>      + created_at  = (known after apply)<br>      + description = "IAM policy for EFS Trident access"<br>      + id          = (known after apply)<br>      + identities  = (known after apply)<br>      + name        = "efs-trident-policy-example"<br>      + owner       = (known after apply)<br>      + read_only   = (known after apply)<br>      + resources   = (known after apply)<br>      + updated_at  = (known after apply)<br>    }<br><br>  # module.ovh_efs_trident.ovh_me_api_oauth2_client.api_oauth2_client will be created<br>  + resource "ovh_me_api_oauth2_client" "api_oauth2_client" {<br>      + client_id     = (known after apply)<br>      + client_secret = (sensitive value)<br>      + description   = "OAuth2 client for EFS Trident integration"<br>      + flow          = "CLIENT_CREDENTIALS"<br>      + id            = (known after apply)<br>      + identity      = (known after apply)<br>      + name          = "efs-trident-client-example"<br>    }<br><br>  # module.ovh_efs_trident.ovh_storage_efs.efs[0] will be created<br>  + resource "ovh_storage_efs" "efs" {<br>      + created_at        = (known after apply)<br>      + iam               = (known after apply)<br>      + id                = (known after apply)<br>      + name              = "my-efs-storage"<br>      + order             = (known after apply)<br>      + ovh_subsidiary    = "FR"<br>      + performance_level = (known after apply)<br>      + plan              = [<br>          + {<br>              + configuration = [<br>                  + {<br>                      + label = "region"<br>                      + value = "eu-west-rbx"<br>                    },<br>                  + {<br>                      + label = "network"<br>                      + value = "vrack"<br>                    },<br>                ]<br>              + duration      = "P1M"<br>              + plan_code     = "enterprise-file-storage-premium-1tb"<br>              + pricing_mode  = "default"<br>            },<br>        ]<br>      + product           = (known after apply)<br>      + quota             = (known after apply)<br>      + region            = (known after apply)<br>      + service_name      = (known after apply)<br>      + status            = (known after apply)<br>    }<br><br>  # module.ovh_efs_trident.ovh_vrack_vrackservices.vrack-vrackservices-binding[0] will be created<br>  + resource "ovh_vrack_vrackservices" "vrack-vrackservices-binding" {<br>      + id             = (known after apply)<br>      + service_name   = "pn-1234567"<br>      + vrack_services = (known after apply)<br>    }<br><br>  # module.ovh_efs_trident.ovh_vrackservices.vrackservices[0] will be created<br>  + resource "ovh_vrackservices" "vrackservices" {<br>      + checksum        = (known after apply)<br>      + created_at      = (known after apply)<br>      + current_state   = (known after apply)<br>      + current_tasks   = (known after apply)<br>      + iam             = (known after apply)<br>      + id              = (known after apply)<br>      + order           = (known after apply)<br>      + ovh_subsidiary  = "FR"<br>      + plan            = [<br>          + {<br>              + configuration = [<br>                  + {<br>                      + label = "region_name"<br>                      + value = "eu-west-rbx"<br>                    },<br>                ]<br>              + duration      = "P1M"<br>              + plan_code     = "vrack-services"<br>              + pricing_mode  = "default"<br>            },<br>        ]<br>      + resource_status = (known after apply)<br>      + target_spec     = {<br>          + subnets = [<br>              + {<br>                  + cidr              = "192.168.168.0/24"<br>                  + service_endpoints = [<br>                      + {<br>                          + managed_service_urn = (known after apply)<br>                        },<br>                    ]<br>                  + service_range     = {<br>                      + cidr = "192.168.168.248/29"<br>                    }<br>                  + vlan              = 666<br>                    # (1 unchanged attribute hidden)<br>                },<br>            ]<br>        }<br>      + updated_at      = (known after apply)<br>    }<br><br>Plan: 6 to add, 0 to change, 0 to destroy.<br><br>Changes to Outputs:<br>  + client_id     = (known after apply)<br>  + client_secret = (sensitive value)<br>  + efs_id        = (known after apply)<br><br>Do you want to perform these actions?<br>  Terraform will perform the actions described above.<br>  Only 'yes' will be accepted to approve.<br><br>  Enter a value: yes<br><br>module.ovh_efs_trident.null_resource.config_validation: Creating...<br>module.ovh_efs_trident.null_resource.config_validation: Creation complete after 0s [id=8553589333890826101]<br>module.ovh_efs_trident.ovh_me_api_oauth2_client.api_oauth2_client: Creating...<br>module.ovh_efs_trident.ovh_storage_efs.efs[0]: Creating...<br>module.ovh_efs_trident.ovh_me_api_oauth2_client.api_oauth2_client: Creation complete after 0s [id=EU.xxxxxxxxxxxxx]<br>module.ovh_efs_trident.ovh_storage_efs.efs[0]: Still creating... [00m10s elapsed]<br>module.ovh_efs_trident.ovh_storage_efs.efs[0]: Still creating... [00m20s elapsed]<br>module.ovh_efs_trident.ovh_storage_efs.efs[0]: Still creating... [00m30s elapsed]<br>...<br>module.ovh_efs_trident.ovh_storage_efs.efs[0]: Still creating... [03m40s elapsed]<br>module.ovh_efs_trident.ovh_storage_efs.efs[0]: Still creating... [03m50s elapsed]<br>module.ovh_efs_trident.ovh_storage_efs.efs[0]: Creation complete after 3m52s [id=c2d759de-cd63-4e28-aaab-a7599aad2ca8]<br>module.ovh_efs_trident.ovh_vrackservices.vrackservices[0]: Creating...<br>module.ovh_efs_trident.ovh_iam_policy.iam_policy: Creating...<br>module.ovh_efs_trident.ovh_iam_policy.iam_policy: Creation complete after 0s [id=a434d1a4-1234-5678-9012-cf54251eee52]<br>module.ovh_efs_trident.ovh_vrackservices.vrackservices[0]: Still creating... [00m10s elapsed]<br>module.ovh_efs_trident.ovh_vrackservices.vrackservices[0]: Still creating... [00m20s elapsed]<br>...<br>module.ovh_efs_trident.ovh_vrackservices.vrackservices[0]: Still creating... [01m20s elapsed]<br>module.ovh_efs_trident.ovh_vrackservices.vrackservices[0]: Creation complete after 1m30s [id=vrs-a00-b11-c22-d33]<br>module.ovh_efs_trident.ovh_vrack_vrackservices.vrack-vrackservices-binding[0]: Creating...<br>module.ovh_efs_trident.ovh_vrack_vrackservices.vrack-vrackservices-binding[0]: Still creating... [00m10s elapsed]<br>module.ovh_efs_trident.ovh_vrack_vrackservices.vrack-vrackservices-binding[0]: Still creating... [00m20s elapsed]<br>...<br>module.ovh_efs_trident.ovh_vrack_vrackservices.vrack-vrackservices-binding[0]: Still creating... [01m40s elapsed]<br>module.ovh_efs_trident.ovh_vrack_vrackservices.vrack-vrackservices-binding[0]: Creation complete after 1m43s [id=vrack_pn-1234567-vrackServices_vrs-a00-b11-c22-d33]<br><br>Apply complete! Resources: 6 added, 0 changed, 0 destroyed.<br><br>Outputs:<br><br>client_id = "EU.xxxxxxxxxxxxx"<br>client_secret = &lt;sensitive&gt;<br>efs_id = "c2d759de-cd63-4e28-aaab-a7599aad2ca8"</code></pre>



<p class="wp-block-paragraph">Save the OAuth2 credentials in environment variables:</p>



<pre class="wp-block-code"><code class="">export EFS_CLIENT_ID=$(terraform output -raw client_id)<br>export EFS_CLIENT_SECRET=$(terraform output -raw client_secret)</code></pre>



<h4 class="wp-block-heading">Trident CSI Installation</h4>



<p class="wp-block-paragraph">Install the Trident operator in your MKS cluster:</p>



<pre class="wp-block-code"><code class="">helm repo add netapp-trident https://netapp.github.io/trident-helm-chart<br><br>helm install trident-operator netapp-trident/trident-operator \<br>  --version 100.2502.1 \<br>  --create-namespace \<br>  --namespace trident \<br>  --set tridentSilenceAutosupport=true \<br>  --set operatorImage="ovhcom/trident-operator:25.02.1-linux-amd64" \<br>  --set tridentImage="ovhcom/trident:25.02.1-linux-amd64"</code></pre>



<p class="wp-block-paragraph">You should have a result like this:</p>



<pre class="wp-block-code"><code class="">$ helm install trident-operator netapp-trident/trident-operator \<br>  --version 100.2502.1 \<br>  --create-namespace \<br>  --namespace trident \<br>  --set tridentSilenceAutosupport=true \<br>  --set operatorImage="ovhcom/trident-operator:25.02.1-linux-amd64" \<br>  --set tridentImage="ovhcom/trident:25.02.1-linux-amd64"<br><br>NAME: trident-operator<br>LAST DEPLOYED: Tue Apr 28 14:01:19 2026<br>NAMESPACE: trident<br>STATUS: deployed<br>REVISION: 1<br>TEST SUITE: None<br>NOTES:<br>Thank you for installing trident-operator, which will deploy and manage NetApp's Trident CSI<br>storage provisioner for Kubernetes.<br><br>Your release is named 'trident-operator' and is installed into the 'trident' namespace.<br>Please note that there must be only one instance of Trident (and trident-operator) in a Kubernetes cluster.<br><br>To configure Trident to manage storage resources, you will need a copy of tridentctl, which is<br>available in pre-packaged Trident releases.  You may find all Trident releases and source code<br>online at https://github.com/NetApp/trident.<br><br>To learn more about the release, try:<br><br>  $ helm status trident-operator<br>  $ helm get all trident-operator</code></pre>



<p class="wp-block-paragraph">Once the installation is complete, verify that all Trident <strong>pods</strong> are in <code><strong>Running</strong></code> state in the trident <strong>namespace</strong> before proceeding:</p>



<pre class="wp-block-code"><code class="">$ kubectl get pods -n trident<br><br>NAME                                  READY   STATUS    RESTARTS      AGE<br>trident-controller-5bf6c8d6f6-g95jq   6/6     Running   0             119s<br>trident-node-linux-4xtjr              2/2     Running   1 (82s ago)   119s<br>trident-node-linux-6w5ff              2/2     Running   1 (82s ago)   119s<br>trident-node-linux-r7hxp              2/2     Running   0             119s<br>trident-operator-859f59c58b-2z2ts     1/1     Running   0             2m31s</code></pre>



<h4 class="wp-block-heading">Trident Backend Creation</h4>



<p class="wp-block-paragraph">The Trident backend connects NetApp Trident to the OVHcloud EFS service using the IAM credentials previously created.</p>



<h5 class="wp-block-heading" id="1-secret-creation">1. Secret Creation</h5>



<p class="wp-block-paragraph">Create a Kubernetes <strong>Secret</strong> containing the connection information that allows Trident to access the OVHcloud API. Create a <strong>trident-secret.yaml.template</strong> file with the following content:</p>



<pre class="wp-block-code"><code class="">apiVersion: v1<br>kind: Secret<br>metadata:<br>  name: ovh-efs-secret<br>type: Opaque<br>stringData:<br>  clientID: "$EFS_CLIENT_ID"         # your clientId<br>  clientSecret: "$EFS_CLIENT_SECRET" # your clientSecret</code></pre>



<p class="wp-block-paragraph">Replace the <code>clientID</code> and <code>clientSecret</code> values by the OAuth2 client we created with Terraform:</p>



<pre class="wp-block-code"><code class="">envsubst &lt; trident-secret.yaml.template &gt; trident-secret.yaml</code></pre>



<p class="wp-block-paragraph">Apply the secret in your cluster:</p>



<pre class="wp-block-code"><code class="">kubectl apply -f trident-secret.yaml -n trident</code></pre>



<p class="wp-block-paragraph">Check that the secret has been correctly created:</p>



<pre class="wp-block-code"><code class="">$ kubectl get secret ovh-efs-secret -n trident<br><br>NAME             TYPE     DATA   AGE<br>ovh-efs-secret   Opaque   2      3s</code></pre>



<h5 class="wp-block-heading" id="2-trident-backend-creation">2. Trident Backend Creation</h5>



<p class="wp-block-paragraph">Create your backend with the command below:</p>



<pre class="wp-block-code"><code class="">cat &lt;&lt;EOF | kubectl create -n trident -f -<br>apiVersion: trident.netapp.io/v1<br>kind: TridentBackendConfig<br>metadata:<br>  name: ovh-efs-rbx<br>spec:<br>  version: 1<br>  backendName: backend-ovh-efs<br>  defaults:<br>    exportRule: "192.168.168.0/24"    # CIDR of your network for NFS ACLs<br>  storageDriverName: ovh-efs<br>  clientLocation: ovh-eu<br>  location: eu-west-rbx         # Location of your EFS service<br>  serviceLevel: premium<br>  nfsMountOptions: rw,hard,rsize=65536,wsize=65536,nfsvers=3,tcp<br>  credentials:<br>    name: ovh-efs-secret<br>  volumeCreateTimeout: "60" <br>EOF</code></pre>



<p class="wp-block-paragraph">⚠️ The <code>ovh-efs</code> storage driver must be used. Replace <code><strong>exportRule</strong></code>, <code><strong>location</strong></code>, and other parameters with values matching your environment.</p>



<p class="wp-block-paragraph">Verify that the backend has been created correctly with the command below:</p>



<pre class="wp-block-code"><code class="">$ kubectl get TridentBackendConfig -n trident<br><br>NAME          BACKEND NAME      BACKEND UUID                           PHASE   STATUS<br>ovh-efs-rbx   backend-ovh-efs   ace12d67-70ea-44e1-abd8-20d016f7f030   Bound   Success</code></pre>



<h4 class="wp-block-heading" id="storageclass-and-usage">Use EFS in your MKS cluster</h4>



<p class="wp-block-paragraph">This section describes how to expose Enterprise File Storage to Kubernetes workloads using Trident.</p>



<h5 class="wp-block-heading" id="1-storageclass">1. StorageClass</h5>



<p class="wp-block-paragraph">In a <strong>sc_efs.yaml</strong> file, define a <code>StorageClass</code> to enable dynamic provisioning via the Trident CSI driver:</p>



<pre class="wp-block-code"><code class="">apiVersion: storage.k8s.io/v1<br>kind: StorageClass<br>metadata:<br>  name: ovh-efs-premium<br>provisioner: csi.trident.netapp.io<br>parameters:<br>  backendType: "ovh-efs"<br>  fsType: "nfs"<br>allowVolumeExpansion: true</code></pre>



<p class="wp-block-paragraph">Apply the StorageClass:</p>



<pre class="wp-block-code"><code class="">kubectl apply -f sc_efs.yaml</code></pre>



<p class="wp-block-paragraph">Check that the StorageClass has been created:</p>



<pre class="wp-block-code"><code class="">$ kubectl get sc ovh-efs-premium<br><br>NAME              PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE<br>ovh-efs-premium   csi.trident.netapp.io   Delete          Immediate           true                   3h13m</code></pre>



<p class="wp-block-paragraph">This <strong>StorageClass</strong> allows volumes to be provisioned on demand and expanded dynamically.</p>



<h4 class="wp-block-heading" id="2-volume-creation-pvc">2. Volume Creation (PVC)</h4>



<p class="wp-block-paragraph">Create a <code>PersistentVolumeClaim</code> with <code>ReadWriteMany</code> (RWX) access mode. Create a <strong>pvc_efs.yaml</strong> file with this content:</p>



<pre class="wp-block-code"><code class="">apiVersion: v1<br>kind: PersistentVolumeClaim<br>metadata:<br>  name: premium-pvc-efs<br>spec:<br>  accessModes:<br>    - ReadWriteMany<br>  resources:<br>    requests:<br>      storage: 100Gi<br>  storageClassName: ovh-efs-premium</code></pre>



<p class="wp-block-paragraph">Apply it:</p>



<pre class="wp-block-code"><code class="">kubectl apply -f pvc_efs.yaml</code></pre>



<p class="wp-block-paragraph">Verify that the <code><strong>PVC</strong></code> has been created with the command below:</p>



<pre class="wp-block-code"><code class="">kubectl get pvc premium-pvc-efs</code></pre>



<p class="wp-block-paragraph">At this point, the <strong>EFS</strong> is creating a volume, attach the correct ACL to it and mount it in the PVC</p>



<p class="wp-block-paragraph">After a little time, the output should show the PVC in <code>Bound</code> state:</p>



<pre class="wp-block-code"><code class="">$ kubectl get pvc<br><br>NAME              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS      VOLUMEATTRIBUTESCLASS   AGE<br>premium-pvc-efs   Bound    pvc-faca364d-ad76-44ec-9bc9-959c0d33c515   100Gi      RWX            ovh-efs-premium   &lt;unset&gt;                 3m43s</code></pre>



<p class="wp-block-paragraph">The volume has been created through the <strong>PVC</strong> and you can now mount it in a <strong>Pod</strong> 🎉.</p>



<h3 class="wp-block-heading">Conclusion</h3>



<p class="wp-block-paragraph">In this blog, we’ve explained how to create an EFS and use it in a MKS cluster through Trident CSI. This will give you a flexible, production-ready approach to persistent shared storage in Kubernetes.</p>



<p class="wp-block-paragraph">We recommend you also take a look at our <a href="https://github.com/orgs/ovh/projects/16" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">Cloud Roadmap &amp; Changelog</a> for an overview of all the coming features for OVHcloud Public Cloud products.</p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fnavigating-ovhcloud-enterprise-file-storage-efs-with-trident-csi-on-kubernetes-clusters-mks%2F&amp;action_name=Navigating%20OVHcloud%20Enterprise%20File%20Storage%20%28EFS%29%20with%20Trident%20CSI%20On%20Kubernetes%20clusters%20%28MKS%29&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Copy.Fail (CVE-2026-31431): How to Rapidly Protect OVHcloud MKS Clusters from the Linux Kernel Zero-Day</title>
		<link>https://blog.ovhcloud.com/copy-fail-cve-2026-31431-how-to-rapidly-protect-ovhcloud-mks-clusters-from-the-linux-kernel-zero-day/</link>
		
		<dc:creator><![CDATA[Aurélie Vache]]></dc:creator>
		<pubDate>Thu, 30 Apr 2026 13:42:17 +0000</pubDate>
				<category><![CDATA[OVHcloud Engineering]]></category>
		<category><![CDATA[Tranches de Tech & Co — Tech bites]]></category>
		<category><![CDATA[OVHcloud]]></category>
		<category><![CDATA[Security]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=31485</guid>

					<description><![CDATA[A newly disclosed Linux kernel zero-day, CVE-2026-31431, &#8220;Copy.Fail&#8221;, is one of the most serious privilege-escalation vulnerabilities in recent years. Discovered [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fcopy-fail-cve-2026-31431-how-to-rapidly-protect-ovhcloud-mks-clusters-from-the-linux-kernel-zero-day%2F&amp;action_name=Copy.Fail%20%28CVE-2026-31431%29%3A%20How%20to%20Rapidly%20Protect%20OVHcloud%20MKS%20Clusters%20from%20the%20Linux%20Kernel%20Zero-Day&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="683" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/ChatGPT-Image-30-avr.-2026-15_38_36-1024x683.png" alt="" class="wp-image-31492" style="aspect-ratio:1.4992503748125936;width:406px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/ChatGPT-Image-30-avr.-2026-15_38_36-1024x683.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/ChatGPT-Image-30-avr.-2026-15_38_36-300x200.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/ChatGPT-Image-30-avr.-2026-15_38_36-768x512.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/ChatGPT-Image-30-avr.-2026-15_38_36.png 1536w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">A newly disclosed Linux kernel zero-day, <a href="https://app.opencve.io/cve/CVE-2026-31431" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">CVE-2026-31431</a>, &#8220;<strong>Copy.Fail&#8221;,</strong> is one of the most serious privilege-escalation vulnerabilities in recent years.</p>



<p class="wp-block-paragraph">Discovered by Theori and publicly disclosed on April 29, 2026, <a href="https://copy.fail/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Copy.Fail</a> is a Linux kernel zero-day that roots every distribution since 2017. Unlike many local privilege-escalation flaws that depend on race conditions, kernel address leaks, or distribution-specific behavior, Copy.Fail is alarmingly reliable: it works consistently across mainstream Linux distributions with only a standard user account.</p>



<h3 class="wp-block-heading">Why the CVE-2026-31431 is dangerous?</h3>



<p class="wp-block-paragraph">Copy.Fail abuses a logic flaw in the Linux kernel’s<strong> <code>algif_aead</code></strong> crypto module, introduced through a 2017 optimization. By manipulating the kernel’s AF_ALG crypto interface, an attacker can write controlled data into the Linux page cache (the in-memory representation of trusted system binaries).</p>



<p class="wp-block-paragraph">This allows attackers to temporarily hijack binaries like <code>/usr/bin/su</code> <strong>without modifying the file on disk</strong>.</p>



<p class="wp-block-paragraph">In practical terms:</p>



<ul class="wp-block-list">
<li>A normal user can become root</li>



<li>A compromised container can escape to the host</li>



<li>A malicious CI job can root its runner</li>



<li>Shared infrastructure becomes vulnerable across tenants</li>



<li>Disk forensics may show no file tampering because only RAM is altered</li>
</ul>



<p class="wp-block-paragraph">This makes Copy.Fail especially dangerous for:</p>



<ul class="wp-block-list">
<li>Kubernetes clusters</li>



<li>CI/CD systems</li>



<li>Shared development environments</li>



<li>Cloud notebook platforms</li>



<li>Multi-tenant container infrastructure</li>
</ul>



<h3 class="wp-block-heading">How to patch it easily in your MKS clusters?</h3>



<p class="wp-block-paragraph">OVHcloud is preparing patched MKS versions including the upstream kernel fix. Patched versions are expected to be available <strong>30 April 2026</strong>, at <strong>16:00 UTC+2</strong>.</p>



<p class="wp-block-paragraph">While waiting for the next MKS release, here is a <strong>DaemonSet</strong> manifest that you can apply in your MKS clusters in order to mitigate the vulnerability.</p>



<p class="wp-block-paragraph">Create a <strong>patch-copy-fail-cve </strong>file with the following content:</p>



<pre class="wp-block-code"><code class="">apiVersion: apps/v1<br>kind: DaemonSet<br>metadata:<br>  name: patch-copy-fail-cve<br>  labels:<br>    app: patch-copy-fail-cve<br>  namespace: default<br>spec:<br>  selector:<br>    matchLabels:<br>      app: patch-copy-fail-cve<br>  updateStrategy:<br>    type: RollingUpdate<br>    rollingUpdate:<br>      maxSurge: 0<br>      maxUnavailable: 100%<br>  template:<br>    metadata:<br>      labels:<br>        app: patch-copy-fail-cve<br>    spec:<br>      hostPID: true<br>      priorityClassName: system-node-critical<br>      volumes:<br>        - name: root-mount<br>          hostPath:<br>            path: /<br>            type: Directory<br>      initContainers:<br>        - image: mks.kubernatine.ovh/docker.io/library/busybox:1.36.1<br>          name: patch-copy-fail-cve<br>          command: ["/bin/bash", "-c"]<br>          args:<br>            - |<br>              tee /etc/modprobe.d/disable-algif-aead.conf &lt;&lt;&lt;'install algif_aead /bin/false'<br>              rmmod algif_aead 2&gt;/dev/null<br>              update-initramfs -u<br>          securityContext:<br>            privileged: true<br>            runAsUser: 0<br>          volumeMounts:<br>            - name: root-mount<br>              mountPath: /<br>      containers:<br>        - image: "mks.kubernatine.ovh/registry.k8s.io/pause:3.10.1"<br>          name: pause     </code></pre>



<p class="wp-block-paragraph">Apply it:</p>



<pre class="wp-block-code"><code class="">kubectl apply -f patch-copy-fail-cve.yaml</code></pre>



<p class="wp-block-paragraph">⚠️ This mitigation has been tested on OVHcloud internal test clusters. Applying it to your own service remains under your responsibility.</p>



<p class="wp-block-paragraph">If the vulnerability has already been exploited on your cluster, this mitigation will not remediate any pre-existing compromise.<br>The recommended remediation remains the official security release, which will be made available as soon as possible.</p>



<p class="wp-block-paragraph">Read more about the mitigation: <a href="https://github.com/rootsecdev/cve_2026_31431#mitigation" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">https://github.com/rootsecdev/cve_2026_31431#mitigation</a></p>



<p class="wp-block-paragraph"></p>



<p class="wp-block-paragraph"></p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fcopy-fail-cve-2026-31431-how-to-rapidly-protect-ovhcloud-mks-clusters-from-the-linux-kernel-zero-day%2F&amp;action_name=Copy.Fail%20%28CVE-2026-31431%29%3A%20How%20to%20Rapidly%20Protect%20OVHcloud%20MKS%20Clusters%20from%20the%20Linux%20Kernel%20Zero-Day&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>KubeCon + CloudNativeCon Europe 2026 in Amsterdam: feedback and highlights</title>
		<link>https://blog.ovhcloud.com/kubecon-cloudnativecon-europe-2026-in-amsterdam-feedback-and-highlights/</link>
		
		<dc:creator><![CDATA[Aurélie Vache&#160;and&#160;Rémy Vandepoel]]></dc:creator>
		<pubDate>Wed, 29 Apr 2026 07:00:31 +0000</pubDate>
				<category><![CDATA[OVHcloud Engineering]]></category>
		<category><![CDATA[Tranches de Tech & Co — Tech bites]]></category>
		<category><![CDATA[Kubecon]]></category>
		<category><![CDATA[OVHcloud]]></category>
		<category><![CDATA[OVHcloud Events]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=31275</guid>

					<description><![CDATA[From March 23 to 26, 2026, the KubeCon + CloudNativeCon Europe took place in Amsterdam. Aurélie Vache and Rémy Vandepoel [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fkubecon-cloudnativecon-europe-2026-in-amsterdam-feedback-and-highlights%2F&amp;action_name=KubeCon%20%2B%20CloudNativeCon%20Europe%202026%20in%20Amsterdam%3A%20feedback%20and%20highlights&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">From March 23 to 26, 2026, the <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">KubeCon + CloudNativeCon Europe</a> took place in Amsterdam.</p>



<p class="wp-block-paragraph">Aurélie Vache and Rémy Vandepoel attended alongside 26 other OVHcloud employees. In this blog, they share their thoughts about this second KubeCon set in the land of tulips.</p>



<div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex">
<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQP8AIX0AAEr98-1-1024x768.jpg" alt="" class="wp-image-31279" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQP8AIX0AAEr98-1-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQP8AIX0AAEr98-1-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQP8AIX0AAEr98-1-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQP8AIX0AAEr98-1-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQP8AIX0AAEr98-1-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>



<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="799" height="533" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/55176825056_8ec98f339b_c.jpg" alt="" class="wp-image-31280" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/55176825056_8ec98f339b_c.jpg 799w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/55176825056_8ec98f339b_c-300x200.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/55176825056_8ec98f339b_c-768x512.jpg 768w" sizes="auto, (max-width: 799px) 100vw, 799px" /></figure>
</div>
</div>



<h3 id="REXKubeCon2026Amsterdam-Context" class="wp-block-heading">KubeCon Europe 2026: the maturity milestone</h3>



<p class="wp-block-paragraph">Back from Amsterdam, the buzz of the RAI halls still echoes in our ears. This 2026 edition of KubeCon + CloudNativeCon Europe wasn’t just another Kubernetes conference. It marked a turning point for this event: the point of maturity. And this is evident just by looking at the numbers: 13,500 attendees for this edition! The largest attendance ever recorded!</p>



<p class="wp-block-paragraph">While previous years were about exploration and expansion, 2026 was the year of massive industrialization, with one non-negotiable pre-requirement: digital sovereignty.</p>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="799" height="533" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/55169871701_c147fd0dda_c.jpg" alt="" class="wp-image-31282" style="aspect-ratio:1.4990505586153107;width:678px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/55169871701_c147fd0dda_c.jpg 799w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/55169871701_c147fd0dda_c-300x200.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/55169871701_c147fd0dda_c-768x512.jpg 768w" sizes="auto, (max-width: 799px) 100vw, 799px" /></figure>



<p class="wp-block-paragraph">Key figures from the 2026 edition:</p>



<ul class="wp-block-list">
<li>13,500+ attendees (46% first-time attendees)</li>



<li>100 countries represented</li>



<li>3,474 unique organizations/companies</li>



<li>891 sessions</li>



<li>230 projects in the CNCF landscape with 19.9 million contributors</li>
</ul>



<p class="wp-block-paragraph"><strong>CNCF Contributors by Geography (Last 12 Months)</strong></p>



<ul class="wp-block-list">
<li>Europe: <strong>38.8%</strong> of contributions (ahead of the United States)</li>



<li>United States: 36.29%</li>



<li>Germany: 9.82% (leading in Europe)</li>



<li>France: 4.68%</li>



<li>Switzerland: 2.49%</li>



<li>Strong signals for digital sovereignty, a key theme of this year’s keynotes 💪</li>
</ul>



<h3 class="wp-block-heading">Colocated events</h3>



<p class="wp-block-paragraph">KubeCon + CloudNativeCon Europe 2026 traditionally kicks off with a full day dedicated to co-located events. This year was no exception, with an impressive lineup of 16 events, including well-known favorites such as ArgoCon, BackstageCon, CiliumCon, Platform Engineering Day, Kubernetes on Edge Day, and Observability Day.</p>



<p class="wp-block-paragraph">Among the newcomer events, <strong>Open Sovereign Cloud Day</strong> was a stand out, as it highlighted the growing importance of cloud sovereignty in Europe.</p>



<p class="wp-block-paragraph">During CiliumCon, we were proud to see the spotlight on our MKS Standard offer 🚀.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260323-WA00291-1024x768.jpg" alt="" class="wp-image-31283" style="width:566px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260323-WA00291-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260323-WA00291-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260323-WA00291-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260323-WA00291-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260323-WA00291.jpg 1600w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<h3 class="wp-block-heading">OVHcloud Presence</h3>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="585" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/signal-2026-03-24-10-23-27-765-1024x585.jpg" alt="" class="wp-image-31276" style="aspect-ratio:1.7504278491247434;width:618px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/signal-2026-03-24-10-23-27-765-1024x585.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/signal-2026-03-24-10-23-27-765-300x171.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/signal-2026-03-24-10-23-27-765-768x439.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/signal-2026-03-24-10-23-27-765-1536x877.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/signal-2026-03-24-10-23-27-765.jpg 1600w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">OVHcloud had a strong presence at the event, with two different booths serving two different purposes.</p>



<p class="wp-block-paragraph">One was located in the <em>Activation Zone</em>, designed as an interactive space to engage with attendees through a video game &#8220;Gaming Camp: Beat Cloud Villains!&#8221;<em>, </em>described as<em> &#8220;Join the fight against the villains of the cloud. Take on Hidden Cost, Jailor Stack, and Autonomous Zero, and prove yourself as a true Guardian of the Cloud.&#8221;</em></p>



<p class="wp-block-paragraph">Players were welcomed to step into a two-player fighting game inspired by the style of <em>Street Fighter</em>, where strategy and skill are your best weapons. Winners won exclusive t-shirts.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_125635211.MP2_-1024x768.jpg" alt="" class="wp-image-31285" style="width:520px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_125635211.MP2_-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_125635211.MP2_-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_125635211.MP2_-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_125635211.MP2_-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_125635211.MP2_-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">The second booth had a more corporate focus, highlighting OVHcloud’s broader portfolio, strategic positioning, and enterprise offerings. It provided a space for deeper conversations around demos, use cases, and cloud strategies.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_134841194.MP2_-1024x768.jpg" alt="" class="wp-image-31286" style="width:599px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_134841194.MP2_-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_134841194.MP2_-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_134841194.MP2_-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_134841194.MP2_-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_134841194.MP2_-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">The opportunity was too good to pass up, so we took the chance to interview key players in the ecosystem, as well as customers of our solutions.</p>



<p class="wp-block-paragraph">We conducted five interviews and had many discussions, and we can’t wait to share them with you soon!</p>



<p class="wp-block-paragraph">Here’s a sneak peek featuring <strong>Sudeep Goswami</strong>, CEO of <strong>Traefik Labs</strong>:</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="683" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/KubeConOVH_127-1024x683.jpg" alt="" class="wp-image-31287" style="aspect-ratio:1.4992503748125936;width:450px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/KubeConOVH_127-1024x683.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/KubeConOVH_127-300x200.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/KubeConOVH_127-768x512.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/KubeConOVH_127-1536x1024.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/KubeConOVH_127-2048x1365.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">These interviews will soon be available on YouTube, so stay tuned!</p>



<h3 class="wp-block-heading">Aurélie Vache&#8217;s talk</h3>



<p class="wp-block-paragraph">Getting accepted to KubeCon is not easy, and Aurélie, our Developer Advocate and CNCF Ambassador, rose to the challenge by once again presenting a new talk.</p>



<p class="wp-block-paragraph"><em>“The Ultimate Kubernetes Challenge: An Interactive Trivia Game”:</em></p>



<p class="wp-block-paragraph">&#8220;<em>Kubernetes has become the de facto standard for deploying and operating containerized applications. We use it, as well as its ecosystem, on a daily basis, but do we know them as well as we think we do?</em></p>



<p class="wp-block-paragraph"><em>With a mix of quiz and live demos, come learn and/or improve your knowledge. You will discover (or rediscover) the key concepts of Kubernetes (pods, secrets, services…), internal components but also best practices.</em></p>



<p class="wp-block-paragraph"><em>In this fun and dynamic talk, come compete throughout the quiz and explore the wonderful world of Kubernetes.</em></p>



<p class="wp-block-paragraph"><em>Icing on the cake: the first will win some swags.</em>&#8220;</p>



<div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex">
<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA0051-1024x768.jpg" alt="" class="wp-image-31292" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA0051-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA0051-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA0051-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA0051-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA0051.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>



<div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow">
<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA00521-1024x768.jpg" alt="" class="wp-image-31293" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA00521-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA00521-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA00521-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA00521-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/IMG-20260325-WA00521.jpg 1600w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>
</div>
</div>



<p class="wp-block-paragraph">During this talk, attendees tested their Kubernetes knowledge through an interactive quiz, with results presented via illustrated slides and live, hands-on demos.</p>



<p class="wp-block-paragraph">Giving a talk at 5 p.m., during the final session of the second day, was an ambitious way to finish up. But thanks to the interactive format of her talk, attendees were able to enjoy testing their knowledge while discovering tips about Kubernetes and its concepts and features.</p>



<p class="wp-block-paragraph">Three OVHcloud MKS clusters were created especially for the occasion, one with 3 nodes, one with zero nodes, and one with 3 nodes across 3 Availability Zones:</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="580" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-2026-4-15_8-20-59-1024x580.png" alt="" class="wp-image-31294" style="aspect-ratio:1.765536773898217;width:486px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-2026-4-15_8-20-59-1024x580.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-2026-4-15_8-20-59-300x170.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-2026-4-15_8-20-59-768x435.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-2026-4-15_8-20-59-1536x869.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-2026-4-15_8-20-59.png 1862w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Watch the talk here:</p>



<figure class="wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<span class="videowrapper embed-youtube-nocookie aspect_ratio_563"><iframe loading="lazy" title="The Ultimate Kubernetes Challenge: An Interactive Trivia Game - Aurélie Vache, OVHcloud" width="1200" height="675" src="https://www.youtube-nocookie.com/embed/7LeveaxQtGs?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe></span> <!-- /.videowrapper -->
</div></figure>



<h3 class="wp-block-heading">Keynotes: Toward “Agent-Based” and Autonomous AI</h3>



<p class="wp-block-paragraph">Plenary sessions at the event were dominated by a convergence of Kubernetes and Artificial Intelligence. This term, already ubiquitous in tech news, was bound to be a major focus here. Jonathan Bryce, the Executive Director of Cloud &amp; Infrastructure at the Linux Foundation and an iconic figure in the ecosystem, made a strong point by reminding the audience that while Kubernetes is everywhere (82% adoption rate), AI in production remains a major challenge.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_081828458.MP_-1024x768.jpg" alt="" class="wp-image-31295" style="width:407px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_081828458.MP_-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_081828458.MP_-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_081828458.MP_-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_081828458.MP_-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_081828458.MP_-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">In November, during the latest KubeCon + CoudNativeCon NA at Atlanta, the CNCF launched the &#8220;<a href="https://www.cncf.io/announcements/2025/11/11/cncf-launches-certified-kubernetes-ai-conformance-program-to-standardize-ai-workloads-on-kubernetes/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Certified Kubernetes AI Conformance Program to Standardize AI Workloads on Kubernetes</a>&#8220;.&nbsp; 5 months later, several companies including the OVHcloud Managed Kubernetes Services (MKS) platform, succeeded this new program with their own certified Kubernetes AI platform.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_083621436.MP_-1024x768.jpg" alt="" class="wp-image-31296" style="width:431px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_083621436.MP_-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_083621436.MP_-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_083621436.MP_-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_083621436.MP_-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260324_083621436.MP_-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">During the keynotes we even saw a real plane!</p>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="800" height="534" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/55166324614_dd452b5f68_c.jpg" alt="" class="wp-image-31297" style="aspect-ratio:1.4981024097101614;width:455px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/55166324614_dd452b5f68_c.jpg 800w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/55166324614_dd452b5f68_c-300x200.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/55166324614_dd452b5f68_c-768x513.jpg 768w" sizes="auto, (max-width: 800px) 100vw, 800px" /></figure>



<p class="wp-block-paragraph">And to top it off, seeing Michelin present the Top End User Award to SNCF was a real highlight for us. <em>Cocoricoooo!</em> 🇫🇷</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="682" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQyuKaWQAAn_3z-1024x682.jpg" alt="" class="wp-image-31298" style="aspect-ratio:1.501451415253588;width:514px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQyuKaWQAAn_3z-1024x682.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQyuKaWQAAn_3z-300x200.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQyuKaWQAAn_3z-768x512.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQyuKaWQAAn_3z-1536x1024.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/HEQyuKaWQAAn_3z.jpg 2000w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<h3 id="REXKubeCon2026Amsterdam-KeyTrends" class="wp-block-heading">Key Trends</h3>



<p class="wp-block-paragraph">Find below the most frequently discussed technical pillars that will remain prominent in the coming months and years:</p>



<p class="wp-block-paragraph">* <strong>Agent-based AI:</strong> The focus is shifting from training to inference. The announcement of Dapr Agents 1.0 shows that Kubernetes will now orchestrate agents capable of making real-time decisions on the infrastructure.</p>



<p class="wp-block-paragraph">* <strong>GPU Standardization (DRA)</strong>: Thanks to NVIDIA’s widespread adoption of Dynamic Resource Allocation (DRA) drivers, GPU scheduling is becoming as simple and granular as CPU scheduling. A boon for cost optimization.</p>



<p class="wp-block-paragraph">* <strong>Sovereignty</strong>: Sovereignty is no longer a legal concept; it is an architecture. We have seen a rise in encryption tools for data in transit and at rest (Confidential Computing) natively integrated into CNIs such as Cilium.</p>



<p class="wp-block-paragraph">* <strong>FinOps 2.0</strong>: With 67% of AI compute dedicated to inference by the end of 2026, precise monitoring of GPU consumption via projects like Kepler has become essential for the economic viability of projects.</p>



<h3 id="REXKubeCon2026Amsterdam-TheGatewayAPIisbecomingthestandard" class="wp-block-heading">The Gateway API is becoming the standard</h3>



<p class="wp-block-paragraph">As we announced in our blog post <em>“<a href="https://blog.ovhcloud.com/moving-beyond-ingress-why-should-ovhcloud-managed-kubernetes-service-mks-users-start-looking-at-the-gateway-api/" data-wpel-link="internal">Moving Beyond Ingress: Why should OVHcloud Managed Kubernetes Service (MKS) users start looking at the Gateway API?</a>”</em>, the ingress-nginx controller, the most widely used ingress controller, has now been archived.</p>



<p class="wp-block-paragraph">Now, after 8 years of development, 275 released versions, and nearly 20k GitHub stars, the maintainers of the Kubernetes Gateway API introduced<a href="https://kubernetes.io/blog/2026/03/20/ingress2gateway-1-0-release/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"> <strong>ingress2gateway v1.0</strong></a>, a tool designed to simplify migration. It automatically converts Ingress resources including annotations into Gateway API resources. The recommended approach remains pragmatic: first migrate the controller while keeping existing Ingress objects, then gradually transition to the Gateway API. Attempting a full migration in a single step is considered risky and unnecessary.</p>



<p class="wp-block-paragraph">Additionally, <a href="https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.5.0" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Gateway API version 1.5</a> represents a major milestone: five features have moved from experimental status to the Standard channel in a single release.</p>



<p class="wp-block-paragraph">Amongst them:</p>



<ul class="wp-block-list">
<li><strong>ListenerSet</strong>: delegates TLS listener management outside of the Gateway&nbsp;</li>



<li><strong>TLSRoute</strong>: SNI-based routing in either termination or passthrough mode</li>



<li>Client certificate validation for mTLS at the ingress layer</li>



<li>Native CORS filter for HTTPRoute</li>
</ul>



<p class="wp-block-paragraph">The Kubernetes Gateway API is now establishing itself as much more than just a successor to Ingress: it is evolving into Kubernetes’ unified network control plane.</p>



<h2 class="wp-block-heading">Favorite talk</h2>



<p class="wp-block-paragraph">As usual, Aurélie wasn’t able to attend many talks, but among the 2-3 she did see, there was one that really had a &#8220;wow&#8221; effect on her:</p>



<p class="wp-block-paragraph">« <a href="https://kccnceu2026.sched.com/event/2CW5p/an-immersive-and-visual-journey-into-kubernetes-networking-benoit-entzmann-feesh" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">An immersive and visual journey into kubernetes networking</a> ».</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100115641-1024x768.jpg" alt="" class="wp-image-31300" style="width:405px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100115641-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100115641-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100115641-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100115641-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100115641-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="768" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100805212-1024x768.jpg" alt="" class="wp-image-31301" style="width:407px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100805212-1024x768.jpg 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100805212-300x225.jpg 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100805212-768x576.jpg 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100805212-1536x1152.jpg 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/PXL_20260326_100805212-2048x1536.jpg 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph"><strong>Benoit</strong>, a DevSecOps engineer at Feesh in Switzerland with extensive expertise in Kubernetes networking, created a video game using Godot with four levels: “pod-to-pod basics”, “pod-to-pod advanced”, “service mesh sidecar”, and “service mesh with ambient mode”.</p>



<p class="wp-block-paragraph">Across these four levels, he explains Kubernetes networking in a vanilla setup, then with Cilium and Istio, all from the perspective of a TCP packet, represented as a fish.</p>



<p class="wp-block-paragraph">Networking and I don’t exactly get along, and I’ll admit I’ve always struggled with it. Even now, although I’ve had no choice but to work with Kubernetes and service mesh, I still find it challenging. But seeing the fish swim from frontend to backend, enter a building underwater (the node), interact with an eBPF program… it really makes things more visual and intuitive.</p>



<p class="wp-block-paragraph">On Thursday morning, after the keynote, the room with 2000 seats was packed!</p>



<p class="wp-block-paragraph">Explaining networking by building a 3D game from scratch specifically for the occasion: hats off to you!</p>



<p class="wp-block-paragraph">Benoit had an issue on stage, because he had built the game in 4K and it didn’t display properly on the projection screen. Luckily, about 30 seconds before showtime, the production team and he managed to fix it. He went on stage without showing any of that stress 💪.</p>



<p class="wp-block-paragraph">Replay:</p>



<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<span class="videowrapper embed-youtube-nocookie aspect_ratio_563"><iframe loading="lazy" title="An Immersive and Visual Journey Into Kubernetes Networking - Benoit Entzmann, Feesh" width="1200" height="675" src="https://www.youtube-nocookie.com/embed/Xtjpdy8OmQQ?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe></span> <!-- /.videowrapper -->
</div></figure>



<h3 id="REXKubeCon2026Amsterdam-KubeConin45seconds" class="wp-block-heading">KubeCon in 45 seconds</h3>



<p class="wp-block-paragraph">To keep memories of these 3-4 amazing days, we created a &#8220;KubeCon Europe 2026 in 45 seconds movie:</p>



<figure class="wp-block-embed aligncenter is-type-rich is-provider-x wp-block-embed-x"><div class="wp-block-embed__wrapper">
<blockquote class="twitter-tweet" data-width="550" data-dnt="true"><p lang="en" dir="ltr"><a href="https://twitter.com/hashtag/KubeCon?src=hash&amp;ref_src=twsrc%5Etfw" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">#KubeCon</a> 2026 in 45 seconds 🎥⏱️<br><br>The energy. Conversations. The community.<a href="https://twitter.com/hashtag/Sovereignty?src=hash&amp;ref_src=twsrc%5Etfw" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">#Sovereignty</a>, <a href="https://twitter.com/hashtag/Kubernetes?src=hash&amp;ref_src=twsrc%5Etfw" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">#Kubernetes</a> at scale, <a href="https://twitter.com/hashtag/reversibility?src=hash&amp;ref_src=twsrc%5Etfw" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">#reversibility</a> — same themes in every conversation. That&#39;s why we show up.<br><br>Thanks for the moments you can&#39;t script 👋<a href="https://twitter.com/hashtag/CloudNativeCon?src=hash&amp;ref_src=twsrc%5Etfw" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">#CloudNativeCon</a> <a href="https://t.co/dBinAqM04u" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">pic.twitter.com/dBinAqM04u</a></p>&mdash; OVHcloud (@OVHcloud) <a href="https://twitter.com/OVHcloud/status/2044048614977122614?ref_src=twsrc%5Etfw" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">April 14, 2026</a></blockquote><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
</div></figure>



<h3 id="REXKubeCon2026Amsterdam-Conclusion" class="wp-block-heading">Conclusion</h3>



<p class="wp-block-paragraph">KubeCon Amsterdam proved once again that the strength of open source lies in its community.</p>



<p class="wp-block-paragraph">From the halls of the RAI to the technical sessions, the excitement was palpable. We’re leaving with our heads full of ideas, but above all with the certainty that collaboration remains the key to solving the complex challenges of modern IT. This was particularly evident in the packed conference rooms and the crowded aisles of the exhibition hall.</p>



<p class="wp-block-paragraph">One thing is certain: the future of Cloud Native is being written together, and we at OVHcloud look forward to contributing to it with you by helping you get the most out of Kubernetes through our<a href="https://www.ovhcloud.com/fr/public-cloud/kubernetes/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"> managed platform</a>. Because we’re convinced that for businesses in 2026, the challenge will no longer be how to run Kubernetes, but how to use it to innovate faster and better than the competition.</p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fkubecon-cloudnativecon-europe-2026-in-amsterdam-feedback-and-highlights%2F&amp;action_name=KubeCon%20%2B%20CloudNativeCon%20Europe%202026%20in%20Amsterdam%3A%20feedback%20and%20highlights&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Discover the External Secret Operator (ESO) OVHcloud Provider to manage your Kubernetes secrets  🎉</title>
		<link>https://blog.ovhcloud.com/discover-the-external-secret-operator-eso-ovhcloud-provider-to-manage-your-kubernetes-secrets-%f0%9f%8e%89/</link>
		
		<dc:creator><![CDATA[Aurélie Vache]]></dc:creator>
		<pubDate>Tue, 14 Apr 2026 07:02:22 +0000</pubDate>
				<category><![CDATA[OVHcloud Engineering]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=31032</guid>

					<description><![CDATA[Several months ago, we released the Beta version of the OVHcloud Secret Manager and we guided you how to manage [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fdiscover-the-external-secret-operator-eso-ovhcloud-provider-to-manage-your-kubernetes-secrets-%25f0%259f%258e%2589%2F&amp;action_name=Discover%20the%20External%20Secret%20Operator%20%28ESO%29%20OVHcloud%20Provider%20to%20manage%20your%20Kubernetes%20secrets%20%20%F0%9F%8E%89&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="681" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-10-15.57.01.910-1024x681.png" alt="" class="wp-image-31204" style="aspect-ratio:1.503658927864753;width:524px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-10-15.57.01.910-1024x681.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-10-15.57.01.910-300x200.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-10-15.57.01.910-768x511.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-10-15.57.01.910.png 1532w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Several months ago, we released the Beta version of the OVHcloud Secret Manager and we guided you <a href="https://blog.ovhcloud.com/manage-your-secrets-through-ovhcloud-secret-manager-thanks-to-external-secrets-operator-eso-on-ovhcloud-managed-kubernetes-service-mks/" data-wpel-link="internal">how to manage your secrets thanks to the existing External Secret Operator (ESO) Hashicorp Vault provider</a>.</p>



<p class="wp-block-paragraph">As our Secret Manager is now in General Availability, our teams worked on the development of an OVHcloud ESO Provider now available in the <a href="https://github.com/external-secrets/external-secrets/releases/tag/v2.3.0" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">ESO v2.3.0 new release</a> 🎉.</p>



<p class="wp-block-paragraph">In this blog post, you will learn how to create a new secret in the OVHcloud Secret Manager and how to manage it within your Kubernetes clusters through the <a href="https://external-secrets.io/latest/provider/ovhcloud/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OVHcloud ESO provider</a>.</p>



<h3 class="wp-block-heading">External Secrets Operator (ESO)</h3>



<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="225" height="225" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/image.png" alt="" class="wp-image-31088" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/image.png 225w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-150x150.png 150w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/image-70x70.png 70w" sizes="auto, (max-width: 225px) 100vw, 225px" /></figure>



<p class="wp-block-paragraph">The <strong>External Secrets Operator</strong> (ESO), a CNCF sanbox project since 2022, is a Kubernetes operator that integrates external secret management systems.</p>



<p class="wp-block-paragraph">The operator reads the information from an external APIs and automatically injects the values into a <a href="https://kubernetes.io/docs/concepts/configuration/secret/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Kubernetes Secret</a>. If the secret changes in the external API, the operator updates the secret in the Kubernetes cluster.</p>



<p class="wp-block-paragraph">The ESO connects to an external Secret Manager, such as <a href="https://external-secrets.io/latest/provider/ovhcloud/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OVHcloud</a>, Vault, AWS, or GCP, via a provider configured in a <strong>(Cluster)SecretStore.</strong> An <strong>ExternalSecret</strong> resource then specifies which secrets to retrieve. ESO fetches those values and creates a corresponding Kubernetes Secret within the cluster.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="943" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-09-14.55.33.553-1024x943.png" alt="" class="wp-image-31170" style="aspect-ratio:1.0859073039196323;width:484px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-09-14.55.33.553-1024x943.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-09-14.55.33.553-300x276.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-09-14.55.33.553-768x707.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Gribouillis-2026-04-09-14.55.33.553.png 1097w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">For more details, read the <a href="https://external-secrets.io/" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">ESO official documentation</a>.</p>



<h3 class="wp-block-heading">Prerequisites</h3>



<p class="wp-block-paragraph">To be able to use the ESO OVHcloud provider, you need to follow some prerequisites:</p>



<ul class="wp-block-list">
<li>Have an OVHcloud account</li>



<li>Created an <a href="https://www.ovhcloud.com/en/identity-security-operations/key-management-service/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OKMS</a> domain (&#8220;<em>305db938-331f-454d-83a7-3a0a29291661</em>&#8221; for example in this blog post)</li>



<li><a href="https://github.com/ovh/public-cloud-examples/tree/main/iam/create-user-and-generate-pat-token-with-cli" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">Created an IAM local user</a> (&#8220;<em>secretmanager-305db938-331f-454d-83a7-3a0a29291661</em>&#8221; for example in this blog post)</li>



<li>Installed the <a href="https://github.com/ovh/ovhcloud-cli/?tab=readme-ov-file#installation" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OVHcloud CLI</a></li>



<li>Have a Kubernetes cluster</li>
</ul>



<p class="wp-block-paragraph">The ESO OVH provider supports both <code><em>token</em></code> and <code><em>mTLS</em></code> authentication. In this blog post, we will use the token authentication mode. Please follow the <a href="https://external-secrets.io/latest/provider/ovhcloud/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">OVHcloud ESO provider</a> guide if you wish to use mTLS authentication mode.</p>



<h4 class="wp-block-heading">Generate a PAT token (For token authentication only)</h4>



<p class="wp-block-paragraph">The ESO (<strong>Cluster)SecretStore</strong> needs the permission to fetch secrets from Secret Manager.</p>



<p class="wp-block-paragraph">If you want to use token autentication, you’ll need a token (PAT). You can use the ovhcloud CLI to do that:</p>



<pre class="wp-block-code"><code class="">PAT_TOKEN=$(ovhcloud iam user token create &lt;iam-local-user-name&gt; --name pat-&lt;iam-local-user-name&gt; --description "PAT secret manager for domain &lt;okms-id&gt;" -o json  | jq .details.token |  tr -d '"')<br><br>echo $PAT_TOKEN<br>&lt;your-token&gt;</code></pre>



<p class="wp-block-paragraph">You should have a result like this:</p>



<pre class="wp-block-code"><code class="">$ PAT_TOKEN=$(ovhcloud iam user token create secretmanager-305db938-331f-454d-83a7-3a0a29291661 --name pat-secretmanager-305db938-331f-454d-83a7-3a0a29291661 --description "PAT secret manager for domain 305db938-331f-454d-83a7-3a0a29291661" -o json  | jq .details.token |  tr -d '"')<br>2026/04/07 14:07:45 Final parameters:<br>{<br> "description": "PAT secret manager for domain 305db938-331f-454d-83a7-3a0a29291661",<br> "name": "pat-secretmanager-305db938-331f-454d-83a7-3a0a29291661"<br>}<br><br>$ echo $PAT_TOKEN<br>eyJhbGciOiJFZERTQSIsImtpZCI6IjgzMkFGNUE5ODg3MzFCMDNGM0EzMTRFMDJFRUJFRjBGNDE5MUY0Q0YiLCJraW5kIjoicGF0IiwidHlwIjoiSldUIn0.eyJ0b2tlbiI6InBBSFh1WE5JdVNHYVpmV3F2OUFzVmJrU3UwR2UySTJrdFU0OGdTZkwyZ1k9In0.-VDbiUf4vNm1KB9qSv7i4sGMCvxs_EuZFAETB-eaOFf3IX8-9m7akN800--ASgXy55_DDFHdy4Z5uSq8lww-Bw</code></pre>



<p class="wp-block-paragraph">Encode the PAT token in base 64 and save it in an environment variable:</p>



<pre class="wp-block-code"><code class="">export PAT_TOKEN_B64=$(echo -n $PAT_TOKEN | base64)<br>echo $PAT_TOKEN_B64</code></pre>



<h4 class="wp-block-heading">Retrieve and save the KMS information</h4>



<p class="wp-block-paragraph">List the OKMS domains:</p>



<pre class="wp-block-code"><code class="">$ ovhcloud okms list<br>┌──────────────────────────────────────┬─────────────┐<br>│                  id                  │   region    │<br>├──────────────────────────────────────┼─────────────┤<br>│ 305db938-331f-454d-83a7-3a0a29291661 │ eu-west-par │<br>│ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx │ eu-west-par │<br>└──────────────────────────────────────┴─────────────┘</code></pre>



<p class="wp-block-paragraph">Save the KMS endpoint and the OKMS ID in two environment variables. For example:</p>



<pre class="wp-block-code"><code class="">export OKMS_ID="305db938-331f-454d-83a7-3a0a29291661"<br>export KMS_ENDPOINT=$(ovhcloud okms get 305db938-331f-454d-83a7-3a0a29291661 -o json | jq .restEndpoint | xargs)</code></pre>



<h4 class="wp-block-heading">Create a secret in the Secret Manager</h4>



<p class="wp-block-paragraph">In the<a href="https://www.ovh.com/manager" data-wpel-link="exclude"> OVHcloud Control Panel</a> (UI), go to ‘Secret Manager’ section and click on the <strong>Create a secret</strong> button.</p>



<p class="wp-block-paragraph">Then in order to create a secret ‘prod/eu-west-par/dockerconfigjson’, in the Europe region (France – Paris) eu-west-par, choose this region:</p>



<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="695" height="674" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Capture-decran-2026-04-13-a-14.13.25.png" alt="" class="wp-image-31231" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Capture-decran-2026-04-13-a-14.13.25.png 695w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Capture-decran-2026-04-13-a-14.13.25-300x291.png 300w" sizes="auto, (max-width: 695px) 100vw, 695px" /></figure>



<p class="wp-block-paragraph">Then, choose the OKMS domain and create&#8221;prod/eu-west-par/dockerconfigjson&#8221; in the path and fill the content:</p>



<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="704" height="718" src="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Capture-decran-2026-04-13-a-14.13.15.png" alt="" class="wp-image-31232" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/04/Capture-decran-2026-04-13-a-14.13.15.png 704w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Capture-decran-2026-04-13-a-14.13.15-294x300.png 294w, https://blog.ovhcloud.com/wp-content/uploads/2026/04/Capture-decran-2026-04-13-a-14.13.15-70x70.png 70w" sizes="auto, (max-width: 704px) 100vw, 704px" /></figure>



<p class="wp-block-paragraph">Finally, click on the <strong>Create</strong> button to finalise the creation of the new secret.</p>



<h4 class="wp-block-heading">Install or update the ESO</h4>



<p class="wp-block-paragraph">If you&#8217;d never installed ESO in your Kubernetes cluster, you can install it via Helm:</p>



<pre class="wp-block-code"><code class="">helm repo add external-secrets https://charts.external-secrets.io<br>helm repo update<br><br>helm install external-secrets \<br>   external-secrets/external-secrets \<br>    -n external-secrets \<br>    --create-namespace \<br>    --set installCRDs=true</code></pre>



<p class="wp-block-paragraph">If you already installed it, now you should update it in order to use this new provider:</p>



<pre class="wp-block-code"><code class="">helm upgrade external-secrets external-secrets/external-secrets -n external-secrets</code></pre>



<p class="wp-block-paragraph">⚠️ In order to use the OVHcloud provider, you need to have a running instance of ESO equals to version <strong>2.3.0</strong> or more.</p>



<pre class="wp-block-code"><code class="">$ helm list -n external-secrets<br><br>NAME            	NAMESPACE       	REVISION	UPDATED                              	STATUS  	CHART                 	APP VERSION<br>external-secrets	external-secrets	1       	2026-04-13 13:56:29.071329 +0200 CEST	deployed	external-secrets-2.3.0	v2.3.0</code></pre>



<h3 class="wp-block-heading">Let&#8217;s deploy a Secret in Kubernetes using the ESO provider!</h3>



<h4 class="wp-block-heading">Deploy a ClusterSecretStore to connect ESO to Secret Manager</h4>



<p class="wp-block-paragraph">Set up a <strong>ClusterSecretStore</strong> to manage synchronization with Secret Manager.<br>It will use the OVHcloud provider with token authorization mode, and the OKMS endpoint as the backend.</p>



<p class="wp-block-paragraph">Create a <strong>clustersecretstore.yaml.template</strong> file with the content below:</p>



<pre class="wp-block-code"><code class="">apiVersion: external-secrets.io/v1<br>kind: ClusterSecretStore<br>metadata:<br>  name: secret-store-ovh<br>spec:<br>  provider:<br>    ovh:<br>      server: "$KMS_ENDPOINT" # for example: "https://eu-west-rbx.okms.ovh.net"<br>      okmsid: "$OKMS_ID" # for example: "734b9b45-8b1a-469c-b140-b10bd6540017"<br>      auth:<br>        token:<br>          tokenSecretRef:<br>            name: ovh-token<br>            namespace: external-secrets<br>            key: token<br>---<br>apiVersion: v1<br>kind: Secret<br>metadata:<br>  name: ovh-token<br>  namespace: external-secrets<br>data:<br>  token: $PAT_TOKEN_B64</code></pre>



<p class="wp-block-paragraph">Generate the <strong>clustersecretstore.yaml</strong> file from the environment variables you defined:</p>



<pre class="wp-block-code"><code class=""><code>envsubst &lt; clustersecretstore.yaml.template &gt; clustersecretstore.yaml</code></code></pre>



<p class="wp-block-paragraph">You should obtain a file filled with the OVHcloud KMS information:</p>



<pre class="wp-block-code"><code class="">apiVersion: external-secrets.io/v1<br>kind: ClusterSecretStore<br>metadata:<br>  name: secret-store-ovh<br>spec:<br>  provider:<br>    ovh:<br>      server: "https://eu-west-par.okms.ovh.net" # for example: "https://eu-west-rbx.okms.ovh.net"<br>      okmsid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # for example: "734b9b45-8b1a-469c-b140-b10bd6540017"<br>      auth:<br>        token:<br>          tokenSecretRef:<br>            name: ovh-token<br>            namespace: external-secrets<br>            key: token<br>---<br>apiVersion: v1<br>kind: Secret<br>metadata:<br>  name: ovh-token<br>  namespace: external-secrets<br>data:<br>  token: ZXlK...UJ3</code></pre>



<p class="wp-block-paragraph">Apply it in your Kubernetes cluster:</p>



<pre class="wp-block-code"><code class="">kubectl apply -f clustersecretstore.yaml</code></pre>



<p class="wp-block-paragraph">Check:</p>



<pre class="wp-block-code"><code class="">$ kubectl get clustersecretstore.external-secrets.io/secret-store-ovh<br><br>NAME               AGE   STATUS   CAPABILITIES   READY<br>secret-store-ovh   7s    Valid    ReadWrite      True</code></pre>



<h3 class="wp-block-heading">Create an ExternalSecret</h3>



<p class="wp-block-paragraph">Create an <strong>externalsecret.yaml</strong> file with the content below:</p>



<pre class="wp-block-code"><code class="">apiVersion: external-secrets.io/v1<br>kind: ExternalSecret<br>metadata:<br>  name: docker-config-secret<br>  namespace: external-secrets<br>spec:<br>  refreshInterval: 30m<br>  secretStoreRef:<br>    name: secret-store-ovh<br>    kind: ClusterSecretStore<br>  target:<br>    template:<br>      type: kubernetes.io/dockerconfigjson<br>      data:<br>        .dockerconfigjson: "{{ .mysecret | toString }}"<br>    name: ovhregistrycred<br>    creationPolicy: Owner<br>  data:<br>  - secretKey: ovhregistrycred<br>    remoteRef:<br>      key: prod/eu-west-par/dockerconfigjson</code></pre>



<p class="wp-block-paragraph">Apply it:</p>



<pre class="wp-block-code"><code class="">$ kubectl apply -f externalsecret.yaml<br><br>externalsecret.external-secrets.io/docker-config-secret created</code></pre>



<p class="wp-block-paragraph">Check:</p>



<pre class="wp-block-code"><code class="">$ kubectl get externalsecret.external-secrets.io/docker-config-secret -n external-secrets <br><br>NAME                   STORETYPE            STORE              REFRESH INTERVAL   STATUS         READY   LAST SYNC<br>docker-config-secret   ClusterSecretStore   secret-store-ovh   30m                SecretSynced   True    4s</code></pre>



<p class="wp-block-paragraph">After applying this command, it will create a Kubernetes Secret object.</p>



<pre class="wp-block-code"><code class="">$ kubectl get secret ovhregistrycred -n external-secrets<br><br>NAME              TYPE                             DATA   AGE<br>ovhregistrycred   kubernetes.io/dockerconfigjson   1      49s</code></pre>



<p class="wp-block-paragraph">The Kubernetes <strong>Secret</strong> have been created 🎉</p>



<p class="wp-block-paragraph">We created a Secret directly from the key, but the OVHcloud ESO provider allows you to fetch the original secret from different parameters (fetch the whole secret, fetch nested values, fetch multiple secrets…), according to your needs.</p>



<h3 class="wp-block-heading">Conclusion</h3>



<p class="wp-block-paragraph">In this blog, we’ve explained how to create secrets in the OVHcloud Secret Manager and then integrate them directly in your Kubernetes clusters using the new ESO OVHcloud provider.</p>



<p class="wp-block-paragraph">With this brand new OVHcloud provider, you will have a smoother integration between the Secret Manager and your Kubernetes clusters with ESO.</p>



<p class="wp-block-paragraph">Our team are working on several other integrations, so stay tuned, and please share your thoughts with us!</p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fdiscover-the-external-secret-operator-eso-ovhcloud-provider-to-manage-your-kubernetes-secrets-%25f0%259f%258e%2589%2F&amp;action_name=Discover%20the%20External%20Secret%20Operator%20%28ESO%29%20OVHcloud%20Provider%20to%20manage%20your%20Kubernetes%20secrets%20%20%F0%9F%8E%89&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Secure your Software Supply Chain with OVHcloud Managed Private Registry (MPR)</title>
		<link>https://blog.ovhcloud.com/secure-your-software-supply-chain-with-ovhcloud-managed-private-registry-mpr/</link>
		
		<dc:creator><![CDATA[Aurélie Vache]]></dc:creator>
		<pubDate>Fri, 13 Feb 2026 16:40:51 +0000</pubDate>
				<category><![CDATA[OVHcloud Engineering]]></category>
		<category><![CDATA[OVHcloud Managed Private Registry]]></category>
		<category><![CDATA[Public Cloud]]></category>
		<category><![CDATA[Security]]></category>
		<guid isPermaLink="false">https://blog.ovhcloud.com/?p=30357</guid>

					<description><![CDATA[Before an application go to production, it passes through several stages: source code, build, packaging and distribution. But Malicious code [&#8230;]<img src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fsecure-your-software-supply-chain-with-ovhcloud-managed-private-registry-mpr%2F&amp;action_name=Secure%20your%20Software%20Supply%20Chain%20with%20OVHcloud%20Managed%20Private%20Registry%20%28MPR%29&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></description>
										<content:encoded><![CDATA[
<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="1012" height="1011" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Gribouillis-2026-01-30-13.25.17.911.png" alt="" class="wp-image-30442" style="aspect-ratio:1.0009787401988517;width:437px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Gribouillis-2026-01-30-13.25.17.911.png 1012w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Gribouillis-2026-01-30-13.25.17.911-300x300.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Gribouillis-2026-01-30-13.25.17.911-150x150.png 150w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Gribouillis-2026-01-30-13.25.17.911-768x767.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Gribouillis-2026-01-30-13.25.17.911-70x70.png 70w" sizes="auto, (max-width: 1012px) 100vw, 1012px" /></figure>



<p class="wp-block-paragraph">Before an application go to production, it passes through several stages: source code, build, packaging and distribution. But Malicious code &#8211; such as a compromised dependency, breached CI pipeline, or modified package in a registry &#8211; can be introduced at any point in the development cycle, potentially impacting thousands of projects</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="581" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-13-1024x581.png" alt="" class="wp-image-30358" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-13-1024x581.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-13-300x170.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-13-768x436.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-13.png 1292w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">This is precisely where <strong>Software Supply Chain Security </strong>(SSCS) comes in: to protect not just the code itself, but also how it’s built, delivered, and utilised.</p>



<p class="wp-block-paragraph">Attacks like SolarWinds and Log4Shell aren’t isolated incidents, but rather subtle indicators that have escalated in severity.</p>



<figure class="wp-block-image aligncenter is-resized"><img loading="lazy" decoding="async" width="800" height="800" src="https://blog.ovhcloud.com/wp-content/uploads/2025/04/managed_private_registry.png" alt="" class="wp-image-28658" style="width:145px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2025/04/managed_private_registry.png 800w, https://blog.ovhcloud.com/wp-content/uploads/2025/04/managed_private_registry-300x300.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2025/04/managed_private_registry-150x150.png 150w, https://blog.ovhcloud.com/wp-content/uploads/2025/04/managed_private_registry-768x768.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2025/04/managed_private_registry-70x70.png 70w" sizes="auto, (max-width: 800px) 100vw, 800px" /></figure>



<p class="wp-block-paragraph">This blog post explores recommended solutions and best practices for <a href="https://www.ovhcloud.com/en/public-cloud/managed-rancher-service/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"><u>OVHcloud Managed</u></a> <a href="https://www.ovhcloud.com/en/public-cloud/managed-rancher-service/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"><u>Private Registry</u></a> (MPR), an OCI-compliant artifact registry, to help you enhance your Software Supply Chain Security.</p>



<h3 class="wp-block-heading">Generate a Software Bill Of Materials (SBOM)</h3>



<p class="wp-block-paragraph">SBOMs provides a list of all the ingredients (OS, libraries, code) and anything that composes the images that will run on your Kubernetes cluster. </p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="383" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-14-1024x383.png" alt="" class="wp-image-30360" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-14-1024x383.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-14-300x112.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-14-768x287.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-14.png 1256w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">From that list, you can find out more about the image, its vulnerabilities, and licenses.</p>



<h4 class="wp-block-heading">Generate an SBOM manually</h4>



<p class="wp-block-paragraph">To manually generate an SBOM from your image, click the <strong>‘<strong>GENERATE</strong> SBOM’ </strong>button:</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="280" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.28.13-1024x280.png" alt="" class="wp-image-30361" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.28.13-1024x280.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.28.13-300x82.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.28.13-768x210.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.28.13-1536x420.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.28.13-2048x560.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Within seconds, the <em>SBOM </em>column for your image will display <em>“Queued”</em>, then change to <em>“Generating”</em>, and a <em>“SBOM details”</em> link will appear.</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="226" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-31-1024x226.png" alt="" class="wp-image-30393" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-31-1024x226.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-31-300x66.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-31-768x170.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-31-1536x340.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-31-2048x453.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Click the &#8216;<strong>SBOM details&#8217;</strong> link to view the SBOM:</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="557" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.26.38-1024x557.png" alt="" class="wp-image-30367" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.26.38-1024x557.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.26.38-300x163.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.26.38-768x418.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.26.38-1536x835.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.26.38-2048x1114.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Your application’s SBOM is generated by <strong>Trivy </strong>in <strong>SPDX </strong>format. This item is then listed as an accessory for your image in the registry.</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="130" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-17-1024x130.png" alt="" class="wp-image-30371" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-17-1024x130.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-17-300x38.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-17-768x98.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-17-1536x195.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-17-2048x260.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Click the <strong>&#8216;sbom.harbor&#8217;</strong> accessory type for more details:</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="629" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-25-1024x629.png" alt="" class="wp-image-30379" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-25-1024x629.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-25-300x184.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-25-768x472.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-25-1536x944.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-25-2048x1259.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<h4 class="wp-block-heading">Generate an SBOM automatically</h4>



<p class="wp-block-paragraph">Manually generating an SBOM is a good practice, but automating the process is even better. The private registry can automatically generates the SBOM for you once an image is pushed to the desired project.</p>



<p class="wp-block-paragraph">Click the project your image is part of, navigate to the <em>‘Configuration’</em> tab, then tick the <strong>SBOM generation </strong>checkbox:</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="538" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-15-1024x538.png" alt="" class="wp-image-30365" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-15-1024x538.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-15-300x158.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-15-768x403.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-15-1536x806.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-15-2048x1075.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<h3 class="wp-block-heading">Vulnerabilities scanning</h3>



<p class="wp-block-paragraph">We recommend running vulnerability scans on the images to confirm that:</p>



<ul class="wp-block-list">
<li>the images provided are free of any known vulnerabilities (CVEs);</li>



<li>security patches are well integrated before deployment;</li>



<li>the images used in production comply with security and compliance policies.</li>
</ul>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="406" height="232" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-32.png" alt="" class="wp-image-30395" style="width:329px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-32.png 406w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-32-300x171.png 300w" sizes="auto, (max-width: 406px) 100vw, 406px" /></figure>



<p class="wp-block-paragraph">There are several vulnerability scanners available, like <a href="https://trivy.dev/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"><u>Trivy</u></a>, <a href="https://docs.docker.com/scout/" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"><u>Docker Scout</u></a>, and <a href="https://github.com/anchore/grype" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"><u>Grype</u></a>.</p>



<p class="wp-block-paragraph">The OVHcloud Managed Private Registry uses Trivy as its default vulnerability scanner, but you can add more scanners if needed. Go to the <em>Administration</em> panel, click <em>‘<strong>Interrogation Services</strong>’</em>, then navigate to the <em>‘<strong>Scanners</strong>’</em> tab:</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="437" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-33-1024x437.png" alt="" class="wp-image-30400" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-33-1024x437.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-33-300x128.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-33-768x328.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-33-1536x655.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-33-2048x873.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<h4 class="wp-block-heading">Scan your image manually</h4>



<p class="wp-block-paragraph">To manually run a vulnerability scan on your image, go to your project and click the <strong>SCAN VULNERABILITIES</strong> button:</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="186" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-35-1024x186.png" alt="" class="wp-image-30406" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-35-1024x186.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-35-300x55.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-35-768x140.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-35-1536x279.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-35-2048x372.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Within a few seconds, a scan will run and reveal any vulnerabilities detected in your image.</p>



<figure class="wp-block-image aligncenter size-large"><img loading="lazy" decoding="async" width="1024" height="442" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.21-1024x442.png" alt="" class="wp-image-30404" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.21-1024x442.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.21-300x129.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.21-768x331.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.21-1536x662.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.21-2048x883.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Click your image to take a look at the CVEs list:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="557" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.39-1-1024x557.png" alt="" class="wp-image-30414" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.39-1-1024x557.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.39-1-300x163.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.39-1-768x418.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.39-1-1536x835.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/Capture-decran-2026-01-29-a-14.25.39-1-2048x1114.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<h4 class="wp-block-heading">Scan your image automatically</h4>



<p class="wp-block-paragraph">To automatically scan images on push, click the project your image is part of, then the <em>‘Configuration’ </em>tab, and tick the <strong>‘Vulnerabilities scanning’</strong> checkbox:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="390" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-36-1024x390.png" alt="" class="wp-image-30408" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-36-1024x390.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-36-300x114.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-36-768x293.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-36-1536x585.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-36-2048x781.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<h4 class="wp-block-heading">Schedule vulnerability scans</h4>



<p class="wp-block-paragraph">Another way to stay informed is by configuring your vulnerability scanner to run scans every day. Go in the <em>Administration </em>panel, click <em>‘<strong>Interrogation</strong> <strong>Services</strong>’</em>, then the <em>‘<strong>Vulnerability</strong>’</em> tab:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="264" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-34-1024x264.png" alt="" class="wp-image-30401" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-34-1024x264.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-34-300x77.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-34-768x198.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-34-1536x396.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-34-2048x528.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">You can choose to schedule the scan Hourly, Daily, Weekly or you can customize when the scan will be triggered.</p>



<p class="wp-block-paragraph">Scheduled scans ensure that existing images are regularly/periodically analyzed for newly discovered vulnerabilities (CVEs).</p>



<h4 class="wp-block-heading">Prevent vulnerable images from running</h4>



<p class="wp-block-paragraph">You can also configure a project to prevent vulnerable images from being pulled. In order to do that, check the <strong>Prevent vulnerable images from running</strong> checkbox.</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="206" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-40-1024x206.png" alt="" class="wp-image-30430" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-40-1024x206.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-40-300x60.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-40-768x154.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-40.png 1424w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Select the severity level of vulnerabilities to prevent images from running, from None to Critical.</p>



<p class="wp-block-paragraph">With this configuration, images cannot be pulled if their level is equal to or higher than the selected level of severity.</p>



<h3 class="wp-block-heading">Exploitable vulnerabilities</h3>



<p class="wp-block-paragraph">When a scanner found vulnerabilities for your images, it is not necessary that they are exploitable in your application/in your image.</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="170" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-41-1024x170.png" alt="" class="wp-image-30433" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-41-1024x170.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-41-300x50.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-41-768x128.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-41-1536x255.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-41.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">In this example, my application is build with golang 1.25-alpine, but Trivy found several CVEs that are only exploitable in golang 1.19.1 or less.</p>



<p class="wp-block-paragraph">In order to remove/skip the &#8220;false positive&#8221;, a solution exists.</p>



<p class="wp-block-paragraph">VEX (Vulnerability Exploitability eXchange) is a <strong>standard “format”</strong> to state whether a vulnerability is <strong>exploitable</strong> or not in a specific context.</p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" width="1024" height="609" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-43-1024x609.png" alt="" class="wp-image-30435" style="aspect-ratio:1.6814258951355643;width:452px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-43-1024x609.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-43-300x178.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-43-768x456.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-43-1536x913.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-43.png 1681w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">You can generate a VEX file with <a href="https://github.com/openvex/vexctl" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">vexctl</a> or <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">govulncheck</a> tools.</p>



<p class="wp-block-paragraph">Example:</p>



<pre class="wp-block-code"><code class=""># With vexctl<br>$ VULN_ID="CVE-2022-27664"<br>$ PRODUCT="pkg:golang/golang.org/x/net@v0.0.0-20220127200216-cd36cc0744dd"<br>$ vexctl create --file vex.json --author 'Aurélie Vache' --product "pkg:oci/demo@sha256:$HASH?repository_url=$REGISTRY/$HARBOR_PROJECT/demo" --vuln "$VULN_ID" --status 'not_affected' --justification 'vulnerable_code_not_present' --impact-statement "HTTP/2 vulnerability $VULN_ID is not exploitable because the image is compiled with Go 1.20, which contains the patched library."<br><br># With govulncheck (for Go apps)<br>$ govulncheck -format openvex ./... &gt; ../demo.vex.json</code></pre>



<p class="wp-block-paragraph">For the moment, OVHcloud MPR (managed Harbor) does not support VEX files (and the OpenVEX format) <a href="https://github.com/goharbor/harbor/issues/22720" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer">but it is planned in the future</a>.</p>



<p class="wp-block-paragraph">💡But the good news is that you can configure a CVEs whitelist with the list of not exploitable CVEs to ignore them during vulnerability scanning:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="522" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-42-1024x522.png" alt="" class="wp-image-30434" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-42-1024x522.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-42-300x153.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-42-768x391.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-42-1536x782.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-42.png 1814w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">You can optionally uncheck the <strong>Never expires</strong> checkbox and use the calendar selector to set an expiry date for the allowlist.</p>



<h3 class="wp-block-heading">Sign your images</h3>



<p class="wp-block-paragraph">It’s recommended to sign your images to ensure they haven’t been modified and originate from your pipeline (CI/CD).</p>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="278" height="282" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-38.png" alt="" class="wp-image-30412" style="width:128px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-38.png 278w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-38-70x70.png 70w" sizes="auto, (max-width: 278px) 100vw, 278px" /></figure>



<p class="wp-block-paragraph">Signing your images is crucial for protecting them against compromised registries and unauthorised image replacements.</p>



<p class="wp-block-paragraph"><strong>Without a signature, there’s no guarantee the deployed image is the one you originally built!</strong></p>



<figure class="wp-block-image aligncenter size-full is-resized"><img loading="lazy" decoding="async" width="818" height="302" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-37.png" alt="" class="wp-image-30410" style="aspect-ratio:2.708559106290115;width:482px;height:auto" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-37.png 818w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-37-300x111.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-37-768x284.png 768w" sizes="auto, (max-width: 818px) 100vw, 818px" /></figure>



<p class="wp-block-paragraph">You can sign your images with <a href="https://github.com/sigstore/cosign" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"><u>Sigstore Cosign</u></a> or <a href="https://github.com/notaryproject/notation" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"><u>Notation</u></a> tools:</p>



<pre class="wp-block-code"><code class="">$ export HARBOR_PROJECT=supply-chain<br>$ export IMAGE=xxxxxx.c1.de1.container-registry.ovh.net/$HARBOR_PROJECT/demo<br>$ export HASH=$(skopeo inspect docker://${IMAGE}:latest | jq -r .Digest | sed "s/^sha256://")<br><br># Sign with Cosign<br>## Generate a private and a public key<br>$ cosign generate-key-pair<br>## Sign the image with the OCI 1.1 Referrers API<br>$ cosign sign -y --key cosign.key $IMAGE@sha256:$HASH <br><br># Sign with Notation<br>## Generate a RSA key &amp; a self-signed X.509 test certificate<br>$ notation cert generate-test --default "test"<br><br>## Sign the image with the OCI 1.1 Refferrers API<br>$ export NOTATION_EXPERIMENTAL=1 ; notation sign -d --allow-referrers-api ${IMAGE}@sha256:${HASH}</code></pre>



<p class="wp-block-paragraph">You can use Cosign or Notation to sign your images, OVHcloud MPR supports both.</p>



<p class="wp-block-paragraph">Your signature will appear beside your image as an accessory, plus a green checkmark ✅ in your column:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="227" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-26-1024x227.png" alt="" class="wp-image-30382" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-26-1024x227.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-26-300x67.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-26-768x170.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-26-1536x341.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-26-2048x455.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">⚠️ Keep in mind, MPR (Harbor) doesn’t support signatures generated by Cosign v3 (the signature will upload and appear as an accessory, but the mark will stay red instead of turning green). This bug should <a href="https://github.com/goharbor/harbor/issues/22401" data-wpel-link="external" target="_blank" rel="nofollow external noopener noreferrer"><u>be fixed in Harbor 2.15</u></a> 💪.</p>



<p class="wp-block-paragraph">Signing your OCI artifacts and linking them to your images is recommended, and you can do this using Cosign:</p>



<pre class="wp-block-code"><code class="">$ cosign attest -y --predicate sbom.spdx.json --key cosign.key $IMAGE@sha256:$HASH</code></pre>



<p class="wp-block-paragraph">They will be uploaded to the OVHcloud private registry and listed as accessories.</p>



<h4 class="wp-block-heading">Ensure only verified images are pushed to your registry’s projects</h4>



<p class="wp-block-paragraph">To allow only verified/signed images to be deployed on a project, click the project your image is part of, navigate to the <em>‘<strong>Configuration</strong>’</em> tab, and tick the <strong>Cosign</strong> and/or <strong>Notation </strong>checkbox:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="191" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-39-1024x191.png" alt="" class="wp-image-30418" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-39-1024x191.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-39-300x56.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-39-768x143.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-39.png 1406w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">When checked, the registry will only allow verified images to be pulled from the project. Verified images are determined by <strong>Cosign</strong> or <strong>Notation</strong>, depending on the policy you have checked. Note that if you have both Cosign and Notation policies enforced, then images will need to be signed by both Cosign and Notation to be pulled.</p>



<h3 class="wp-block-heading">Tag immutability</h3>



<p class="wp-block-paragraph">By default, tags are mutables, it means that you can push an image demo with the tag 1.0.0, do a modification in the code and push again to this same tag.</p>



<p class="wp-block-paragraph">It could be useful to fix a bug but in term of security a mutable tag does not guarantee that the image you&#8217;ve built and pushed for the 1.0.0 version is the same image that exists now in the registry.</p>



<p class="wp-block-paragraph">Moreover, on Harbor (so on OVHcloud MPR), due to limitations in the upstream OCI Distribution specification, the registry does not enforce a strict link between a tag and an image digest.</p>



<p class="wp-block-paragraph">As a result, a tag can be reassigned to a different artifact. And it causes a side effect on the registry, this causes the tag to migrate across the artifacts and every artifact that has its tag taken away becomes tagless.</p>



<p class="wp-block-paragraph">To prevent this situation, you can configure tag immutability rules. Tag immutability guarantees that an immutable tagged artifact cannot be deleted, and also cannot be altered in any way such as through re-pushing, re-tagging, or replication from another target registry.</p>



<p class="wp-block-paragraph">To do that, click on your project and on the <strong>Policy</strong> tab and select <strong>TAG IMMUTABILITY</strong>:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="469" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-44-1024x469.png" alt="" class="wp-image-30438" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-44-1024x469.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-44-300x137.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-44-768x352.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-44-1536x704.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-44.png 2030w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">And then click the <strong>ADD RULE</strong> button.</p>



<p class="wp-block-paragraph">Fill the repositories and tags list according to your needs.</p>



<p class="wp-block-paragraph">Example:</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="522" src="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-45-1024x522.png" alt="" class="wp-image-30439" srcset="https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-45-1024x522.png 1024w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-45-300x153.png 300w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-45-768x392.png 768w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-45-1536x783.png 1536w, https://blog.ovhcloud.com/wp-content/uploads/2026/01/image-45-2048x1044.png 2048w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">⚠️ You can add a maximum of 15 immutability rules per project.</p>



<h3 class="wp-block-heading">To wrap thing up</h3>



<p class="wp-block-paragraph">Software supply chain security is super important these days. Everything is changing quickly &#8211; the concept, standards, and tools. So, leveraging useful tools like OVHcloud MPR and knowing how to set them up can boost your Software Supply Chain Security efforts.</p>



<p class="wp-block-paragraph">To learn more about how to use and configure <a href="https://help.ovhcloud.com/csm/fr-documentation-public-cloud-containers-orchestration-managed-private-registry?id=kb_browse_cat&amp;kb_id=574a8325551974502d4c6e78b7421938&amp;kb_category=7939e6a464282d10476b3689cb0d0ed7&amp;spa=1" target="_blank" rel="noreferrer noopener nofollow external" data-wpel-link="external">OVHcloud private registries</a>, don’t hesitate to follow our guides.</p>
<img loading="lazy" decoding="async" src="//blog.ovhcloud.com/wp-content/plugins/matomo/app/matomo.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fblog.ovhcloud.com%2Fsecure-your-software-supply-chain-with-ovhcloud-managed-private-registry-mpr%2F&amp;action_name=Secure%20your%20Software%20Supply%20Chain%20with%20OVHcloud%20Managed%20Private%20Registry%20%28MPR%29&amp;urlref=https%3A%2F%2Fblog.ovhcloud.com%2Ffeed%2F" style="border:0;width:0;height:0" width="0" height="0" alt="" />]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
