Several months ago, we released the Beta version of the OVHcloud Secret Manager and we guided you how to manage your secrets thanks to the existing External Secret Operator (ESO) Hashicorp Vault provider.

As our Secret Manager is now in General Availability, our teams worked on the development of an OVHcloud ESO Provider now available in the ESO v2.3.0 new release 🎉.

In this blog post, you will learn how to create a new secret in the OVHcloud Secret Manager and how to manage it within your Kubernetes clusters through the OVHcloud ESO provider.

External Secrets Operator (ESO)

The External Secrets Operator (ESO), a CNCF sanbox project since 2022, is a Kubernetes operator that integrates external secret management systems.

The operator reads the information from an external APIs and automatically injects the values into a Kubernetes Secret. If the secret changes in the external API, the operator updates the secret in the Kubernetes cluster.

The ESO connects to an external Secret Manager, such as OVHcloud, Vault, AWS, or GCP, via a provider configured in a (Cluster)SecretStore. An ExternalSecret resource then specifies which secrets to retrieve. ESO fetches those values and creates a corresponding Kubernetes Secret within the cluster.

For more details, read the ESO official documentation.

Prerequisites

To be able to use the ESO OVHcloud provider, you need to follow some prerequisites:

• Have an OVHcloud account
• Created an OKMS domain (“305db938-331f-454d-83a7-3a0a29291661” for example in this blog post)
• Created an IAM local user (“secretmanager-305db938-331f-454d-83a7-3a0a29291661” for example in this blog post)
• Installed the OVHcloud CLI
• Have a Kubernetes cluster

The ESO OVH provider supports both token and mTLS authentication. In this blog post, we will use the token authentication mode. Please follow the OVHcloud ESO provider guide if you wish to use mTLS authentication mode.

Generate a PAT token (For token authentication only)

The ESO (Cluster)SecretStore needs the permission to fetch secrets from Secret Manager.

If you want to use token autentication, you’ll need a token (PAT). You can use the ovhcloud CLI to do that:

PAT_TOKEN=$(ovhcloud iam user token create <iam-local-user-name> --name pat-<iam-local-user-name> --description "PAT secret manager for domain <okms-id>" -o json  | jq .details.token |  tr -d '"')

echo $PAT_TOKEN
<your-token>

You should have a result like this:

$ PAT_TOKEN=$(ovhcloud iam user token create secretmanager-305db938-331f-454d-83a7-3a0a29291661 --name pat-secretmanager-305db938-331f-454d-83a7-3a0a29291661 --description "PAT secret manager for domain 305db938-331f-454d-83a7-3a0a29291661" -o json  | jq .details.token |  tr -d '"')
2026/04/07 14:07:45 Final parameters:
{
 "description": "PAT secret manager for domain 305db938-331f-454d-83a7-3a0a29291661",
 "name": "pat-secretmanager-305db938-331f-454d-83a7-3a0a29291661"
}

$ echo $PAT_TOKEN
eyJhbGciOiJFZERTQSIsImtpZCI6IjgzMkFGNUE5ODg3MzFCMDNGM0EzMTRFMDJFRUJFRjBGNDE5MUY0Q0YiLCJraW5kIjoicGF0IiwidHlwIjoiSldUIn0.eyJ0b2tlbiI6InBBSFh1WE5JdVNHYVpmV3F2OUFzVmJrU3UwR2UySTJrdFU0OGdTZkwyZ1k9In0.-VDbiUf4vNm1KB9qSv7i4sGMCvxs_EuZFAETB-eaOFf3IX8-9m7akN800--ASgXy55_DDFHdy4Z5uSq8lww-Bw

Encode the PAT token in base 64 and save it in an environment variable:

export PAT_TOKEN_B64=$(echo -n $PAT_TOKEN | base64)
echo $PAT_TOKEN_B64

Retrieve and save the KMS information

List the OKMS domains:

$ ovhcloud okms list
┌──────────────────────────────────────┬─────────────┐
│                  id                  │   region    │
├──────────────────────────────────────┼─────────────┤
│ 305db938-331f-454d-83a7-3a0a29291661 │ eu-west-par │
│ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx │ eu-west-par │
└──────────────────────────────────────┴─────────────┘

Save the KMS endpoint and the OKMS ID in two environment variables. For example:

export OKMS_ID="305db938-331f-454d-83a7-3a0a29291661"
export KMS_ENDPOINT=$(ovhcloud okms get 305db938-331f-454d-83a7-3a0a29291661 -o json | jq .restEndpoint | xargs)

Create a secret in the Secret Manager

In the OVHcloud Control Panel (UI), go to ‘Secret Manager’ section and click on the Create a secret button.

Then in order to create a secret ‘prod/eu-west-par/dockerconfigjson’, in the Europe region (France – Paris) eu-west-par, choose this region:

Then, choose the OKMS domain and create”prod/eu-west-par/dockerconfigjson” in the path and fill the content:

Finally, click on the Create button to finalise the creation of the new secret.

Install or update the ESO

If you’d never installed ESO in your Kubernetes cluster, you can install it via Helm:

helm repo add external-secrets https://charts.external-secrets.io
helm repo update

helm install external-secrets \
   external-secrets/external-secrets \
    -n external-secrets \
    --create-namespace \
    --set installCRDs=true

If you already installed it, now you should update it in order to use this new provider:

helm upgrade external-secrets external-secrets/external-secrets -n external-secrets

⚠️ In order to use the OVHcloud provider, you need to have a running instance of ESO equals to version 2.3.0 or more.

$ helm list -n external-secrets

NAME            	NAMESPACE       	REVISION	UPDATED                              	STATUS  	CHART                 	APP VERSION
external-secrets	external-secrets	1       	2026-04-13 13:56:29.071329 +0200 CEST	deployed	external-secrets-2.3.0	v2.3.0

Let’s deploy a Secret in Kubernetes using the ESO provider!

Deploy a ClusterSecretStore to connect ESO to Secret Manager

Set up a ClusterSecretStore to manage synchronization with Secret Manager.
It will use the OVHcloud provider with token authorization mode, and the OKMS endpoint as the backend.

Create a clustersecretstore.yaml.template file with the content below:

apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
  name: secret-store-ovh
spec:
  provider:
    ovh:
      server: "$KMS_ENDPOINT" # for example: "https://eu-west-rbx.okms.ovh.net"
      okmsid: "$OKMS_ID" # for example: "734b9b45-8b1a-469c-b140-b10bd6540017"
      auth:
        token:
          tokenSecretRef:
            name: ovh-token
            namespace: external-secrets
            key: token
---
apiVersion: v1
kind: Secret
metadata:
  name: ovh-token
  namespace: external-secrets
data:
  token: $PAT_TOKEN_B64

Generate the clustersecretstore.yaml file from the environment variables you defined:

envsubst < clustersecretstore.yaml.template > clustersecretstore.yaml

You should obtain a file filled with the OVHcloud KMS information:

apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
  name: secret-store-ovh
spec:
  provider:
    ovh:
      server: "https://eu-west-par.okms.ovh.net" # for example: "https://eu-west-rbx.okms.ovh.net"
      okmsid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # for example: "734b9b45-8b1a-469c-b140-b10bd6540017"
      auth:
        token:
          tokenSecretRef:
            name: ovh-token
            namespace: external-secrets
            key: token
---
apiVersion: v1
kind: Secret
metadata:
  name: ovh-token
  namespace: external-secrets
data:
  token: ZXlK...UJ3

Apply it in your Kubernetes cluster:

kubectl apply -f clustersecretstore.yaml

Check:

$ kubectl get clustersecretstore.external-secrets.io/secret-store-ovh

NAME               AGE   STATUS   CAPABILITIES   READY
secret-store-ovh   7s    Valid    ReadWrite      True

Create an ExternalSecret

Create an externalsecret.yaml file with the content below:

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: docker-config-secret
  namespace: external-secrets
spec:
  refreshInterval: 30m
  secretStoreRef:
    name: secret-store-ovh
    kind: ClusterSecretStore
  target:
    template:
      type: kubernetes.io/dockerconfigjson
      data:
        .dockerconfigjson: "{{ .mysecret | toString }}"
    name: ovhregistrycred
    creationPolicy: Owner
  data:
  - secretKey: ovhregistrycred
    remoteRef:
      key: prod/eu-west-par/dockerconfigjson

Apply it:

$ kubectl apply -f externalsecret.yaml

externalsecret.external-secrets.io/docker-config-secret created

Check:

$ kubectl get externalsecret.external-secrets.io/docker-config-secret -n external-secrets 

NAME                   STORETYPE            STORE              REFRESH INTERVAL   STATUS         READY   LAST SYNC
docker-config-secret   ClusterSecretStore   secret-store-ovh   30m                SecretSynced   True    4s

After applying this command, it will create a Kubernetes Secret object.

$ kubectl get secret ovhregistrycred -n external-secrets

NAME              TYPE                             DATA   AGE
ovhregistrycred   kubernetes.io/dockerconfigjson   1      49s

The Kubernetes Secret have been created 🎉

We created a Secret directly from the key, but the OVHcloud ESO provider allows you to fetch the original secret from different parameters (fetch the whole secret, fetch nested values, fetch multiple secrets…), according to your needs.

Conclusion

In this blog, we’ve explained how to create secrets in the OVHcloud Secret Manager and then integrate them directly in your Kubernetes clusters using the new ESO OVHcloud provider.

With this brand new OVHcloud provider, you will have a smoother integration between the Secret Manager and your Kubernetes clusters with ESO.

Our team are working on several other integrations, so stay tuned, and please share your thoughts with us!

As Linux Sys Admins, we are sometimes faced with dilemmas regarding what we can or cannot allow on machines.

Some functionalities are very important to users for their daily tasks and overall better use of their devices, but they sometimes also come with security concerns.
We came up with a way to still allow most of these functionalities, while having more control over them, but also their outcome.

While the Linux user community is technical, their missions are still quite heterogeneous. They can range from developers, sysadmins, network engineers and more…
And they all work with very different workflows (from front-end web to the low-level driver). Sometimes on the laptop, on a docker, on a local VM or remotely on a development VM. Some may even need to hook up via a specific hardware.

Which leaves us users who are very much used to having access to every aspect of their personal computers rather frustrated when they are too limited.

Combining Usability and Security

Wrappers are usually used for abstraction and convenience; they often are relied on to simplify command-line workflows, enforce consistent parameters, or adapt legacy tools to modern environments.
In the case at hand, they are used a bit more like “guardrails.”

Take, as example, package management. Tools like apt are powerful but inherently risky when misused (or maliciously used), and capable of altering a system’s status by removing critical dependencies, etc…
Instead of exposing these tools directly (or completely removing access to them), our team provides a wrapped version that preserves essential functionality, while explicitly blocking operations that could compromise the system’s integrity.

Why would our user base need access to apt? Why not just completely remove that option?

Since our user base is rather technical, and knows their operating system rather well in general, they should be able to install authorized packages, or to update or remove them whenever they like (even though we also have a daily, automatic updates running too).
Plus, if they encounter any basic dpkg/apt issue, it makes sense for them to be able to resolve them autonomously.

Here is the list of options we made available:

Usage:
ovh-apt <install|reinstall|remove|purge> [OPTIONS] <package|package=version> [package...]
ovh-apt <update|autoclean|clean>
ovh-apt <fix> (this executes apt-get install -f)
ovh-apt <fix-dpkg> (this executes dpkg --configure -a)
Examples:
ovh-apt update
ovh-apt install vim
ovh-apt install vim=2:8.1.2269-1ubuntu5.17
ovh-apt install --only-upgrade bash
ovh-apt fix

We also have a list of protected packages, to avoid having very useful ones deleted; firewall configuration, systemd, sudo, etc…
Basically, this includes everything that could have an impact on security or system integrity. As well, this wrapper in specific is non-interactive – in order to make sure a root shell is never offered – as can be the case natively with dpkg.

How to prevent specific packages from being uninstalled?

We have a .txt file containing a bunch of package names (one per line).
In our ovh-apt script, we look into that file, and if we find a corresponding package, we exit the script.

re="^(Purg|Remv) ([^ ]+) "
IFS="
"
protected="$(cat /etc/ovh/ovh-apt/protected.txt)"
apt_output=$(cat nohup.out)
for line in $apt_output ; do
if [[ "$line" =~ $re ]]; then
package="${BASH_REMATCH[2]}"
if [[ " ${protected[*]} " =~ [[:space:]]${package}[[:space:]] ]]; then
echo "Error: Package $package is protected, won't do."
cancel=1
fi
fi
done
unset IFS

There is more

By default, you would need root access on unix systems to be able to change the keyboard layout. We decided to make a wrapper to allow for some users to set the layout of their choice.
This implementation was also heavily requested by Linux users, and very understandably so.

Here’s how it works:

Usage: ovh-keyboard <command> [options]
Commands:
show -> Show current keyboard configuration.
set <layout> -> Update keyboard configuration.
Valid options: fr, us, gb, ca, es, it, de, pt

Just for funsies, here is the list of other wrappers we use:

ovh_backlightctl Allows user to control the backlight options of their monitors.
ovh_snap Allows users to manage a list of snap packages on their device protected
ovh_swapclean Obviously.
ovh-systemctl Allows specific and unharmful systemctl commands.
nmcli_wrapper Blocks the –show-secrets options with nmcli. ‘Cause we don’t want secrets to be seen (that’s why they’re secret).

We definitely will keep on using wrappers, whether it is for user or security needs, when the use case allows it. We find this way of handling the accessibility / security compromise fits quite well with how we manage the Linux parc so far.

1) We are introducing three new Web Hosting ranges

Our offers will be organized into three distinct ranges, each designed to match different needs and usage profiles. Whether you are launching a simple website, running a growing business, or managing multiple client projects, you can now more easily find the plan that fits your situation.

Eco range: affordable and straightforward hosting

This range is designed for professionals looking for a cost-effective solution. It focuses on essential features to get a website online quickly and easily, without unnecessary complexity. All plans include the core services: disk space, email accounts, a domain name, and built-in security.

It is ideal for simple websites, first projects, portfolios, or small business sites that need to be reliable and easy to manage from day one. You get everything you need to launch and run your site, at a price that stays accessible over time.

In short, we provide a straightforward, dependable hosting solution that covers the essentials, so you can focus on your project, not on technical setup.

If you already own a domain name with OVHcloud, you can activate your free hosting right away. Every domain includes 100 MB of hosting, so you can get your first web pages online at no additional cost. This free plan comes with one email account, the performance of our infrastructure, and the same high level of security as all our other products.

Business range: performance and flexibility

The Business range is built for professionals who need more performance, flexibility, and resources to support their growth.

As your website evolves, so do your requirements: more traffic, more content, more integrations. This range provides faster loading times, more generous resources (databases, storage, email accounts), and additional technical capabilities to adapt your environment to your needs.

Whether you are running a business website, an e-commerce platform, or multiple projects, you benefit from a hosting solution designed to keep up with your growth while giving you more control.

For more demanding use cases, our Pro and Performance plans provide higher CPU and RAM allocations designed to handle traffic spikes smoothly, ensuring your websites remain responsive even during peak activity.

In short, this is the right balance between performance, flexibility, and cost-efficiency for growing projects.

Agencies range: built for managing multiple clients efficiently

The Agencies range is designed for professionals managing several websites across multiple clients.

When you operate multiple projects, efficiency becomes key. This range allows you to host, manage, and scale multiple websites within a single environment, helping you centralize operations and reduce costs.

It is particularly suited for agencies, freelancers, and service providers who need to deploy, maintain, and monitor many sites while keeping their workflow simple and scalable.

In short: a solution built to help you manage more projects and clients, more efficiently, while saving both time and costs, without multiplying hosting plans.

2) More capacity to grow your projects

After a full renewal of our compute infrastructure in 2025, our Web Hosting plans are now up to 3x faster, with 2x more compute power allocated.

In 2026, we are upgrading our storage technology. All our Web Hosting plans are progressively moving to SSD storage to ensure faster access times and better resilience during incidents or maintenance operations. The result: improved service quality and higher availability for your websites.

In addition, we are increasing both the number of databases and the storage capacity per database included in our Web Hosting plans.

What’s changing

Many customers begin with a single website, then expand to additional projects such as blogs, landing pages, test environments, or client websites. Because our Web Hosting plans are designed to be multi-site, you can host multiple projects within a single plan. As your projects grow, database requirements naturally increase due to additional content, users, plugins, and data.

Our goal is simple: instead of requiring an immediate upgrade to a higher plan, we are including additional resources directly in your existing plan. This allows you to group multiple websites under the same hosting account, each with its own database. In practice, this reduces costs, simplifies management, and gives you the flexibility to scale your projects without unnecessary complexity.

What this means for you

Run multiple websites without additional hosting plans
You can create and manage several websites under the same account, each with its own database, without needing to upgrade immediately.

Install multiple CMS environments easily
Whether you use WordPress, Joomla!, PrestaShop, or another CMS, you can deploy separate projects independently, without database limitations.

Create staging and test environments
You can duplicate websites to safely test updates, themes, or plugins before deploying them to production.

Support long-term website growth
As your traffic and content increase, larger databases provide additional capacity without the risk of quickly reaching storage limits.

By expanding both database capacity and quantity, we are providing more room for your projects to grow without requiring an immediate plan upgrade.

3) Pricing update: lower entry price and long-term savings

As part of this evolution, our pricing structure is also changing. It has been designed with two clear objectives: maintain a very accessible entry price for new projects and deliver stronger overall value for customers choosing longer subscription durations.

A highly competitive first year for new subscriptions

For any new subscription, the first-year price is intentionally kept very low.

For example, the Pro plan now starts at €1.99/month for the first year.

This approach makes it easier to launch a new idea, test a concept, or start a business without significant upfront costs. Customers launching new projects benefit from one of the most competitive entry prices available.

All core hosting features remain included: generous email accounts, a domain name included during the first year, multi-site capability, expanded database resources, and enhanced support services. In short, you keep everything that makes your hosting complete, with additional resources and improved assistance.

Better pricing with longer durations

We are introducing 24- and 48-month durations to help you secure the best possible rate! Most websites are long-term projects that grow in visibility, traffic, and business value, and we want your hosting plan to support that long-term development.

By selecting a longer duration, you can benefit from significant savings:

• Choosing 24 months can represent savings equivalent to 5 to 6 months compared to annual renewals.
• Choosing 48 months can represent savings equivalent to 16 to 18 months compared to annual renewals.

This approach is simple: the longer your duration, the lower your monthly price and the more predictable your hosting budget becomes.

4) Renew now and keep your current price

If you are already a customer, we want to ensure your loyalty continues to be rewarded. Many of you have trusted us to host your projects for years, and we want to give you the opportunity to maintain your current pricing conditions.

If you wish to retain your existing pricing, you can renew your hosting plan before 1st June 2026. This allows you to secure your current rate while continuing to benefit from all plan improvements. Renewal can be completed in just a few clicks from your Control Panel.

By renewing in advance, you can:

• Lock in your current rate for the duration you choose
• Extend your subscription for up to 4 additional years
• Continue benefiting from upgraded features, including additional databases and improved support

For long-term projects, renewing now provides cost stability and better visibility on future hosting expenses.

5) A redesigned and strengthened support experience

For many of you, running a website is more than a hobby. It can generate revenue, support clients, or represent your business online. When an issue occurs, you do not want to simply open a ticket. You expect clear guidance and fast resolution. We have listened to this feedback and are strengthening our support services to be easier to reach, faster to respond, and more helpful when you need expert advice.

Here is how your day-to-day support experience will evolve:

Support whenever you need it
We are progressively rolling out 24/7 availability, with expanded contact channels so you can reach us at any time, whether you are launching a new site, managing an urgent issue, or looking for guidance.

Faster responses
An improved live chat experience will allow you to connect quickly with our teams and receive clear answers with reduced waiting times.

Simplified human interaction
You will be able to call us directly from your browser and request a callback from one of our agents, allowing you to receive assistance in the way that suits you best.

Stronger guidance and follow-up
We are adopting a more proactive support approach, focused not only on resolving issues but also on advising you and helping you move your projects forward with confidence.

Our objective is straightforward: make it easier and faster for you to get help when you need it. Whether you are launching a new website, managing updates, or troubleshooting an issue, we are continuously investing to deliver a smoother customer experience.

These improvements reflect our commitment to supporting both beginners and advanced users with reliable and accessible assistance. They are currently being prepared and will be progressively deployed to ensure quality and stability.

6) Dedicated offers for Partners and Agencies (coming soon)

Some customers go beyond managing their own websites. They design, deploy, and resell complete web environments for their clients, including hosting, domain names, email services, and other solutions, sometimes under their own brand. Resellers and agencies often operate across the entire OVHcloud ecosystem and require solutions adapted to multi-client and multi-service environments.

Managing a Web Cloud portfolio typically involves:

• Coordinating updates across multiple customer environments
• Ensuring availability and performance across all hosted projects
• Responding quickly when customer services are impacted
• Optimizing costs and margins across service portfolios

We are preparing a dedicated offer designed specifically for these use cases.
This upcoming partner offering will include:

• Premium and prioritized support with clearer escalation paths for business-critical situations
• Preferential pricing tailored to multi-product portfolios
• Management tools designed for agencies to simplify deployment, monitoring, and maintenance across multiple services for your multiple customers. 

More details will be shared soon. We look forward to developing this offer in collaboration with our partner ecosystem.

7) New features

We are continuously improving our Web Hosting platform, and several major enhancements are already underway.

We have recently completed a full renewal of our compute infrastructure to deliver improved performance and reliability across all hosted websites. Read more about it on our dedicated blog article.

We are also currently replacing our storage infrastructure with the same objective: delivering improved performance, resilience, and long-term data reliability.

These infrastructure upgrades are part of a broader and transparent product roadmap. We openly share our development priorities so you can track ongoing and upcoming improvements.

Beyond infrastructure, upcoming enhancements include:

• Simplified WordPress management through Managed Hosting for WordPress (currently available in beta), providing increased automation and easier daily administration.
• Our new video hosting solution designed to deliver media content without relying on third-party platforms. Discover the Video Center!
• New AI-powered features to help manage, optimize, and secure your websites

Our commitment to you

Whether you are running a personal website, launching a business, or managing multiple projects, our objective remains unchanged: deliver a powerful, reliable, and cost-efficient platform that supports your growth over time and continuously improve your hosting experience with practical features that simplify daily management while strengthening performance and reliability. 

Nos offres seront désormais organisées en trois gammes distinctes, chacune conçue pour répondre à des besoins et usages différents. Que vous lanciez un site simple, développiez un business ou gériez plusieurs projets clients, vous pouvez désormais trouver plus facilement l’offre adaptée à votre situation.

Gamme Eco : pour un hébergement accessible et simple

Cette gamme s’adresse aux professionnels à la recherche d’une solution économique. Elle se concentre sur l’essentiel pour mettre un site en ligne rapidement et facilement, sans complexité. Toutes les offres incluent les services de base dont vous avez besoin : espace disque, comptes email, nom de domaine et sécurité intégrée.

Elle est idéale pour les sites simples, les premiers projets, les portfolios ou les petits sites professionnels qui doivent être fiables et faciles à gérer dès le départ. Vous bénéficiez de tout le nécessaire pour lancer et faire fonctionner votre site, à un prix accessible dans la durée.

Vous possédez déjà un nom de domaine chez OVHcloud ? Vous pouvez activer votre hébergement gratuit immédiatement. Chaque domaine inclut 100 Mo d’hébergement, vous permettant de mettre en ligne vos premières pages web sans coût supplémentaire. Cette offre inclut également un compte email, s’appuie sur la performance de notre infrastructure, et bénéficie du même haut niveau de sécurité que l’ensemble de nos produits.

Gamme Business : performance et flexibilité

La gamme Business est conçue pour les professionnels ayant besoin de plus de performance, de flexibilité et de ressources pour accompagner leur croissance.

À mesure que votre site évolue, vos besoins augmentent : plus de trafic, plus de contenu, plus d’intégrations. Cette gamme permet des temps de chargement plus rapides, inclut des ressources plus généreuses (bases de données, stockage, emails), ainsi que des fonctionnalités techniques avancées pour adapter votre environnement à vos besoins.

Que vous gériez un site vitrine, un site e-commerce ou plusieurs projets, vous bénéficiez d’une solution d’hébergement conçue pour accompagner votre croissance tout en vous offrant davantage de contrôle.

Pour les besoins les plus exigeants, nos offres Pro et Performance proposent davantage de CPU et de RAM, permettant de gérer efficacement des pics de trafic importants et d’assurer la réactivité de vos sites, même en période de forte activité.

En résumé, cette gamme offre un excellent équilibre entre performance, flexibilité et maîtrise des coûts, idéal pour soutenir vos projets professionnels en croissance.

Gamme Agencies : conçue pour gérer plusieurs clients efficacement

La gamme Agencies est conçue pour les professionnels qui gèrent plusieurs sites pour plusieurs clients.

Lorsque vous pilotez plusieurs projets, l’efficacité devient essentielle. Cette gamme vous permet d’héberger, gérer et faire évoluer plusieurs sites au sein d’un même environnement, afin de centraliser vos opérations et de réduire vos coûts.

Elle est particulièrement adaptée aux agences, freelances et prestataires qui doivent déployer, maintenir et superviser de nombreux sites tout en conservant un workflow simple et scalable.

Les offres de cette gamme offrent des ressources encore plus généreuses pour accompagner vos projets les plus exigeants : jusqu’à 1 To d’espace disque, 14 vCores et 16 Go de RAM. Elles incluent également toutes notre CDN ainsi qu’une instance Web Cloud Databases, pour assurer performance, scalabilité et simplicité de gestion au quotidien.

Vous travaillez en équipe ? Gérez finement les accès utilisateurs afin de collaborer efficacement à plusieurs : attribuez des rôles et des permissions adaptés à chaque profil, contrôlez qui peut accéder à quelles ressources, et organisez le travail entre membres de votre équipe en toute sécurité et simplicité.

Cette gamme est ainsi pensée pour vous permettre de gérer davantage de projets et de clients, plus efficacement, tout en gagnant du temps et en optimisant vos coûts, sans multiplier les hébergements.

2) Plus de capacité pour accompagner vos projets

Après le renouvellement complet de notre infrastructure de calcul en 2025, nos hébergements web sont désormais jusqu’à 3 fois plus rapides, avec 2 fois plus de puissance de calcul allouée.

En 2026, nous faisons évoluer notre technologie de stockage afin d’offrir encore plus de performance et de fiabilité. Tous nos hébergements passent progressivement sur du stockage SSD, pour assurer des temps d’accès plus rapides et une meilleure résilience en cas d’incident ou de maintenance. Résultat : une qualité de service renforcée et une disponibilité accrue de vos sites.

Nous augmentons également le nombre de bases de données et leur capacité de stockage inclus dans nos offres.

Ce qui change

Nombre d’entre vous commencent avec un seul site, puis développent d’autres projets : blogs, landing pages, environnements de test ou sites clients. Nos hébergements étant multi-sites, vous pouvez héberger plusieurs projets sur un même plan. À mesure que vos projets évoluent, les besoins en bases de données augmentent naturellement.

Notre objectif est simple : plutôt que de vous obliger à changer d’offre, nous intégrons plus de ressources directement dans votre plan actuel. Cela vous permet de regrouper plusieurs sites sous un même hébergement, chacun avec sa propre base de données.

En pratique, cela permet de réduire les coûts, simplifier la gestion et offrir plus de flexibilité pour faire évoluer vos projets.

Quelques cas d’usage

Hébergez plusieurs sites sans multiplier les offres
Vous pouvez gérer plusieurs sites depuis un même compte, chacun avec sa propre base de données.

Installez facilement plusieurs CMS
WordPress, Joomla!, PrestaShop… déployez plusieurs projets indépendants sans contrainte.

Créez des environnements de test (staging)
Testez vos mises à jour en toute sécurité avant mise en production.

Accompagnez la croissance de vos sites
Des bases plus grandes permettent d’absorber plus de trafic et de contenu sans limite immédiate.

3) Évolution des prix : un prix d’entrée plus bas et des économies sur la durée

Dans le cadre de cette évolution, notre structure tarifaire évolue avec deux objectifs : maintenir un prix d’entrée très accessible et offrir plus de valeur sur les engagements longue durée.

Un prix très compétitif la première année

Pour toute nouvelle souscription, le prix de la première année est volontairement très bas.

Par exemple, l’offre Pro démarre désormais à 1,99 € HT/mois la première année.

Cette approche facilite le lancement d’une nouvelle idée, le test d’un concept ou la création d’une activité, sans coûts initiaux importants. Les clients qui lancent de nouveaux projets bénéficient ainsi de l’un des prix d’entrée les plus compétitifs du marché.

Toutes les fonctionnalités essentielles de l’hébergement restent incluses : des comptes email généreux, un nom de domaine inclus la première année, le multi-site, des ressources de bases de données étendues et un support amélioré. En résumé, vous conservez tout ce qui fait la richesse de votre hébergement, avec davantage de ressources et un accompagnement renforcé.

Des économies à long terme

Nous introduisons des durées de 24 et 48 mois afin de vous permettre de bénéficier du meilleur tarif possible. La plupart des sites web s’inscrivent dans la durée : ils gagnent en visibilité, en trafic et en valeur. Nous voulons que votre hébergement accompagne cette évolution sur le long terme.

En choisissant une durée plus longue, vous pouvez réaliser des économies significatives :

• 24 mois = 5 à 6 mois économisés par rapport à des renouvellements annuels
• 48 mois = 16 à 18 mois économisés par rapport à des renouvellements annuels

Le principe est simple : plus la durée est longue, plus votre prix mensuel est avantageux et plus votre budget d’hébergement devient prévisible.

4) Renouvelez maintenant pour conserver votre prix actuel

Nombre d’entre vous nous font confiance depuis des années pour héberger leurs projets, et nous souhaitons continuer à récompenser votre fidélité en vous permettant de conserver vos conditions tarifaires actuelles le plus longtemps possible.

Si vous souhaitez maintenir vos tarifs actuels, vous pouvez anticiper le renouvellement votre hébergement avant le 1er Juin 2026. Cela vous permet de sécuriser votre prix tout en continuant à bénéficier des améliorations de votre offre. Le renouvellement peut être effectué en quelques clics depuis votre espace client.

En renouvelant dès maintenant, vous pouvez conserver votre tarif actuel jusqu’à 4 années supplémentaires, tout en bénéficiant des améliorations apportées à nos hébergements, notamment des bases de données supplémentaires et d’un support renforcé.

Pour les projets de long terme, renouveler dès aujourd’hui vous permet de gagner en stabilité budgétaire et en visibilité sur vos dépenses d’hébergement.

5) Un support repensé et renforcé

Pour beaucoup d’entre vous, un site web est bien plus qu’un simple projet personnel. Il peut générer du chiffre d’affaires, servir vos clients ou présenter votre activité en ligne. Lorsqu’un problème survient, vous ne souhaitez pas simplement ouvrir un ticket : vous attendez des réponses claires et une résolution rapide. Nous avons pris en compte ces attentes et renforçons notre support pour le rendre plus accessible, plus réactif et plus pertinent lorsque vous avez besoin d’être accompagné.

Voici comment votre expérience de support va évoluer :

Un support disponible quand vous en avez besoin

Nous déployons progressivement une disponibilité 24 h/24, 7 j/7, avec davantage de canaux de contact pour vous permettre de nous joindre à tout moment, que vous lanciez un nouveau site, gériez une urgence ou ayez besoin de conseils.

Des réponses plus rapides

Une expérience de chat améliorée vous permettra d’entrer rapidement en contact avec nos équipes et d’obtenir des réponses claires avec des temps d’attente réduits.

Une interaction humaine simplifiée

Vous pourrez nous appeler directement depuis votre navigateur ou demander à être rappelé par l’un de nos conseillers, afin d’obtenir de l’aide selon le mode de contact qui vous convient le mieux.

Un accompagnement et un suivi renforcés

Nous adoptons une approche plus proactive du support, qui ne se limite pas à résoudre les incidents, mais vise aussi à vous conseiller et à vous aider à faire avancer vos projets.

Notre objectif est simple : vous permettre d’obtenir de l’aide plus facilement et plus rapidement, quand vous en avez besoin. Que vous lanciez un site, gériez des mises à jour ou résolviez un problème, nous continuons d’investir pour offrir une expérience client toujours plus fluide.

Ces améliorations reflètent notre engagement à accompagner aussi bien les débutants que les utilisateurs avancés, avec un support fiable et accessible. Elles sont en cours de déploiement progressif afin de garantir qualité et stabilité.

6) Offres dédiées pour partenaires et agences (à venir)

Certains clients vont au-delà de la gestion de leurs propres sites. Ils conçoivent, déploient et revendent des environnements web complets pour leurs clients, incluant l’hébergement, les noms de domaine, les services email et d’autres solutions, parfois sous leur propre marque. Les revendeurs et les agences opèrent souvent sur l’ensemble de l’écosystème OVHcloud et ont besoin de solutions adaptées à des environnements multi-clients et multi-services.

Cela implique généralement de :

• Coordonner les mises à jour sur plusieurs environnements clients
• Garantir la disponibilité et la performance de l’ensemble des projets hébergés
• Réagir rapidement en cas d’impact sur les services clients
• Optimiser les coûts et les marges à l’échelle du portefeuille de services

C’est la raison pour laquelle nous préparons une offre spécifiquement conçue pour ces usages. Cette future offre partenaires inclura notammant :

• Un support premium et prioritaire, avec des parcours d’escalade plus clairs pour les situations critiques
• Une tarification préférentielle, adaptée aux portefeuilles multi-produits
• Des outils de gestion dédiés aux agences, pour simplifier le déploiement, le suivi et la maintenance de multiples services pour vos clients

Plus de détails seront partagés prochainement. Nous avons hâte de développer cette offre en collaboration avec notre écosystème de partenaires.

7) Nouvelles fonctionnalités

Nous continuons à améliorer notre plateforme d’hébergement web, avec plusieurs évolutions majeures déjà en cours.

Nous avons récemment finalisé un renouvellement complet de notre infrastructure de calcul, afin d’offrir de meilleures performances et une fiabilité accrue pour l’ensemble de vos sites. Vous pouvez en savoir plus dans notre article dédié.

Nous sommes également en train de moderniser notre infrastructure de stockage, avec le même objectif : renforcer les performances, la résilience et la fiabilité de notre infrastructure sur le long terme.

Ces évolutions s’inscrivent dans une feuille de route produit plus large et transparente. Nous partageons régulièrement nos priorités afin que vous puissiez suivre les améliorations en cours et à venir.

Au-delà de l’infrastructure, plusieurs nouveautés sont en préparation :

• Une gestion simplifiée de WordPress avec Managed Hosting for WordPress, pour plus d’automatisation et une administration facilitée au quotidien
• Une nouvelle solution d’hébergement vidéo, conçue pour diffuser vos contenus sans dépendre de plateformes tierces
• De nouvelles fonctionnalités basées sur l’intelligence artificielle pour vous aider à gérer, optimiser et sécuriser vos sites

Notre engagement

Notre objectif reste simple : vous offrir une plateforme performante, fiable et accessible, capable d’accompagner votre croissance dans la durée, tout en améliorant en continu votre expérience grâce à des fonctionnalités qui simplifient votre gestion au quotidien.

This reference architecture demonstrates how to deploy a Large Language Model (LLM) inference system using vLLM on OVHcloud Managed Kubernetes Service (MKS). The solution leverages NVIDIA L40S GPUs to serve the Qwen3-VL-8B-Instruct multimodal model (vision + text) with OpenAI-compatible API endpoints.

This comprehensive guide shows you how to deploy, to scale automatically, and how to monitor vLLM-based LLM workloads on the OVHcloud infrastructure.

What are the key benefits?

• Cost-effectiveness: Leverage managed services to minimise operational overhead
• Real-time observability: Track Time-to-First-Token (TTFT), throughput, and resource utilisation
• Sovereign infrastructure: Keep all metrics and data within European datacentres
• Scalable by design: Automatically scale GPU inference replicas based on real workload demand

Context

Managed Kubernetes Service

OVHcloud MKS is a fully managed Kubernetes platform designed to help you deploy, operate, and scale containerised applications in production. It provides a secure and reliable Kubernetes environment without the operational overhead of managing the control plane.

How does this benefit you?

• Cost-efficient: Pay only for worker nodes and consumed resources, with no additional charge for the Kubernetes control plane
• Fully managed Kubernetes: Certified upstream Kubernetes with automated control plane management, provided upgrades and high availability
• Production-ready by design: Built-in integrations with OVHcloud Load Balancers, networking, and persistent storage
• Scalable and flexible: Scale workloads easily, node pools to match application demand
• Open and portable: Based on standard Kubernetes APIs, enable seamless integration with open-source ecosystems and avoid vendor lock-in

In the following guide, all services are deployed within the OVHcloud Public Cloud.

Architecture overview

This reference architecture demonstrates a basic deployment of vLLM for vision-language model inference on OVHcloud Managed Kubernetes Service, featuring:

• High-availability deployment with 2 GPU nodes (NVIDIA L40S)
• Optimised GPU utilisation with proper driver configuration
• Scalable infrastructure supporting vision-language models
• Comprehensive monitoring using Prometheus, Grafana, and DCGM
• Full observability for both application and hardware metrics

Data flow:

1. Inference request:
   • User → LoadBalancer → Gateway → NGINX Ingress → “Qwen3 VL” Service → vLLM Pod → GPU
   • Response follows reverse path with streaming support
2. Metrics collection:
   • vLLM Pods expose /metrics endpoint (port 8000)
   • DCGM Exporters expose GPU metrics (port 9400)
   • Prometheus scrapes both endpoints every 30 seconds
   • Grafana queries Prometheus for visualization
3. Load distribution
   • NGINX Ingress uses cookie-based session affinity
   • vLLM Service uses ClientIP session affinity
   • Anti-affinity ensures 1 pod per GPU node

Prerequisites

Before you begin, ensure you have:

• An OVHcloud Public Cloud account
• An OpenStack user with the Administrator role
• Hugging Face access – create a Hugging Face account and generate an access token
• kubectl already installed and helm installed (at least version 3.x)

🚀 Now you have all the ingredients, it’s time to deploy the recipe for Qwen/Qwen3-VL-8B-Instruct using vLLM and MKS!

Architecture guide: Native GPU deployment of vLLM on MKS with full stack observability

This reference architecture describes a Large Language Model deployment using vLLM inference server and Kubernetes, to enjoy the benefits of a service that’s both highly available and monitorable in real time.

Step 1 – Create MKS cluster and Node pools

From OVHcloud Control Panel, create a Kubernetes cluster using the MKS.

Navigate to: Public Cloud → Managed Kubernetes Service → Create a cluster

1. Configure cluster

Consider using the following configuration for the current use case:

• Name: vllm-deployment-l40s-qwen3-8b
• Location: 1-AZ Region – Gravelines (GRA11)
• Plan: Free (or Standard)
• Network: attach a Private network (e.g. 0000 - AI Private Network)
• Version: Latest stable (e.g. 1.34)

2. Create GPU Node pool

During the cluster creation, configure the vLLM Node pool for GPUs:

• Node pool name: vllm
• Flavor: L40S-90
• Number of nodes: 2
• Autoscaling: Disabled (OFF)

Why L40S-90?

• Cost-effective for single-model deployment (1 GPU per node)
• Sufficient RAM (90GB) for Qwen3-VL-8B model

You should see your cluster (e.g. vllm-deployment-l40s-qwen3-8b) in the list, along with the following information:

You can now set up the node pool dedicated to monitoring.

3. Create CPU Node pool

From your cluster, click on Add a node pool and configure it as follow:

• Node pool name: monitoring
• Flavor: B2-15
• Number of nodes: 1
• Autoscaling: Disabled (OFF)

✅ Note

Monitoring stack can run on GPU nodes if cost is a concern. Dedicated CPU node provides better isolation and resource management.

If the status is green with the OK label, you can proceed to the next step.

4. Configure Kubernetes access

Once your nodes have been provisioned, you can download the Kubeconfig file and configure kubectl with your MKS cluster.

# configure kubectl with your MKS cluster
export KUBECONFIG=/path/to/your/kubeconfig-xxxxxx.yml

# verify cluster connectivity
kubectl cluster-info
kubectl get nodes

Returning:

NAME                     STATUS   ROLES    AGE   VERSION
monitoring-node-xxxxxx   Ready    <none>   1d   v1.34.2
vllm-node-yyyyyy         Ready    <none>   1d   v1.34.2
vllm-node-zzzzzz         Ready    <none>   1d   v1.34.2

Before going further, add a label to the CPU node for monitoring workloads.

CPU_NODE=$(kubectl get nodes -o json | \
  jq -r '.items[] | select(.status.allocatable."nvidia.com/gpu" == null) | .metadata.name')
kubectl label node $CPU_NODE node-role=monitoring

Finally, check with the following command:

NAME                     GPU      ROLE
monitoring-node-xxxxxx   <none>   monitoring
vllm-node-yyyyyy         1        <none>
vllm-node-zzzzzz         1        <none>

Once both nodes are in Ready status, you can proceed to the next step.

Step 2 – Install GPU operator

To start, consider setting up the GPU operator.

✅ Note

This step is based on this OVHcloud documentation: Deploying a GPU application on OVHcloud Managed Kubernetes Service

1. Add NVIDIA helm repository and create namespace

Add NVIDIA helm repo:

helm repo add nvidia https://helm.ngc.nvidia.com/nvidia
helm repo update

And create Namespace as follow.

kubectl create namespace gpu-operator

2. Install GPU operator with correct configuration

The GPU Operator must be configured with specific driver versions to ensure compatibility with vLLM containers.

However, the default installation uses recent drivers (580.x with CUDA 13.x) which are incompatible with vLLM containers (CUDA 12.x).

Solution: Force driver version 535.183.01 (CUDA 12.2).

helm install gpu-operator nvidia/gpu-operator \
  -n gpu-operator \
  --set driver.enabled=true \
  --set driver.version="535.183.01" \
  --set toolkit.enabled=true \
  --set operator.defaultRuntime=containerd \
  --set devicePlugin.enabled=true \
  --set dcgmExporter.enabled=true \
  --set dcgmExporter.image="dcgm-exporter" \
  --set dcgmExporter.version="3.1.7-3.1.4-ubuntu20.04" \
  --set gfd.enabled=true \
  --set migManager.enabled=false \
  --set nodeStatusExporter.enabled=true \
  --set validator.driver.enable=false \
  --set validator.toolkit.enable=false \
  --set validator.plugin.enable=false \
  --timeout 20m

✅ Note

Specifying the DCGM version may only be necessary if you encounter problems with the default image (e.g. ‘ImagePullBackOff’). If this is the case, add the following parameters:
--set dcgmExporter.repository="nvcr.io/nvidia/k8s"
--set dcgmExporter.image="dcgm-exporter"
--set dcgmExporter.version="3.1.7-3.1.4-ubuntu20.04"

kubectl get pods -n gpu-operator

Note that all pods should reach Running state in 5-10 minutes.

You can also check the GPU availability:

kubectl get nodes -o json | jq -r '.items[] | select(.status.allocatable."nvidia.com/gpu" != null) | "\(.metadata.name): \(.status.allocatable."nvidia.com/gpu") GPU(s)"'

Returning:

vllm-node-yyyyyy: 1 GPU(s)
vllm-node-zzzzzz: 1 GPU(s)

And you can test to run nvidia-smi:

DRIVER_POD=$(kubectl get pods -n gpu-operator -l app=nvidia-driver-daemonset -o name | head -1)
kubectl exec -n gpu-operator $DRIVER_POD -- nvidia-smi

If GPU tests are working properly, you can move on DCGM service configuration.

3. Configure DCGM service

Why is DCGM Exporter required?

DCGM (Data Centre GPU Manager) is NVIDIA’s official tool for monitoring GPUs in production. The goal is to be able to collect and display metrics from both GPU nodes.

The metrics provided are:

• DCGM_FI_DEV_GPU_UTIL – GPU utilisation (%)
• DCGM_FI_DEV_GPU_TEMP – GPU temperature (°C)
• DCGM_FI_DEV_FB_USED – VRAM used (MB)
• DCGM_FI_DEV_FB_FREE – Free VRAM (MB)
• DCGM_FI_DEV_POWER_USAGE – Power consumption (W)
• And 50+ other GPU metrics

Next, ensure DCGM service has the correct labels and port configuration:

kubectl patch svc nvidia-dcgm-exporter -n gpu-operator --type merge -p '{
  "metadata": {
    "labels": {
      "app": "nvidia-dcgm-exporter"
    }
  },
  "spec": {
    "ports": [
      {
        "name": "metrics",
        "port": 9400,
        "targetPort": 9400,
        "protocol": "TCP"
      }
    ]
  }
}'

Verify the endpoints (should show 2 IPs, one per GPU node).

kubectl get endpoints nvidia-dcgm-exporter -n gpu-operator

NAME                   ENDPOINTS                       AGE
nvidia-dcgm-exporter   x.x.x.x:9400,x.x.x.x:9400   17d

Step 3 – Deploy Qwen3 VL 8B with vLLM inference server

The deployment of the Qwen 3 VL 8B model on two L40S GPU nodes is carried out in several stages.

1. Create namespace and Hugging Face secret

Start by creating Namespace:

kubectl create namespace vllm

Next, you must retrieve your Hugging Face token and replace the HF_TOKEN value by your own:

export HF_TOKEN="hf_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Create your secret as follow:

kubectl create secret generic huggingface-secret \
  --from-literal=token=$HF_TOKEN \
  --namespace=vllm

Verify you obtain the following output by launching:

kubectl get secret huggingface-secret -n vllm

NAME                 TYPE     DATA   AGE
huggingface-secret   Opaque   1      14d

2. Create vLLM deployment configuration

First, you can create vllm-deployment-2nodes.yaml file.

Deploy vLLM:

kubectl apply -f vllm-deployment-2nodes.yaml

You can monitor the deployment (it should take 8-10 minutes for model download and loading).

kubectl get pods -n vllm -o wide -w

Expected output after 10 minutes:

NAME               READY  STATUS   RESTARTS  AGE  IP       NODE  
qwen3-vl-xxxx-yyy  1/1    Running  0         1d   X.X.X.X  vllm-node-yyyyyy
qwen3-vl-xxxx-zzz  1/1    Running  0         1d   X.X.X.X  vllm-node-zzzzzz

You can also check the container logs:

kubectl logs -f -n vllm <pod-name>

You should find in the logs: “Uvicorn running on http://0.0.0.0:8000“

Is everything installed correctly? Then let’s move on to the next step.

3. Add service label

Ensure service has the correct label for ServiceMonitor discovery.

kubectl label svc qwen3-vl-service -n vllm app=qwen3-vl --overwrite

You can now verify by launching the following command.

kubectl get svc qwen3-vl-service -n vllm --show-labels | grep "app=qwen3-vl"

Returning:

qwen3-vl-service  ClusterIP  X.X.X.X  <none> 8000/TCP 1d  app=qwen3-vl

Step 4 – Install NGINX ingress controller

⚠️ Moving beyond Ingress

Follow this tutorial if you want to use Gateway instead of Ingress.

1. Add helm repository and configure Ingress

First of all, add helm repository:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

Create configuration file with ingress-nginx-values.yaml.

Then, install NGINX Ingress:

helm install ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx \
  --create-namespace \
  -f ingress-nginx-values.yaml \
  --wait

Wait for LoadBalancer IP. The external IP assignment should take 1-2 minutes.

kubectl get svc -n ingress-nginx ingress-nginx-controller -w

Once <EXTERNAL-IP> is no longer , Ctrl+C and export it:

export EXTERNAL_IP=<EXTERNAL-IP>
echo "API URL: http://$EXTERNAL_IP"

2. Create vLLM Ingress resource

Next, create vLLM Ingress using vllm-ingress.yaml.

Apply it as follow:

kubectl apply -f vllm-ingress.yaml

You can now test different API calls to verify that your deployment is functional.

3. Test API

Firstly, check if the model is available:

curl http://$EXTERNAL_IP/v1/models | jq

{
  "object": "list",
  "data": [
    {
      "id": "qwen3-vl-8b",
      "object": "model",
      "created": 1772472143,
      "owned_by": "vllm",
      "root": "Qwen/Qwen3-VL-8B-Instruct",
      "parent": null,
      "max_model_len": 8192,
      "permission": [
        {
          "id": "modelperm-8fb35cdd3208b068",
          "object": "model_permission",
          "created": 1772472143,
          "allow_create_engine": false,
          "allow_sampling": true,
          "allow_logprobs": true,
          "allow_search_indices": false,
          "allow_view": true,
          "allow_fine_tuning": false,
          "organization": "*",
          "group": null,
          "is_blocking": false
        }
      ]
    }
  ]
}

Next, test inference using the following request:

curl http://$EXTERNAL_IP/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "qwen3-vl-8b",
    "messages": [{"role": "user", "content": "Count from 1 to 10."}],
    "max_tokens": 100
  }' | jq '.choices[0].message.content'

"1, 2, 3, 4, 5, 6, 7, 8, 9, 10"

Great! You’re almost there…

Step 5 – Install Prometheus stack

Now, set up the monitoring stack that provides complete observability for application-level (vLLM) and hardware-level (GPU) metrics:

1. Add helm repository and create namespace

Add Prometheus helm repo:

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update

Then, create the monitoring Namespace.

kubectl create namespace monitoring

2. Create Prometheus deployment configuration and installation

First, create prometheus.yaml file.

Install Prometheus stack:

helm install prometheus prometheus-community/kube-prometheus-stack \
  -n monitoring \
  -f prometheus.yaml \
  --timeout 10m \
  --wait

Now, monitor its installation and wait until the pods are ready:

kubectl get pods -n monitoring -w

If all pods are running successfully, you can proceed to the next step.

3. Check that the installation is operational

First access Grafana in background:

kubectl port-forward -n monitoring svc/prometheus-grafana 3000:80 &

Test Grafana health:

curl -s http://localhost:3000/api/health | jq

{
  "database": "ok",
  "version": "12.3.3",
  "commit": "2a14494b2d6ab60f860d8b27603d0ccb264336f6"
}

You can now access to Grafana locally via http://localhost:3000. You will have to use:

• Login: admin
• Password: Admin123!vLLM

Well done! You can now proceed to the configuration step.

Step 6 – Configure ServiceMonitors

The ServiceMonitors is used to tell Prometheus which endpoints to scrape for metrics.

1. Create vLLM ServiceMonitor

Retrieve the file from the GitHub repository: vllm-servicemonitor.yaml.

Next, apply and check that the ServiceMonitor vllm-metrics exists:

kubectl apply -f vllm-servicemonitor.yaml
kubectl get servicemonitor -n vllm

2. Create DCGM ServiceMonitor

First, create the dcgm-servicemonitor.yaml file.

Once again, apply and verify:

kubectl apply -f dcgm-servicemonitor.yaml
kubectl get servicemonitor -n gpu-operator

gpu-operator                  1d
nvidia-dcgm-exporter          1d
nvidia-node-status-exporter   1d

3. Configure Prometheus for Cross-Namespace discovery

Apply a patch to allow Prometheus to discover ServiceMonitors in all namespaces.

kubectl patch prometheus prometheus-kube-prometheus-prometheus -n monitoring --type merge -p '{
  "spec": {
    "serviceMonitorNamespaceSelector": {},
    "podMonitorNamespaceSelector": {}
  }
}'

Now you have to restart Prometheus.

1. Delete Prometheus pod to force configuration reload
2. Wait for Prometheus to restart

kubectl delete pod prometheus-prometheus-kube-prometheus-prometheus-0 -n monitoring

kubectl wait --for=condition=Ready \
  pod/prometheus-prometheus-kube-prometheus-prometheus-0 \
  -n monitoring \
  --timeout=180s

Wait about 2 minutes for discovery and finally, verify targets:

kubectl port-forward -n monitoring \
  prometheus-prometheus-kube-prometheus-prometheus-0 9090:9090 &

You can open in browser: http://localhost:9090/targets and search for:

• vllm
• dcgm

Note that the expected targets are:

• serviceMonitor/vllm/vllm-metrics/0 (2/2 UP)
• serviceMonitor/gpu-operator/nvidia-dcgm-exporter/0 (2/2 UP)

Step 7 – Create Grafana dashboards

In this final step, the goal is to create two Grafana dashboards to track both the software side with vLLM metrics and the hardware metrics that will monitor the GPU consumption and system.

1. vLLM application metrics

The dashboard provides insights into vLLM application performance, request handling, and resource utilization based on the following metrics:

This vLLM Grafana dashboard is composed of 23 panels:

The dashboard provides insights into LLM application performance, request handling, and resource utilisation based on the previous metrics.

Now create the dashboard using vllm-app-dashboard.json. Then, launch:

echo "Importing vLLM application dashboard..."
curl -X POST \
  'http://localhost:3000/api/dashboards/db' \
  -H 'Content-Type: application/json' \
  -u 'admin:Admin123!vLLM' \
  -d @vllm-app-dashboard.json | jq '.status, .url'

Next, you an access the vLLM dashboard and follow metrics in real time:

This dashboard is also essential to track hardware consumption for comprehensive monitoring.

2. GPU hardware metrics

Take advantage of the most useful DCGM metrics to check both the functioning and consumption of your hardware resources:

This hardware Grafana dashboard is composed of 13 panels with GPU hardware and system metrics. A detailed view is also available GPU util (%), temperature (°C), vRAM (GB) and power (Watt).

Please refer to hardware-dashboard.json by loading it as follows:

echo "Importing hardware dashboard..."
curl -X POST \
  'http://localhost:3000/api/dashboards/db' \
  -H 'Content-Type: application/json' \
  -u 'admin:Admin123!vLLM' \
  -d @hardware-dashboard.json | jq '.status, .url'

Finally, track resource consumption using this hardware dashboard:

Congratulations! Everything is working. You can now test your model and track the various metrics in real time.

Step 8 – LLM testing and performance tracking

Start by installing Python dependencies:

pip3 install openai tqdm

Replace the <EXTERNAL_IP> by the vLLM service external IP and launch the performance test thanks to the following Python code:

import time
import threading
import random
from statistics import mean
from openai import OpenAI
from tqdm import tqdm

APP_URL = "http://94.23.185.22/v1"
MODEL = "qwen3-vl-8b"

CONCURRENT_WORKERS = 500          # concurrency
REQUESTS_PER_WORKER = 10
MAX_TOKENS = 200                  # generation pressure

# some random prompts
SHORT_PROMPTS = [
    "Summarize the theory of relativity.",
    "Explain what a transformer model is.",
    "What is Kubernetes autoscaling?"
]

MEDIUM_PROMPTS = [
    "Explain how attention mechanisms work in transformer-based models, including self-attention and multi-head attention.",
    "Describe how vLLM manages KV cache and why it impacts inference performance."
]

LONG_PROMPTS = [
    "Write a very detailed technical explanation of how large language models perform inference, "
    "including tokenization, embedding lookup, transformer layers, attention computation, KV cache usage, "
    "GPU memory management, and how batching affects latency and throughput. Use examples.",
]

PROMPT_POOL = (
    SHORT_PROMPTS * 2 +
    MEDIUM_PROMPTS * 4 +
    LONG_PROMPTS * 6    # bias toward long prompts
)

# openai compliance
client = OpenAI(
    base_url=APP_URL,
    api_key="foo"
)

# basic metrics
latencies = []
errors = 0
lock = threading.Lock()

# worker
def worker(worker_id):
    global errors
    for _ in range(REQUESTS_PER_WORKER):
        prompt = random.choice(PROMPT_POOL)

        start = time.time()
        try:
            client.chat.completions.create(
                model=MODEL,
                messages=[{"role": "user", "content": prompt}],
                max_tokens=MAX_TOKENS,
                temperature=0.7,
            )
            elapsed = time.time() - start

            with lock:
                latencies.append(elapsed)

        except Exception as e:
            with lock:
                errors += 1

# run
threads = []
start_time = time.time()

print("\n-> STARTING PERFORMANCE TEST:")
print(f"Concurrency: {CONCURRENT_WORKERS}")
print(f"Total requests: {CONCURRENT_WORKERS * REQUESTS_PER_WORKER}")

for i in range(CONCURRENT_WORKERS):
    t = threading.Thread(target=worker, args=(i,))
    t.start()
    threads.append(t)

for t in threads:
    t.join()

total_time = time.time() - start_time

# results
print("\n-> BENCH RESULTS:")
print(f"Total requests sent: {len(latencies) + errors}")
print(f"Successful requests: {len(latencies)}")
print(f"Errors: {errors}")
print(f"Total wall time: {total_time:.2f}s")

if latencies:
    print(f"Avg latency: {mean(latencies):.2f}s")
    print(f"Min latency: {min(latencies):.2f}s")
    print(f"Max latency: {max(latencies):.2f}s")
    print(f"Throughput: {len(latencies)/total_time:.2f} req/s")

Returning:

-> STARTING PERFORMANCE TEST:
Concurrency: 500
Total requests: 5000

-> BENCH RESULTS:
Total requests sent: 5000
Successful requests: 5000
Errors: 0
Total wall time: 225.54s
Avg latency: 21.45s
Min latency: 6.06s
Max latency: 25.19s
Throughput: 22.17 req/s

Don’t forget to track GPU and vLLM metrics in your Grafana dashboards!

Conslusion

This reference architecture demonstrates a vLLM deployment on OVHcloud Managed Kubernetes Service (MKS) with comprehensive GPU monitoring. Benefits include:

• High Performance: GPU-accelerated inference with L40S
• Scalability: Kubernetes-native, horizontal scaling-ready
• Reliability: Health checks, auto-restart, monitoring
• API Compatibility: OpenAI-compatible endpoints
• Multimodality: Vision & text capabilities
• Full stack monitoring: Complete vLLM application and hardware dashboards

Going Further

Your current architecture is functional. However, if desired, it could be improved into a full production-ready solution.

Wish to take production hardening a step further?

Go further with the following enhancements:

1. Authentication & authorization
   • vLLM API authentication
   • Grafana authentication
   • Prometheus security
2. High availability & load balancing
   • Grafana high availability with multiple replicas and shared storage
   • Prometheus high availability
   • vLLM Horizontal Pod Autoscaling (HPA) based on custom metrics
3. Data persistence & backup
   • Prometheus long-term storage with persistent storage
   • Grafana Dashboard Backup
4. Observability enhancements
   • Distributed tracing by adding OpenTelemetry for request tracing
   • Alerting rules with production-ready alert rules

Blockchain is a decentralized database technology that tries to approach very important questions in a different way to traditional (centralized) databases. Ultimately, these questions boil down to:

• What is the truth?
• Who gets the last word on what the truth is?

In information management circles, we’ve tried to find a way to the ‘single source of truth’ for decades. Information sprawls. Being able to have a definitive answer on any one matter – whether that’s the last version of a memo or the real-time stock in a retail store – is incredibly valuable.

After all, if you’ve worked in an office for any length of time, you’ve probably renamed a file to something like ‘version 2.5 final final THIS ONE’ – and inevitably, it’s not ‘final’. This analogy doesn’t quite work because blockchain isn’t a file storage technology, but we’ll come back to that later.

Blockchain’s answer to defining truth is democratic. As its name suggests, information is stored in blocks, and these blocks are linked together in a chain. The order of this chain is documented, so once a change is made, it becomes an indelible part of ‘history.’ This establishes ‘truth’ by tying historical facts (or transactions) together so that one is linked to the next – and altering one event means altering the entire chain of events, rather like needing to rewrite an entire history book from the change of one small detail.

Let’s look at an example in practice.

When a change occurs in a blockchain network (like buying a cup of coffee with cryptocurrency) the information is sent to the network and preliminary checks are done – for example, checking that you have enough money to buy the coffee.

If there are any blockchain experts reading this, let’s assume it was a very expensive and significant coffee, because smaller transactions are often handled slightly differently in blockchain, in what we call Layer 2 Networks. We’ll come back to these later in the series.

Once the transaction has been verified, it’s then packaged up with other transactions to form a block and linked to the previous block in turn.

Next, the network has to make sure that the block is valid. This is done through a process called consensus, or validation, and is handled slightly differently depending on the network. Bitcoin uses a system called ‘Proof of Work,’ where different users work to verify complex equations that prove that the block’s contents haven’t been altered and that it does really link to the previous block. If anything has changed in the block since it was submitted, the equation doesn’t work and the block is rejected.

This is a computationally intensive process and requires a lot of electricity, particularly at scale. At one point, Bitcoin used as much electricity as all of Norway, so there are many other alternatives. For example, Solana uses ‘Proof of Stake,’ where the parties involved in verifying the block put forward assets (in this case, actual cryptocurrency). Then, the lead validator builds the block and adds a digital signature to it so as to say that they checked it, and that they have a real stake in the matter (i.e. money). This data is then re-checked by other validators, who vote on the validity. If there are enough ‘yes’ votes, then the block is agreed upon.

Of course, this does rely on trust, but there are usually big penalties for validators who ‘cheat.’ For example, they can have their stake removed, and/or they can be restricted from contributing to validation in future.

Solana also uses a system called ‘Proof of History’ to help it process a large number of transactions, which is a bit different to other systems.

But once approved, the block is then officially part of the chain, and the transaction can be completed – and you can get your Americano.

To define blockchain in another way: it creates a system of establishing trust and control without one single authority. Trust is distributed between all the different parties involved in the network. In fact, almost anyone can become a blockchain validator, although each network has its own requirements to do so.

As we’ve seen, blockchain is much bigger than just Bitcoin; the distributed database structure can be applied to all kinds of settings. We’ve seen organizations using blockchain to verify where tuna fish were caught, to ensure that they were ethically fished, and that the handling of said tuna could be traced from supermarket to distributor, and back to the person who caught them in the ocean.

Another major application for blockchain is in identity verification. Blockchain systems can help to check the validity of something without violating its privacy.

For example, imagine that you’ve discovered the famous Narnia wardrobe. You’ve decided to try to prevent people from sneaking in and causing chaos, so you’ve created a password-protected way to get in. You’re trying to qualify for state support to redevelop your house into a tourist attraction, so you need to prove that the wardrobe is the real deal. On the other hand, you don’t want to just give out the password because you’ll have government officials popping in and out all the time, conjuring infinite amounts of Turkish Delight and smuggling talking badgers out under their coats.

Blockchain’s answer to this is simple: you pop inside and take a selfie with Aslan and Mr. Tumnus, showing conclusively that you have access. This is how Self-sovereign identity works, which requires blockchain to link the wardrobe with the selfie. The two need to be linked – after all, you could have just popped into your friend’s magical wardrobe and taken a photo of some other lion and faun!

Many age-verification systems work in similar ways. For example, in many countries it’s illegal to give credit to someone under 18, so having a credit card is proof that you’re older than this, without having to show your passport or driving license. And in this case, it’s vital to show that the credit card is linked to the person using it, or the system doesn’t work.

Finally, it’s worth knowing that there are a number of different ecosystems within blockchain. Although they’re not strictly specialized, we can generalize that Bitcoin is focused on currency, Solana tends to being more of a platform for decentralized apps, and Ethereum is known for facilitating transactions quickly and making use of smart contracts – an ecosystem similar to Avalanche, but Avalanche has a modular approach focused on speed.

This picture is further muddied by the fact that there are public and private blockchains, which are also subdivided, but which essentially dictate who can see the blockchain and who has permission to be on it.

In our next blog post, we’ll go into a bit more detail about the blockchain world, focusing on the truths that IT leaders need to know. In the meantime, if you want a clearer, more practical view of how blockchain fits into real-world infrastructure, you can explore our resources and customer success stories on our website.

• 👤 Invitée : Annabelle KOSTER
  • X : @AnnabelleKoster
  • LinkedIn : https://www.linkedin.com/in/annabelle-koster/
• 🗓️ Date d’enregistrement : 20 mars 2026
• 🎧 Lien vers l’épisode

👤 Présentation d’Annabelle – ⏱️ 1″07s

https://www.linkedin.com/posts/annabelle-koster_devfestnantes-hbcnantes-benevolat-activity-7440291032937955328-B5Lf

📰 News Techs 

🤖 Intelligence Artificielle – ⏱️ 51″30s

Vibe coder quand on est pas tech !

Claude Code Security

https://claude.com/fr-fr/solutions/claude-code-security

LLM Stats

https://llm-stats.com

👩‍💻 Développement – ⏱️ 1h02″26s

JDK 26 est disponible

https://javaalmanac.io/jdk/26

🎤 Conférences / meetup – ⏱️ 1h03″52s

https://developers.events/

Le prochain DevFest Nantes

https://devfest.gdgnantes.com/en

Les conférences tech à l’ère de l’IA?

Les conférences où on peut voir Annabelle ?

25 ans de communauté PHP en France. Et pour la première fois, notre avenir nous inquiète vraiment

https://www.linkedin.com/feed/update/urn:li:activity:7439675466615013376

Tremplin DevFest Toulouse organisé par Tech Speak’Her

https://lnkd.in/eskPByuW

💡 Retrouvez l’ensemble des autres épisodes ici : https://smartlink.ausha.co/tranches-de-tech 💡

You can find the full code example in the GitHub repository.

In this article, we will explore how to perform OCR (Optical Character Recognition) on images using a vision-capable LLM, the OpenAI Python library, and OVHcloud AI Endpoints.

Introduction to OCR with Vision Models

Optical Character Recognition has been around for decades, but traditional OCR engines often struggle with complex layouts, handwritten text, or noisy images. Vision-capable Large Language Models bring a new approach: instead of relying on specialized OCR pipelines, you can simply send an image to a model that understands both visual and textual content.

In this example, we use the OpenAI Python library to create a simple OCR script powered by a vision model hosted on OVHcloud AI Endpoints.

The whole application is a single Python file:  no complex setup, just pip install openai and you’re ready to go.

Setting up the Environment Variables

Before running the script, you need to set the following environment variables:

export OVH_AI_ENDPOINTS_ACCESS_TOKEN="your-access-token"
export OVH_AI_ENDPOINTS_MODEL_URL="https://your-model-url"
export OVH_AI_ENDPOINTS_VLLM_MODEL="your-vision-model-name"

You can find how to create your access token, model URL, and model name in the AI Endpoints catalog. Make sure to choose a vision-capable model from the AI Endpoints catalog.

Installing Dependencies

The only dependency is the OpenAI Python library:

pip install openai

Define the System Prompt

The first step is to define a system prompt that describes what our OCR service does. This prompt tells the model how to behave:

SYSTEM_PROMPT = """You are an expert OCR engine.
Extract every piece of text visible in the provided image.
Preserve the original layout as faithfully as possible (line breaks, columns, tables).
Do NOT interpret, summarise, or translate the content.
Use markdown formatting to represent the layout (e.g. tables, lists).
If the image contains no text, reply with: "No text found."
"""

We tell it to behave as an expert OCR engine, to preserve the original layout, and to use markdown formatting for structured content like tables or lists.

Load the Image

Before sending the image to the model, we need to encode it as a base64 string. Here is a simple helper function that reads a local PNG file and returns a base64-encoded string:

import base64
from pathlib import Path

def load_image_as_base64(path: Path) -> str:
    """Load a local image and encode it as base64."""
    with open(path, "rb") as f:
        return base64.b64encode(f.read()).decode("utf-8")

The base64-encoded data is what gets sent to the vision model as part of the prompt.

Extract Text from the Image

The extract_text function sends the image to the vision model and returns the extracted text:

def extract_text(client: OpenAI, image_base64: str, model: str) -> str:
    """Extract text from an image using the vision model."""
    response = client.chat.completions.create(
        model=model,
        temperature=0.0,
        messages=[
            {"role": "system", "content": SYSTEM_PROMPT},
            {
                "role": "user",
                "content": [
                    {
                        "type": "image_url",
                        "image_url": {
                            "url": f"data:image/png;base64,{image_base64}"
                        }
                    }
                ]
            }
        ]
    )
    return response.choices[0].message.content

The image is passed as a data URL inside the image_url field, following the OpenAI Vision API format. The temperature is set to 0.0 because we want deterministic, faithful text extraction and not creative output.

Configure the Client

This example uses a vision-capable model hosted on OVHcloud AI Endpoints. Since AI Endpoints exposes an OpenAI-compatible API, we use the OpenAI client and just point it to the OVHcloud endpoint:

import os
from openai import OpenAI

client = OpenAI(
    api_key=os.getenv("OVH_AI_ENDPOINTS_ACCESS_TOKEN"),
    base_url=os.getenv("OVH_AI_ENDPOINTS_MODEL_URL"),
)

model_name = os.getenv("OVH_AI_ENDPOINTS_VLLM_MODEL")

A few things to note:

• The API key, base URL, and model name are read from environment variables.
• The OpenAI library is compatible with any OpenAI compatible API, making it perfect for use with AI Endpoints.

Assemble and Run

With the client configured, extracting text from an image is straightforward:

image_base64 = load_image_as_base64(Path("./doc.png"))
result = extract_text(client, image_base64, model_name)
print(result)

And that’s it!

Here is the image used for this example:

And the result:

$ python ocr_demo.py
📄 Loading image: doc.png
🔍 Running OCR with Qwen2.5-VL-72B-Instruct via OVHcloud AI Endpoints...

📝 Extracted text 📝
Every month, the OVHcloud Developer Advocate team creates content, shares knowledge, and connects with the tech community. Here’s a look at what we did in March 2026. 🚀

🎙️ “Tranches de Tech” – Our monthly podcast

A new episode of our French-language podcast Tranches de Tech🥑 just dropped!

🎧 Episode 102: Tranches de Tech #26 – Architecte, c’est une bonne situation ça ?

This month we sat down with Alexandre Touret, Architect at Worldline to discuss the evolving role of software architects and the growing impact of AI on development practices. From Spotify’s claim that their devs no longer code, to agentic tools like OpenClaw and Claude Code reshaping workflows. We also cover ANSSI’s revised open-source policy, IBM tripling junior hires, and the critical responsibility of mentoring the next generation of developers in an AI-driven world.

📺 Live on Twitch

We streamed live on Twitch this month! Here’s what we covered:

🎥 Rémy Vandepoel discussed with Hugo Allabert and François Loiseau about our Public VCFaaS. Catch the replay on YouTube ▶️.

🎤 Conference Talks

The team hit the road (and the stage) at several conferences this month:

🇳🇱 KubeCon Amsterdam – Amsterdam, Netherlands 🇳🇱

Aurélie Vache gave a talk: The Ultimate Kubernetes Challenge: An Interactive Trivia Game

Conclusion

In this article, we have seen how to use a vision-capable LLM to perform OCR on images using the OpenAI Python library and OVHcloud AI Endpoints. The OpenAI library makes it very easy to send images to a vision model and extract text, and Python allows us to run the whole thing as a simple script.

You have a dedicated Discord channel (#ai-endpoints) on our Discord server (https://discord.gg/ovhcloud), see you there!

Every month, the OVHcloud Developer Advocate team creates content, shares knowledge, and connects with the tech community. Here’s a look at what we did in March 2026. 🚀

🎙️ “Tranches de Tech” – Our monthly podcast

A new episode of our French-language podcast Tranches de Tech 🥑 just dropped!

🎧 Episode 26: Tranches de Tech #26 – Architecte, c’est une bonne situation ça ?

This month we sat down with Alexandre Touret, Architect at Worldline to discuss the evolving role of software architects and the growing impact of AI on development practices. From Spotify’s claim that their devs no longer code, to agentic tools like OpenClaw and Claude Code reshaping workflows. We also cover ANSSI’s revised open-source policy, IBM tripling junior hires, and the critical responsibility of mentoring the next generation of developers in an AI-driven world.

📺 Live on Twitch

We streamed live on Twitch this month! Here’s what we covered:
🎥 Rémy Vandepoel discussed with Hugo Allabert and François Loiseau about our Public VCFaaS. Catch the replay on YouTube ▶️.

🎤 Conference Talks

The team hit the road (and the stage) at several conferences this month:

🏴󠁧󠁢󠁥󠁮󠁧󠁿 KubeCon Amsterdam – Amsterdam, Netherlands 🇳🇱

Aurélie Vache gave a talk: The Ultimate Kubernetes Challenge: An Interactive Trivia Game

🏴󠁧󠁢󠁥󠁮󠁧󠁿 Voxxed Days Zurich – Zurich, Switzerland 🇨🇭

Stéphane Philippart gave a talk: JBang, a Java file to rule them all? 💍

🤝 Community Engagement

We connected with the community through more than just conferences:

🏫 Meetup Tech Speak’Her & GDG Toulouse – March, 12 – Toulouse, France 🇫🇷

Aurélie Vache gave one talk: J’ai packagé mon application en image docker, et maintenant ?

🏫 IAAM meetup – March, 5 – Marseille, France 🇫🇷

Stéphane Philippart gave a talk: Et si on apprenait à une IA à jouer à chifoumi ? 🪨📃✂

🏫 Sopra Steria Code2Learn – March, 10, 17 & 18 – Lyon, Nantes, Rennes, France 🇫🇷

Stéphane Philippart gave three tech labs: 🧩 Développer avec l’IA : et si c’était aussi simple qu’ajouter une librairie ? 🤘

📝 Our latest blog posts

Here are the articles our team published on the OVHcloud Blog this month.

📝 Secure your Software Supply Chain with OVHcloud Managed Private Registry (MPR) — by Aurélie Vache

In this blog post, we explore how OVHcloud Managed Private Registry (MPR) can help you secure your software supply chain. We cover the key features of MPR, including vulnerability scanning, SBOM generation, signature and automation, to show you how to protect your container images and ensure the integrity of your applications.

💻 Code Samples and Open Source

We regularly publish code samples and open-source projects to help you get started with OVHcloud products. Check out our public-cloud-examples repository on GitHub.

New this month:

• 🆕 Work with Cilium contributors to implement Kubernetes traffic routing new fields: traffic distribution: support PreferSameZone and PreferSameNode
• 🆕 New release: OVHcloud Pulumi provider v2.12.0
• 🆕 Contributions in the new OVHcloud Terraform provider v2.12.0

🗓️ Coming up next

Here’s a sneak peek at what’s coming next.

🗓️ – April, 8 – 1h PM CET – Very Tech Talk Twitch about Managed Kubernetes Service (MKS)

📺 OVHcloud Twitch channel

🗓️ – April, 16 & 17 – MixIT, in Lyon

🎤 Aurélie Vache is giving one talk (Thursday the 16th at 2:40 PM): Comprendre Kubernetes de manière visuelle

🗓️ – April, 22 to 24 – Devoxx France, in Paris (several OVHcloud speakers 🎉)

🎁 Come and see us, OVHcloud will have a stand!

🎤 Aurélie Vache is giving one talk (Wednesday the 22nd at 5 PM): Question pour un cluster Kubernetes : Quiz sur Kubernetes & ses concepts

🎤 Stéphane Philippart is giving two talks:

• 🤖 Apprendre à notre IA à … apprendre 🧠 on Wednesday the 22nd at 10:30 AM
• Développer avec l’IA : et si c’était aussi simple qu’ajouter une librairie ? on Wednesday the 22nd at 1:30 PM with Mathieu Busquet from OVHcloud

But also other OVHclouders are giving talks! 🥳

• 🎤 Benoît Masson and Sébastien Chédor are giving one talk (Thursday the 23rd at 10:30 AM): ▣ QR Codes : suivez les points sans vous perdre ! ▣
• 🎤 Benoît Masson and Théo Bougé are giving one talk (Friday the 24th at 2:35 AM): Noms de domaines : la grande histoire des petites extensions
• 🎤 Fanny Bouton is giving one talk (Thursday the 23rd at 1:30 PM): Informatique quantique, ce coup-ci on vous dit tout !
• 🎤 Héla Ben Khalfallah is giving one talk (Friday the 24th at 3:30 PM): Refactorer sans tout casser: anatomie des patterns de modernisation incrémentale
• 🎤 Sébastien Ferrer is giving two talks:
  • Et si écrire du SQL redevenait cool ? on Friday the 24th at 3:30 PM
  • Détectives de la prod : résoudre l’enquête avant le crash on Friday the 24th at 2:35 PM

🗓️ New “Tranches de Tech” podcast episode

🎧 All episodes are available on Ausha and all your favorite podcast applications!

💬 Stay in Touch

Want to chat with us, share your thoughts, or just say hi? Here’s how to get in touch with the Developer Advocate team:

• 🟣 Discord: OVHcloud Discord server
• 🐦 X / Twitter: @OVHcloud
• 💼 LinkedIn: OVHcloud LinkedIn
• 🐙 GitHub: github.com/ovh

See you next month! 👋

They say superheroes are evolved humans. VMware Cloud Foundation 9 is becoming the evolved private cloud platform.

Not just a routine upgrade, VCF 9 represents an entire shift in how private cloud infrastructure is built, operated, and consumed, efficiently and cohesively.

When companies have traditionally modernized their infrastructure, they’ve upgraded it in pieces: whether compute, networking, storage or automation tools. But over time, this discombobulation can cause problems, including configuration inconsistency, upgrade schedule variations, tool sprawl, complex dependencies, higher operational risk…

Until today.

VCF 9 is reframing this old model, so that private cloud operations and cloud consumption can sit at the center of the platform, able to be upgraded in a coordinated, stack-wide manner. Unified by a single lifecycle engine and a consistent policy model, they can now enjoy integrated automation across the full stack.

For those organizations who may be modernizing VMware environments – especially those consuming managed services such as OVHcloud’s upcoming Private VMware Cloud Foundation as-a-Service – this shift has measurable operational and economic impact. They are being rescued by a new full-stack software platform, you might say.

Read on to better understand the future of VMware Cloud Foundation 9, and what it means for the future of private cloud.

1. One Interface for Private Cloud Operations

VCF 9 provides a unified operational experience through the VCF Operations Console.

Instead of managing lifecycle tasks across disconnected tools, administrators are gaining centralized visibility for:

• Fleet-wide lifecycle management
• Security posture and compliance
• Certificate and identity management
• Diagnostics and health monitoring
• Global upgrades and patch orchestration

This reduces one of the biggest hidden costs in enterprise infrastructure: operational drift.

According to an IDC Business Value study sponsored by Broadcom, organizations running VCF environments have reported:

• 61% faster deployment of new workloads
• 34% lower infrastructure costs compared to traditional three-tier environments

The key driver is not just automation, it’s platform consistency.

For customers consuming managed VCF services, that will translate into more predictable maintenance windows and reduced operational risk.

2. A Unified Cloud Consumption Experience

Private cloud only delivers full value when it behaves like cloud.

VCF 9 strengthens the consumption model through VCF Automation, and is providing:

• A modern self-service interface
• Unified APIs for infrastructure provisioning
• Infrastructure as Code support
• Policy-based governance built into deployment
• Integrated Virtual Private Cloud (VPC) constructs for multi-tenancy

This allows infrastructure teams to offer curated service catalogs or developer-driven IaaS consumption models – without having to sacrifice governance.

Instead of tickets and manual coordination, application teams will now be able to provision:

• Virtual machines
• Networking constructs
• Storage volumes
• Kubernetes clusters

All governed by centralized policies. The result: faster delivery with controlled oversight.

3. Memory Tiering with NVMe: Production-Ready Efficiency

With VCF 9, Advanced NVMe Memory Tiering allows NVMe devices to function as a second tier of memory, intelligently placing memory pages to extend effective capacity without scaling DRAM costs linearly. In a context where infrastructure costs and hardware availability are becoming critical constraints, this capability helps organizations extract more value from existing servers.

Key enhancements in VCF 9 include:

• DRS and vMotion awareness
• Mixed-cluster flexibility (enabled on some hosts or all)
• Redundancy support via multiple NVMe devices
• Encryption at VM and host level
• Default DRAM: NVMe ratio shift to 1:1 (2× memory by default), customizable up to 1:4

Broadcom internal testing observed:

• Up to 40% TCO savings for most workloads
• Up to 25–30% increased CPU utilization
• Improved VM consolidation ratios

These results depend on workload profiles, particularly environments with high allocated memory but lower active memory.

In practical terms, Memory Tiering allows organizations to run more workloads on the same hardware footprint, improving infrastructure efficiency at a time when compute capacity, DRAM availability, and cost pressures are increasingly shaping infrastructure decisions.

4. Cost Transparency Built Into the Platform

Private cloud economics are increasingly under scrutiny. VCF 9 integrates:

• Chargeback and showback capabilities
• Capacity planning and optimization insights
• Cost allocation across tenants
• Predictive modeling for infrastructure scaling

According to VMware’s internal cloud economics analysis, organizations may be even able to achieve:

40% cost reduction compared to native public cloud alternatives

Again, results vary by environment, but cost predictability is a core advantage of modern private cloud operating models.

5. Security, Sovereignty, and Governance by Design

VCF 9 reinforces security as a built-in platform layer:

• Centralized identity federation
• Certificate lifecycle management
• Compliance monitoring
• Integrated security operations visibility
• VPC-aware segmentation

This matters for regulated industries and sovereign cloud environments, where operational consistency and policy enforcement are not optional.

Private cloud becomes less about “location” and more about operating model: governance is embedded into infrastructure.

6. What This Means for OVHcloud Customers

VMware Cloud Foundation 9 is also changing how service providers design managed environments.

To align with the domain-based architecture and lifecycle model introduced in VCF 9, OVHcloud is developing a new offer: Private VMware Cloud Foundation as-a-Service.

Key elements include:

• VCF license portability to OVHcloud
• Enforced Identity and Access Management (IAM) policies (avoiding local user models)
• Pre-configured vSAN hosts within cluster designs
• Seamless maintenance window scheduling
• Roadmap including 1-AZ and 3-AZ stretched cluster versions (currently in Alpha for business-critical workloads)

It’s important to distinguish:

• VCF provides the unified platform. OVHcloud builds the managed operational framework around it.
• The goal is not just to run VCF 9, but to operationalize it cleanly, and at scale.

A Strategic Version, Not a Cosmetic One

VMware Cloud Foundation 9 marks a fundamental shift:

• From component integration to unified platform
• From manual lifecycle orchestration to fleet-wide automation
• From infrastructure provisioning to cloud consumption models
• From siloed tooling to consolidated operations

For infrastructure architects and CTOs, this version matters because it reduces friction across the entire private cloud lifecycle.

Less manual intervention.
More deterministic upgrades.
Better resource efficiency.
Stronger governance.

And for managed service customers, it means a private cloud that behaves like a cloud, but under your control.

VCF 9 is becoming the new private cloud platform built to meet modern demands head-on. Super, by design.

Find out more about VMware on OVHcloud: https://www.ovhcloud.com/en-ie/solutions/vmware/

Join the Alpha and be the first to test Private VMware Cloud Foundation as-a-Service: https://survey.ovh.com/index.php/547617?lang=en