Auto-update blog content from Obsidian: 2025-07-18 13:21:28

2025-07-18 13:21:28 +00:00
parent f272a529ee
commit 3e0a0cfd47
3 changed files with 408 additions and 20 deletions
--- a/content/post/8-create-manual-kubernetes-cluster-kubeadm.fr.md
+++ b/content/post/8-create-manual-kubernetes-cluster-kubeadm.fr.md
@@ -209,6 +209,98 @@ Cette étape va :
 Vous verrez aussi un message indiquant comment configurer l’accès `kubectl`.
 ```plaintext
 I0718 07:18:29.306814   14724 version.go:261] remote version is much newer: v1.33.3; falling back to: stable-1.32
 [init] Using Kubernetes version: v1.32.7
 [preflight] Running pre-flight checks
 [preflight] Pulling images required for setting up a Kubernetes cluster
 [preflight] This might take a minute or two, depending on the speed of your internet connection
 [preflight] You can also perform this action beforehand using 'kubeadm config images pull'
 W0718 07:18:29.736833   14724 checks.go:846] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm.It is recommended to use "registry.k8s.io/pause:3.10" as the CRI sandbox image.
 [certs] Using certificateDir folder "/etc/kubernetes/pki"
 [certs] Generating "ca" certificate and key
 [certs] Generating "apiserver" certificate and key
 [certs] apiserver serving cert is signed for DNS names [apex-master k8s-lab.lab.vezpi.me kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.66.167]
 [certs] Generating "apiserver-kubelet-client" certificate and key
 [certs] Generating "front-proxy-ca" certificate and key
 [certs] Generating "front-proxy-client" certificate and key
 [certs] Generating "etcd/ca" certificate and key
 [certs] Generating "etcd/server" certificate and key
 [certs] etcd/server serving cert is signed for DNS names [apex-master localhost] and IPs [192.168.66.167 127.0.0.1 ::1]
 [certs] Generating "etcd/peer" certificate and key
 [certs] etcd/peer serving cert is signed for DNS names [apex-master localhost] and IPs [192.168.66.167 127.0.0.1 ::1]
 [certs] Generating "etcd/healthcheck-client" certificate and key
 [certs] Generating "apiserver-etcd-client" certificate and key
 [certs] Generating "sa" key and public key
 [kubeconfig] Using kubeconfig folder "/etc/kubernetes"
 [kubeconfig] Writing "admin.conf" kubeconfig file
 [kubeconfig] Writing "super-admin.conf" kubeconfig file
 [kubeconfig] Writing "kubelet.conf" kubeconfig file
 [kubeconfig] Writing "controller-manager.conf" kubeconfig file
 [kubeconfig] Writing "scheduler.conf" kubeconfig file
 [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
 [control-plane] Using manifest folder "/etc/kubernetes/manifests"
 [control-plane] Creating static Pod manifest for "kube-apiserver"
 [control-plane] Creating static Pod manifest for "kube-controller-manager"
 [control-plane] Creating static Pod manifest for "kube-scheduler"
 [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
 [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
 [kubelet-start] Starting the kubelet
 [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests"
 [kubelet-check] Waiting for a healthy kubelet at http://127.0.0.1:10248/healthz. This can take up to 4m0s
 [kubelet-check] The kubelet is healthy after 501.894876ms
 [api-check] Waiting for a healthy API server. This can take up to 4m0s
 [api-check] The API server is healthy after 9.030595455s
 [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
 [kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
 [upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
 [upload-certs] Using certificate key:
 70614009469f9fc7a97c392253492c509f1884281f59ccd7725b3200e3271794
 [mark-control-plane] Marking the node apex-master as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
 [mark-control-plane] Marking the node apex-master as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
 [bootstrap-token] Using token: 8etamd.g8whseg60kg09nu1
 [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
 [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
 [bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
 [bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
 [bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
 [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
 [kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
 [addons] Applied essential addon: CoreDNS
 [addons] Applied essential addon: kube-proxy
 Your Kubernetes control-plane has initialized successfully!
 To start using your cluster, you need to run the following as a regular user:
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
 Alternatively, if you are the root user, you can run:
  export KUBECONFIG=/etc/kubernetes/admin.conf
 You should now deploy a pod network to the cluster.
 Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/
 You can now join any number of control-plane nodes running the following command on each as root:
  kubeadm join k8s-lab.lab.vezpi.me:6443 --token 8etamd.g8whseg60kg09nu1 \
        --discovery-token-ca-cert-hash sha256:65c4da3121f57d2e67ea6c1c1349544c9e295d78790b199b5c3be908ffe5ed6c \
        --control-plane --certificate-key 70614009469f9fc7a97c392253492c509f1884281f59ccd7725b3200e3271794
 Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
 As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
 "kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
 Then you can join any number of worker nodes by running the following on each as root:
 kubeadm join k8s-lab.lab.vezpi.me:6443 --token 8etamd.g8whseg60kg09nu1 \
        --discovery-token-ca-cert-hash sha256:65c4da3121f57d2e67ea6c1c1349544c9e295d78790b199b5c3be908ffe5ed6c
 ```
 ### Configurer `kubectl`
 Si vous préférez gérer votre cluster depuis le nœud master, vous pouvez simplement copier-coller depuis la sortie de la commande `kubeadm init` :
@@ -221,8 +313,7 @@ sudo chown $(id -u):$(id -g) $HOME/.kube/config
 Si vous préférez contrôler le cluster depuis autre part, dans mon cas depuis mon bastion LXC :
 ```bash
 mkdir -p $HOME/.kube
-scp <master node>:/etc/kubernetes/admin.conf $HOME/.kube/config
+rsync --rsync-path="sudo rsync" <master-node>:/etc/kubernetes/admin.conf $HOME/.kube/config
 chmod 600 ~/.kube/config
 ```
 Vérifiez l'accès :
@@ -234,7 +325,7 @@ kubectl get nodes
 ### Installer le Plugin CNI Cilium
-Depuis la [documentation Cilium](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/), Il y a 2 manières principales pour installer le CNI : utiliser la CLI Cilium ou Help, pour ce lab je vais utiliser l'outil CLI.
+Depuis la [documentation Cilium](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/), Il y a 2 manières principales pour installer le CNI : utiliser la **CLI Cilium** ou **Helm**, pour ce lab je vais utiliser l'outil CLI.
 #### Installer la CLI Cilium 
@@ -251,41 +342,278 @@ rm cilium-linux-amd64.tar.gz{,.sha256sum}
 Installer Cilium dans le cluster Kubernetes pointé par le contexte `kubectl` :
 ```bash
-cilium install --version 1.17.6
+cilium install
 ```
 ```plaintext
 __   Using Cilium version 1.17.5
 __ Auto-detected cluster name: kubernetes
 __ Auto-detected kube-proxy has been installed
 ```
 #### Valider l'Installation
 Pour valider que Cilium a été installé correctement :
 ```bash
 cilium status --wait
 ```
 ```plaintext
    /__\
 /__\__/__\    Cilium:             OK
 \__/__\__/    Operator:           OK
 /__\__/__\    Envoy DaemonSet:    OK
 \__/__\__/    Hubble Relay:       disabled
    \__/       ClusterMesh:        disabled
-Pour vérifier que votre cluster dispose d'une connectivité réseau appropriée :
+DaemonSet              cilium                   Desired: 1, Ready: 1/1, Available: 1/1
-```bash
+DaemonSet              cilium-envoy             Desired: 1, Ready: 1/1, Available: 1/1
-cilium connectivity test
+Deployment             cilium-operator          Desired: 1, Ready: 1/1, Available: 1/1
 Containers:            cilium                   Running: 1
                       cilium-envoy             Running: 1
                       cilium-operator          Running: 1
                       clustermesh-apiserver    
                       hubble-relay             
 Cluster Pods:          0/2 managed by Cilium
 Helm chart version:    1.17.5
 Image versions         cilium             quay.io/cilium/cilium:v1.17.5@sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6: 1
                       cilium-envoy       quay.io/cilium/cilium-envoy:v1.32.6-1749271279-0864395884b263913eac200ee2048fd985f8e626@sha256:9f69e290a7ea3d4edf9192acd81694089af048ae0d8a67fb63bd62dc1d72203e: 1
                       cilium-operator    quay.io/cilium/operator-generic:v1.17.5@sha256:f954c97eeb1b47ed67d08cc8fb4108fb829f869373cbb3e698a7f8ef1085b09e: 1
 ```
 Une fois installé, le nœud master doit passer au statut `Ready`.
 ```plaintext
 NAME          STATUS   ROLES           AGE   VERSION
 apex-master   Ready    control-plane   99m   v1.32.7
 ```
 ---
 ## Ajouter les Nœuds Supplémentaires
-## Join Additional Nodes
+Après avoir initialisé le premier nœud du control plane, vous pouvez maintenant **ajouter les autres nœuds** au cluster.
-### 	Join Masters
+Il existe deux types de commandes `join` :
 - Une pour rejoindre les **nœuds du control plane (masters)**
 - Une pour rejoindre les **nœuds workers**
-    Creating the control-plane join command
+Ces commandes sont affichées à la fin de la commande `kubeadm init`. Si vous ne les avez pas copiées, il est possible de les **régénérer**.
-    Syncing PKI and etcd certs
+⚠️ Les certificats et la clé de déchiffrement **expirent au bout de deux heures**.
-    Running kubeadm join on master 2 and 3
+### Ajouter des Masters
 ### 	Join Workers
-    Generating and running the worker kubeadm join command
+Vous pouvez maintenant ajouter d'autres nœuds du control plane en exécutant la commande fournie par `kubeadm init` :
 ```bash
 sudo kubeadm join <control-plane-endpoint> --token <token> --discovery-token-ca-cert-hash <discovery-token-ca-cert-hash> --control-plane --certificate-key <certificate-key>
 ```
 ```plaintext
 [preflight] Running pre-flight checks
 [preflight] Reading configuration from the "kubeadm-config" ConfigMap in namespace "kube-system"...
 [preflight] Use 'kubeadm init phase upload-config --config your-config.yaml' to re-upload it.
 [preflight] Running pre-flight checks before initializing the new control plane instance
 [preflight] Pulling images required for setting up a Kubernetes cluster
 [preflight] This might take a minute or two, depending on the speed of your internet connection
 [preflight] You can also perform this action beforehand using 'kubeadm config images pull'
 W0718 09:27:32.248290   12043 checks.go:846] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm.It is recommended to use "registry.k8s.io/pause:3.10" as the CRI sandbox image.
 [download-certs] Downloading the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
 [download-certs] Saving the certificates to the folder: "/etc/kubernetes/pki"
 [certs] Using certificateDir folder "/etc/kubernetes/pki"
 [certs] Generating "etcd/server" certificate and key
 [certs] etcd/server serving cert is signed for DNS names [localhost vertex-master] and IPs [192.168.66.169 127.0.0.1 ::1]
 [certs] Generating "etcd/peer" certificate and key
 [certs] etcd/peer serving cert is signed for DNS names [localhost vertex-master] and IPs [192.168.66.169 127.0.0.1 ::1]
 [certs] Generating "apiserver-etcd-client" certificate and key
 [certs] Generating "etcd/healthcheck-client" certificate and key
 [certs] Generating "apiserver" certificate and key
 [certs] apiserver serving cert is signed for DNS names [k8s-lab.lab.vezpi.me kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local vertex-master] and IPs [10.96.0.1 192.168.66.169]
 [certs] Generating "apiserver-kubelet-client" certificate and key
 [certs] Generating "front-proxy-client" certificate and key
 [certs] Valid certificates and keys now exist in "/etc/kubernetes/pki"
 [certs] Using the existing "sa" key
 [kubeconfig] Generating kubeconfig files
 [kubeconfig] Using kubeconfig folder "/etc/kubernetes"
 [kubeconfig] Writing "admin.conf" kubeconfig file
 [kubeconfig] Writing "controller-manager.conf" kubeconfig file
 [kubeconfig] Writing "scheduler.conf" kubeconfig file
 [control-plane] Using manifest folder "/etc/kubernetes/manifests"
 [control-plane] Creating static Pod manifest for "kube-apiserver"
 [control-plane] Creating static Pod manifest for "kube-controller-manager"
 [control-plane] Creating static Pod manifest for "kube-scheduler"
 [check-etcd] Checking that the etcd cluster is healthy
 [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
 [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
 [kubelet-start] Starting the kubelet
 [kubelet-check] Waiting for a healthy kubelet at http://127.0.0.1:10248/healthz. This can take up to 4m0s
 [kubelet-check] The kubelet is healthy after 501.761616ms
 [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap
 [etcd] Announced new etcd member joining to the existing etcd cluster
 [etcd] Creating static Pod manifest for "etcd"
 {"level":"warn","ts":"2025-07-18T09:27:36.040077Z","logger":"etcd-client","caller":"v3@v3.5.16/retry_interceptor.go:63","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc00037ab40/192.168.66.167:2379","attempt":0,"error":"rpc error: code = FailedPrecondition desc = etcdserver: can only promote a learner member which is in sync with leader"}
 [...]
 {"level":"warn","ts":"2025-07-18T09:27:44.976805Z","logger":"etcd-client","caller":"v3@v3.5.16/retry_interceptor.go:63","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc00037ab40/192.168.66.167:2379","attempt":0,"error":"rpc error: code = FailedPrecondition desc = etcdserver: can only promote a learner member which is in sync with leader"}
 [etcd] Waiting for the new etcd member to join the cluster. This can take up to 40s
 [mark-control-plane] Marking the node vertex-master as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
 [mark-control-plane] Marking the node vertex-master as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
-    Verifying node status
+This node has joined the cluster and a new control plane instance was created:
 * Certificate signing request was sent to apiserver and approval was received.
 * The Kubelet was informed of the new secure connection details.
 * Control plane label and taint were applied to the new node.
 * The Kubernetes control plane instances scaled up.
 * A new etcd member was added to the local/stacked etcd cluster.
 To start administering your cluster from this node, you need to run the following as a regular user:
        mkdir -p $HOME/.kube
        sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
        sudo chown $(id -u):$(id -g) $HOME/.kube/config
 Run 'kubectl get nodes' to see this node join the cluster.
 ```
 #### Regénérer les Certificats
 Si les certificats ont expiré, vous verrez un message d’erreur lors du `kubeadm join` :
 ```plaintext
 [download-certs] Downloading the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
 error execution phase control-plane-prepare/download-certs: error downloading certs: error downloading the secret: Secret "kubeadm-certs" was not found in the "kube-system" Namespace. This Secret might have expired. Please, run `kubeadm init phase upload-certs --upload-certs` on a control plane to generate a new one
 ```
 Dans ce cas, vous pouvez **retélécharger les certificats** et générer une nouvelle clé de chiffrement à partir d’un nœud déjà membre du cluster :
 ```bash
 sudo kubeadm init phase upload-certs --upload-certs
 ```
 ```plaintext
 I0718 09:26:12.448472   18624 version.go:261] remote version is much newer: v1.33.3; falling back to: stable-1.32
 [upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
 [upload-certs] Using certificate key:
 7531149107ebc3caf4990f94d19824aecf39d93b84ee1b9c86aee84c04e76656
 ```
 #### Générer un token
 Associé au certificat, vous aurez besoin d’un **nouveau token**, cette commande affichera directement la commande complète `join` pour un master :
 ```bash
 sudo kubeadm token create --print-join-command --certificate-key <certificate-key>
 ```
 Utilisez cette commande sur les nœuds à ajouter au cluster Kubernetes comme master.
 ### Ajouter des Workers
 Vous pouvez rejoindre n'importe quel nombre de nœuds workers avec la commande suivante :
 ```bash
 sudo kubeadm join k8s-lab.lab.vezpi.me:6443 --token 8etamd.g8whseg60kg09nu1 \
        --discovery-token-ca-cert-hash sha256:65c4da3121f57d2e67ea6c1c1349544c9e295d78790b199b5c3be908ffe5ed6c
 ```
 ```plaintext
 [preflight] Running pre-flight checks
 [preflight] Reading configuration from the "kubeadm-config" ConfigMap in namespace "kube-system"...
 [preflight] Use 'kubeadm init phase upload-config --config your-config.yaml' to re-upload it.
 [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
 [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
 [kubelet-start] Starting the kubelet
 [kubelet-check] Waiting for a healthy kubelet at http://127.0.0.1:10248/healthz. This can take up to 4m0s
 [kubelet-check] The kubelet is healthy after 506.731798ms
 [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap
 This node has joined the cluster:
 * Certificate signing request was sent to apiserver and a response was received.
 * The Kubelet was informed of the new secure connection details.
 Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
 ```
 Encore une fois, si vous avez perdu l’output initial de `kubeadm init`, vous pouvez régénérer une nouvelle commande complète :
 ```bash
 sudo kubeadm token create --print-join-command
 ```
 Utilisez cette commande sur les nœuds à ajouter comme workers.
 ### Vérifier le Cluster
 Depuis votre contrôleur, vous pouvez vérifier que tous les nœuds ont bien rejoint le cluster et sont dans l’état `Ready` :
 ```bash
 kubectl get node
 ```
 ```plaintext
 NAME            STATUS   ROLES           AGE     VERSION
 apex-master     Ready    control-plane   154m    v1.32.7
 apex-worker     Ready    <none>          5m14s   v1.32.7
 vertex-master   Ready    control-plane   26m     v1.32.7
 vertex-worker   Ready    <none>          3m39s   v1.32.7
 zenith-master   Ready    control-plane   23m     v1.32.7
 zenith-worker   Ready    <none>          3m26s   v1.32.7
 ```
 Pour valider que le cluster a une bonne connectivité réseau :
 ```bash
 cilium connectivity test
 ```
 ```plaintext
 __   Monitor aggregation detected, will skip some flow validation steps
   [kubernetes] Creating namespace cilium-test-1 for connectivity check...
 __ [kubernetes] Deploying echo-same-node service...
 __ [kubernetes] Deploying DNS test server configmap...
 __ [kubernetes] Deploying same-node deployment...
 __ [kubernetes] Deploying client deployment...
 __ [kubernetes] Deploying client2 deployment...
 __ [kubernetes] Deploying client3 deployment...
 __ [kubernetes] Deploying echo-other-node service...
 __ [kubernetes] Deploying other-node deployment...
 __ [host-netns] Deploying kubernetes daemonset...
 __ [host-netns-non-cilium] Deploying kubernetes daemonset...
 __   Skipping tests that require a node Without Cilium
   [kubernetes] Waiting for deployment cilium-test-1/client to become ready...
 __ [kubernetes] Waiting for deployment cilium-test-1/client2 to become ready...
 __ [kubernetes] Waiting for deployment cilium-test-1/echo-same-node to become ready...
 __ [kubernetes] Waiting for deployment cilium-test-1/client3 to become ready...
 __ [kubernetes] Waiting for deployment cilium-test-1/echo-other-node to become ready...
 __ [kubernetes] Waiting for pod cilium-test-1/client2-66475877c6-gpdkz to reach DNS server on cilium-test-1/echo-same-node-6c98489c8d-547mc pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client3-795488bf5-xrlbp to reach DNS server on cilium-test-1/echo-same-node-6c98489c8d-547mc pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client-645b68dcf7-ps276 to reach DNS server on cilium-test-1/echo-same-node-6c98489c8d-547mc pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client2-66475877c6-gpdkz to reach DNS server on cilium-test-1/echo-other-node-6d774d44c4-gzkmd pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client3-795488bf5-xrlbp to reach DNS server on cilium-test-1/echo-other-node-6d774d44c4-gzkmd pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client-645b68dcf7-ps276 to reach DNS server on cilium-test-1/echo-other-node-6d774d44c4-gzkmd pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client2-66475877c6-gpdkz to reach default/kubernetes service...
 __ [kubernetes] Waiting for pod cilium-test-1/client3-795488bf5-xrlbp to reach default/kubernetes service...
 __ [kubernetes] Waiting for pod cilium-test-1/client-645b68dcf7-ps276 to reach default/kubernetes service...
 __ [kubernetes] Waiting for Service cilium-test-1/echo-other-node to become ready...
 __ [kubernetes] Waiting for Service cilium-test-1/echo-other-node to be synchronized by Cilium pod kube-system/cilium-6824w
 __ [kubernetes] Waiting for Service cilium-test-1/echo-other-node to be synchronized by Cilium pod kube-system/cilium-jc4fx
 __ [kubernetes] Waiting for Service cilium-test-1/echo-same-node to become ready...
 __ [kubernetes] Waiting for Service cilium-test-1/echo-same-node to be synchronized by Cilium pod kube-system/cilium-6824w
 __ [kubernetes] Waiting for Service cilium-test-1/echo-same-node to be synchronized by Cilium pod kube-system/cilium-jc4fx
 __ [kubernetes] Waiting for NodePort 192.168.66.166:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.166:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.172:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.172:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.167:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.167:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.168:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.168:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.169:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.169:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.170:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.170:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for DaemonSet cilium-test-1/host-netns-non-cilium to become ready...
 __ [kubernetes] Waiting for DaemonSet cilium-test-1/host-netns to become ready...
 __   Skipping IPCache check
   Enabling Hubble telescope...
 __   Unable to contact Hubble Relay, disabling Hubble telescope and flow validation: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial tcp [::1]:4245: connect: connection refused"
     Expose Relay locally with:
   cilium hubble enable
   cilium hubble port-forward&
 __   Cilium version: 1.17.5
  [cilium-test-1] Running 123 tests ...
 [=] [cilium-test-1] Test [no-policies] [1/123]
 [...]
 [=] [cilium-test-1] Test [check-log-errors] [123/123]
 .................................................
 __ [cilium-test-1] All 73 tests (739 actions) successful, 50 tests skipped, 1 scenarios skipped.
 ```
 ⌛ Ce test de connectivité peut prendre jusqu’à **30 minutes**.
 ## Deploying a Sample Application
--- a/content/post/8-create-manual-kubernetes-cluster-kubeadm.md
+++ b/content/post/8-create-manual-kubernetes-cluster-kubeadm.md
@@ -468,7 +468,7 @@ To start administering your cluster from this node, you need to run the followin
 Run 'kubectl get nodes' to see this node join the cluster.
 ```
-#### Generate Certificates
+#### Regenerate Certificates
 If the certificate is expired, you would see a message like this on the `kubeadm join` command:
 ```plaintext
@@ -543,14 +543,74 @@ zenith-master   Ready    control-plane   23m     v1.32.7
 zenith-worker   Ready    <none>          3m26s   v1.32.7
 ```
-To validate that your cluster has proper network connectivity, :
+To validate that your cluster has proper network connectivity:
 ```bash
 cilium connectivity test
 ```
 ```plaintext
-
+__   Monitor aggregation detected, will skip some flow validation steps
   [kubernetes] Creating namespace cilium-test-1 for connectivity check...
 __ [kubernetes] Deploying echo-same-node service...
 __ [kubernetes] Deploying DNS test server configmap...
 __ [kubernetes] Deploying same-node deployment...
 __ [kubernetes] Deploying client deployment...
 __ [kubernetes] Deploying client2 deployment...
 __ [kubernetes] Deploying client3 deployment...
 __ [kubernetes] Deploying echo-other-node service...
 __ [kubernetes] Deploying other-node deployment...
 __ [host-netns] Deploying kubernetes daemonset...
 __ [host-netns-non-cilium] Deploying kubernetes daemonset...
 __   Skipping tests that require a node Without Cilium
   [kubernetes] Waiting for deployment cilium-test-1/client to become ready...
 __ [kubernetes] Waiting for deployment cilium-test-1/client2 to become ready...
 __ [kubernetes] Waiting for deployment cilium-test-1/echo-same-node to become ready...
 __ [kubernetes] Waiting for deployment cilium-test-1/client3 to become ready...
 __ [kubernetes] Waiting for deployment cilium-test-1/echo-other-node to become ready...
 __ [kubernetes] Waiting for pod cilium-test-1/client2-66475877c6-gpdkz to reach DNS server on cilium-test-1/echo-same-node-6c98489c8d-547mc pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client3-795488bf5-xrlbp to reach DNS server on cilium-test-1/echo-same-node-6c98489c8d-547mc pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client-645b68dcf7-ps276 to reach DNS server on cilium-test-1/echo-same-node-6c98489c8d-547mc pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client2-66475877c6-gpdkz to reach DNS server on cilium-test-1/echo-other-node-6d774d44c4-gzkmd pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client3-795488bf5-xrlbp to reach DNS server on cilium-test-1/echo-other-node-6d774d44c4-gzkmd pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client-645b68dcf7-ps276 to reach DNS server on cilium-test-1/echo-other-node-6d774d44c4-gzkmd pod...
 __ [kubernetes] Waiting for pod cilium-test-1/client2-66475877c6-gpdkz to reach default/kubernetes service...
 __ [kubernetes] Waiting for pod cilium-test-1/client3-795488bf5-xrlbp to reach default/kubernetes service...
 __ [kubernetes] Waiting for pod cilium-test-1/client-645b68dcf7-ps276 to reach default/kubernetes service...
 __ [kubernetes] Waiting for Service cilium-test-1/echo-other-node to become ready...
 __ [kubernetes] Waiting for Service cilium-test-1/echo-other-node to be synchronized by Cilium pod kube-system/cilium-6824w
 __ [kubernetes] Waiting for Service cilium-test-1/echo-other-node to be synchronized by Cilium pod kube-system/cilium-jc4fx
 __ [kubernetes] Waiting for Service cilium-test-1/echo-same-node to become ready...
 __ [kubernetes] Waiting for Service cilium-test-1/echo-same-node to be synchronized by Cilium pod kube-system/cilium-6824w
 __ [kubernetes] Waiting for Service cilium-test-1/echo-same-node to be synchronized by Cilium pod kube-system/cilium-jc4fx
 __ [kubernetes] Waiting for NodePort 192.168.66.166:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.166:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.172:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.172:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.167:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.167:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.168:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.168:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.169:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.169:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.170:32391 (cilium-test-1/echo-other-node) to become ready...
 __ [kubernetes] Waiting for NodePort 192.168.66.170:32055 (cilium-test-1/echo-same-node) to become ready...
 __ [kubernetes] Waiting for DaemonSet cilium-test-1/host-netns-non-cilium to become ready...
 __ [kubernetes] Waiting for DaemonSet cilium-test-1/host-netns to become ready...
 __   Skipping IPCache check
   Enabling Hubble telescope...
 __   Unable to contact Hubble Relay, disabling Hubble telescope and flow validation: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial tcp [::1]:4245: connect: connection refused"
     Expose Relay locally with:
   cilium hubble enable
   cilium hubble port-forward&
 __   Cilium version: 1.17.5
  [cilium-test-1] Running 123 tests ...
 [=] [cilium-test-1] Test [no-policies] [1/123]
 [...]
 [=] [cilium-test-1] Test [check-log-errors] [123/123]
 .................................................
 __ [cilium-test-1] All 73 tests (739 actions) successful, 50 tests skipped, 1 scenarios skipped.
 ```
 ⌛This connectivity test could take up to 30 minutes.
 ## Deploying a Sample Application
--- a/content/post/random-post.md
+++ b/content/post/random-post.md
@@ -13,4 +13,4 @@ I'm ==testing==
 ## Emoji
-🚀💡🔧🔁⚙️📝📌⚠️✅🍒❌ℹ️
+🚀💡🔧🔁⚙️📝📌⚠️✅🍒❌ℹ️⌛
`@@ -13,4 +13,4 @@ I'm ==testing==`

	`## Emoji`	`## Emoji`

	`🚀💡🔧🔁⚙️📝📌⚠️✅🍒❌ℹ️`	`🚀💡🔧🔁⚙️📝📌⚠️✅🍒❌ℹ️⌛`