Profile for eleboucher
- Display name
- Erwan Leboucher
- Username
- @eleboucher@erwanleboucher.dev
- Role
- admin
About eleboucher
Fields
- pronouns
- He/Him
- Website
- https://erwanleboucher.dev
Bio
Senior Software Engineer — Paris.
Building things with Go, Rust and Python, running them on Kubernetes. Homelab enthusiast. Occasional infrastructure over-engineering.
Working on making the best Eurostack.
- Joined
- Posts
- 21
- Followed by
- 15
- Following
- 19
Stats
towonel is now available as a managed service.
If you're running services at home behind NAT or CGNAT and want to expose them publicly without opening ports, buying a VPS, or sending your traffic through Cloudflare tunnel, this is for you.
No setup on the server side. You run a lightweight agent next to your services, point it at my hub with an invite token, and your services are publicly reachable. TLS passthrough by default, meaning your traffic is never decrypted on my end. Raw TCP and UDP work too: SSH, WireGuard, databases, whatever you need.
Running on OVHcloud infrastructure, with nodes in Europe and Canada.
Drop in the home-operations Discord to get an invite.
The project runs on donations, if it's useful to you there's a Ko-fi link on the site.
https://towonel.dev/
I wrote an article about the cloudflare tunnel alternative i made called: towonel
I made it in a way that it's basically a drop in replacement, It also support TCP/UDP tunneling as well. i made it in a way that you can have multiple tenants so you can share the cost with some people. It's also TLS passthrough so a connection is fully encrypted until envoy and fully secure.
https://erwanleboucher.dev/blog/towonel/
A small but persistent pain point with Kubernetes has always been creating PV(C)s. You can run kubectl create deployment/service/ingress/job/namespace to create these resources within Kubernetes without having to write a yaml file or copy an existing yaml file from the K8s docs. You can also add --dry-run + -o yaml to get a yaml file from the command, which you can tinker with further.
But despite PVCs being fairly important resources, there's no kubectl create pvc, which is annoying because I always need to open the docs or copy a pvc yaml file from elsewhere.
So I opened an issue: https://github.com/kubernetes/kubectl/issues/1849
And wrote some code:
Thanks to @eleboucher for sharing his instance of the drop-in alternative to Cloudflare Tunnel, towonel, with me, which is used to expose kubes.cloud:
https://git.erwanleboucher.dev/eleboucher/towonel
I made a drop in replacement for cloudflare tunnel for my fellow homelabbers, As part of trying to own our data and make stuff more sovereign. One of the biggest problem for adoption is that you need to own a VPS, but one key piece of the software is that it support multitenant so you can share the cost of VPS with some friends. https://git.erwanleboucher.dev/eleboucher/towonel I will try to write a full fledge article soon to talk more about it
Can confirm this also works for Talos Linux (Kubernetes-focused distro by SideroLabs).
Add initcall_blacklist=algif_aead_init to your Talos schematic or Image Factory (https://factory.talos.dev), then regenerate your resultant image hash/URL and upgrade all your nodes with the new image.
https://hachyderm.io/@jph/116490182786464311
EDIT: PLEASE SEE THIS UPDATE: https://social.jjgadgets.tech/@jj/statuses/01KQH9EV03K7C3W7VN6DTPKQY6
The test in this current toot was mistakenly done when I both upgraded to Talos 1.13.0 (running a patched kernel) and added the kernel arg. HOWEVER, the kernel arg does mitigate the PoC on Talos 1.12.6, thus see the update toot.
While AI scraping is become more and more like a denial of service attack, I wrote down an article that help my friend and me to protect ourselves from such attacks https://erwanleboucher.dev/blog/under-attack/
Quick messy post in my blog about how "software engineering" (in a corporate setting) has involved less and less coding these days.
@alexb where is celeste?