R&D & PoC Sandbox
Le Lab : Sovereign Engineering
Exploration technique et validation de concepts. Du provisionnement d'infrastructure immuable à l'intégration de l'IA générative, chaque projet ici est un pilier de ma vision d'un Cloud souverain et automatisé.
4
Advanced AI Implementation
KubeLens: Intelligent Diagnosis
Automated analysis of Kubernetes incidents via a Small Language Model (SLM) and a vector database, guaranteeing total log confidentiality.
Qwen 0.5BOllamaQdrant
KubeLens Engine v1.0
Awaiting analysis...
The diagnosis will stream here.
The diagnosis will stream here.
Sovereignty
Local inference on Scaleway CPU.<br />Logs never leave the infrastructure.
FinOps
Qwen 0.5B model optimized for a response in <3s without expensive GPU costs.
RAG
Augmented response via Qdrant to include its own remediation procedures.
3
Hybrid Mesh Observability
Traefik Tailnet Monitor
Real-time visualization of local Traefik Inbound Ingress metrics, securely routed through a Tailnet to your Cloud Prometheus instance (Scaleway Kapsule).
TraefikPrometheusTailscaleK3s
Tailnet Scraper Engine
Connection Status{t("statusDisconnected")}
Source:K3s Local Edge (Prometheus)
Destination:Scaleway Kapsule (Scraper)
Last Scrape:--:--:--
Live Polling
Awaiting first Prometheus scrape...
Data transits via the Tailscale IP of the local cluster.
Data transits via the Tailscale IP of the local cluster.
Hybrid Cloud
Cross‑cluster scrape from Kapsule (Cloud) to Local Prometheus (K3s).
Tailnet Secure
End-to-end encrypted Prometheus traffic via a private WireGuard mesh (Tailscale).
Real‑time Edge
On-the-fly collection of HTTP requests, latencies, and error codes from Traefik Ingress.
2
Hybrid Pipeline
Lifecycle & Hybrid GitOps
Automated continuous deployment linking a self-hosted GitLab and a Cloud cluster via a secure mesh network (Tailscale).
GitLab Self-HostedArgoCD
Software Supply Chain
graph LR
subgraph padding [" "]
direction TB
subgraph local_env ["🏠 PRIVATE ENVIRONMENT"]
GL["<img src='/logo-gitlab.svg'/><br/><b>GitLab</b><br/><i>Manifestes GitOps</i>"]
end
subgraph scw_env ["☁️ SCALEWAY ACCOUNT"]
SM["<img src='/logo-scaleway-secret-manager.svg'/><br/><b>Secret Manager</b><br/><i>Coffre-fort managé</i>"]
end
end
subgraph kapsule_cluster ["☸️ KUBERNETES CLUSTER (KAPSULE)"]
subgraph kapsule_cluster_padding [" "]
direction TB
ARGO["<b>ArgoCD</b><br/><i>Moteur GitOps</i>"]:::node-primary
ESO["<b>External Secrets Operator</b><br/><i>Gestionnaire de secrets</i>"]:::node-primary
APP["<b>Business Applications</b><br/><i>Pods isolés</i>"]
%% Liaisons internes Kapsule
ARGO --> |"Reconciliation"| APP
ESO --> |"Injection"| APP
end
end
GL -.-> |"Tailnet Traffic<br/>(Zero Trust)"| ARGO
SM -.-> |"Secure read<br/>(API Key)"| ESO
class padding subgraph_padding;
class local_env subgraph_padding;
class scw_env subgraph_padding;
class kapsule_cluster cluster-primary;
class kapsule_cluster_padding subgraph_padding;
classDef subgraph_padding fill:none,stroke:none
graph TD
subgraph padding [" "]
direction TB
subgraph local_env ["🏠 PRIVATE ENVIRONMENT"]
GL["<img src='/logo-gitlab.svg'/><br/><b>GitLab</b><br/><i>Manifestes GitOps</i>"]
end
subgraph scw_env ["☁️ SCALEWAY ACCOUNT"]
SM["<img src='/logo-scaleway-secret-manager.svg'/><br/><b>Secret Manager</b><br/><i>Coffre-fort managé</i>"]
end
end
subgraph kapsule_cluster ["☸️ KUBERNETES CLUSTER (KAPSULE)"]
subgraph kapsule_cluster_padding [" "]
direction TB
ARGO["<b>ArgoCD</b><br/><i>Moteur GitOps</i>"]:::node-primary
ESO["<b>External Secrets Operator</b><br/><i>Gestionnaire de secrets</i>"]:::node-primary
APP["<b>Business Applications</b><br/><i>Pods isolés</i>"]
%% Liaisons internes Kapsule
ARGO --> |"Reconciliation"| APP
ESO --> |"Injection"| APP
end
end
GL -.-> |"Tailnet Traffic<br/>(Zero Trust)"| ARGO
SM -.-> |"Secure read<br/>(API Key)"| ESO
class padding subgraph_padding;
class local_env subgraph_padding;
class scw_env subgraph_padding;
class kapsule_cluster cluster-primary;
class kapsule_cluster_padding subgraph_padding;
classDef subgraph_padding fill:none,stroke:none
Hybrid Networking
Using Tailscale to expose GitLab to ArgoCD without opening ports on the local firewall (NAT Traversal).
Single Source of Truth
All Kubernetes configuration (Manifests) is versioned.
ArgoCD ensures the cluster state matches the Git repository.
ArgoCD ensures the cluster state matches the Git repository.
Secret Management
Encryption of sensitive data via Sealed Secrets or integration with an external Vault for 'Zero Trust' security.
1
Sovereign IaC
Immutable Provisioning with OpenTofu
Full automation of a sovereign Cloud infrastructure at Scaleway, designed for total isolation and cost control.
VPC IsolatedOpenTofu
Network Topology & Security
graph LR
subgraph public ["Public Zone"]
direction TB
A["<img src='/logo-scaleway-zone.svg'/><br/><b>DNS Zone</b><br/><i>vvtechsolutions.eu</i>"]
end
subgraph vpc ["Scaleway Virtual Private Cloud"]
subgraph vpc_padding [" "]
direction LR
LB["<img src='/logo-scaleway-load-balancers.svg'/><br/>Load Balancer"]:::node-primary
subgraph k8s_padding [ ]
subgraph k8s ["Kapsule (Kubernetes Cluster)"]
direction TB
NA["<img src='/logo-scaleway-instances.svg'/><br/>Node A"]
NB["<img src='/logo-scaleway-instances.svg'/><br/>Node B"]
end
end
GW["<img src='/logo-scaleway-public-gateway.svg'/><br/>Public Gateway"]:::node-primary
end
end
A -.- |"Web Traffic<br/><br/>"| LB
LB -.- NA
LB -.- NB
NA --> |"Internet Egress<br/><br/>"| GW
NB --> |"<br/><br/>Internet Egress"| GW
class public subgraph_padding;
class vpc cluster-primary;
class vpc_padding subgraph_padding;
class k8s_padding subgraph_padding
classDef subgraph_padding fill:none,stroke:none
graph TD
subgraph public ["Public Zone"]
direction TB
A["<img src='/logo-scaleway-zone.svg'/><br/><b>DNS Zone</b><br/><i>vvtechsolutions.eu</i>"]
end
subgraph vpc ["Scaleway Virtual Private Cloud"]
subgraph vpc_padding [" "]
direction LR
LB["<img src='/logo-scaleway-load-balancers.svg'/><br/>Load Balancer"]:::node-primary
subgraph k8s_padding [ ]
subgraph k8s ["Kapsule (Kubernetes Cluster)"]
direction TB
NA["<img src='/logo-scaleway-instances.svg'/><br/>Node A"]
NB["<img src='/logo-scaleway-instances.svg'/><br/>Node B"]
end
end
GW["<img src='/logo-scaleway-public-gateway.svg'/><br/>Public Gateway"]:::node-primary
end
end
A -.- |"Web Traffic<br/><br/>"| LB
LB -.- NA
LB -.- NB
NA --> |"Internet Egress<br/><br/>"| GW
NB --> |"<br/><br/>Internet Egress"| GW
class public subgraph_padding;
class vpc cluster-primary;
class vpc_padding subgraph_padding;
class k8s_padding subgraph_padding
classDef subgraph_padding fill:none,stroke:none
Isolation
No public IP addresses on K8s nodes.
All traffic goes through a Public Gateway with strict filtering.
All traffic goes through a Public Gateway with strict filtering.
FinOps
Using ARM64 instances, offering a 30% higher performance-to-price ratio compared to x86.
Immutability
The Cloud state is 100% managed via OpenTofu.
No manual changes allowed (No Drift).
No manual changes allowed (No Drift).