Thumbnail image

COMPARISON OF GITHUB ACTION SCANNERS

GitHub Actions are a powerful way to automate your software development workflows, and manage them right in your repository. Even though they are becoming ever more popular, there is little movement to invest in tooling to make them more secure… at least until recently. In the last few weeks I have seen posts about zizmor and poutine. After a bit of digging I was also able to find octoscan, as well as a research project from Snyk called github-actions-scanner.

Read more
Sat, May 17, 2025 githubactionssecurity
Thumbnail image

OPENPUBKEY SSH (OPKSSH) WITH KANIDM AS IDENTITY PROVIDER

Cloudflare has recently open-sourced the OPKSSH (OpenPubkey SSH) implementation, which they got as part of their acquisition of BastionZero last year.

Read more
Tue, Apr 15, 2025 sshiamoidckanidmopenpubkey
Thumbnail image

KUBERNETES HOME LAB IN 2025: PART 6 - IDENTITY & ACCESS MANAGEMENT

A good Identity and Access Management (IAM) system is often overlooked in smaller environments and homelabs. Why is that?

Read more
Thu, Apr 10, 2025 k8shome labkubernetesiamoidcldapkanidm
Thumbnail image

KUBERNETES HOME LAB IN 2025: PART 5 - PERSISTENT STORAGE

Up until this point, we have only persisted data in K8s’ etcd database. Stateless workloads are nice, but at some point we want some of our data to survive a pod restart. In this part we will setup a basic NFS server to provide persistent storage and then make it available to our workloads using the NFS Subdirectory External Provisioner.

Read more
Wed, Mar 19, 2025 k8shome labkubernetesstorage
Thumbnail image

KUBERNETES HOME LAB IN 2025: PART 4 - CERT-MANAGER

Last time, we added ingress-nginx to our cluster so that external traffic can hit our services. In this post, we will secure that traffic using TLS.

Read more
Wed, Mar 12, 2025 k8shome labkubernetesingress
Thumbnail image

KUBERNETES HOME LAB IN 2025: PART 3 - INGRESS

Last time, we added automated dependency updates to our cluster. In this post, we will get traffic into our cluster, by setting up an Ingress controller and a load balancer.

Read more
Wed, Feb 26, 2025 k8shome labkubernetesingress
Thumbnail image

KUBERNETES HOME LAB IN 2025: PART 2 - AUTOMATED DEPENDENCY UPDATES

Last time, we set up Cilium and Flux to enable networking and GitOps for our Kubernetes cluster. In this post, we will add automated dependency updates to it.

Read more
Wed, Feb 19, 2025 k8shome labkubernetesrenovatefluxhelmGitHub
Thumbnail image

KUBERNETES HOME LAB IN 2025: PART 1 - CNI & GITOPS

Last time, we left our Cluster in a semi-happy state: The nodes were up, the control plane was available, but we had no cluster network. Today, we will fix that, and a bit more.

Read more
Wed, Feb 12, 2025 k8shome labkuberneteslibvirtkubeadmterraform
Thumbnail image

KUBERNETES HOME LAB IN 2025: PART 0 - BOOTSTRAPPING THE CLUSTER

First things first, we need some nodes that make up our cluster.

Read more
Wed, Feb 5, 2025 k8shome labkuberneteslibvirtkubeadmterraform
Thumbnail image

KUBERNETES HOME LAB IN 2025: INTRODUCTION

The year was 2024, Cyber Monday was rolling by and my manager pointed out that I still had a budget available for training and certifications. One purchase of a Kubestronaut Certification Bundle and a few weeks later, I kinda have to face it: I need a new home lab.

Read more
Tue, Feb 4, 2025 k8shome labkubernetes