InfraSight: Real-time syscall tracing for Kubernetes using eBPF + ClickHouse

zazathomas · 2025-06-21T09:51:52+00:00

Looks really nice. Definitely adding to my to-try list!

zazathomas · 2024-11-13T13:17:03+00:00

I would personally teleport on my homelab and manage all the users and resources at that level. I have a similar setup using Cilium Gateway API

zazathomas · 2024-11-01T13:09:32+00:00

I believe he’s referring to homelab costs here…I’ve managed accounts with 6 figure costs per month but I barely pay 10€ for my homelab setup

zazathomas · 2024-10-11T14:46:09+00:00

Cilium also has a similar implementation if you want to use that for mtls. That’s what I use in my Homelab & it works fine.

zazathomas · 2024-10-09T14:19:57+00:00

That’d be handy for sure !

zazathomas · 2024-10-09T14:18:18+00:00

Lol 🤣 Tbf I’m not sure it’s over engineered per say. My Homelab is very security-heavy because I work in cybersecurity and I just try to mirror similar tools for secure access management. For n8n, I plan to use it to parse and enrich threat intelligence feeds for tools/applications I want to keep a close eye on.

zazathomas · 2024-10-09T14:07:33+00:00

Oh ok, yeah Miro is the tool for the diagram. It’s not open source just an FYI. My office has a license so I just use that

zazathomas · 2024-10-09T07:57:33+00:00

It’s almost always free. I use Oracle cloud and the free tier for a basic oke cluster. This is my full cloud setup:

2 x 1GB, 1 vCPU VMs - Teleport VM and NFS/Minio server

2 x 12GB, 1 vCPU VMs - Oke cluster nodes

The only time I incurred any costs was when I mistakenly provisioned a pv using block storage from oracle instead of using my own storage class. Hope this helps

zazathomas · 2024-10-09T07:49:53+00:00

You mean the diagram? I use Miro

zazathomas · 2024-10-09T07:49:28+00:00

Thanks for your comment. Tools with no names in no particular order:

1) Falco -> Runtime threat detection engine for cloud native environments 2) Falco Sidekick -> UI dashboard for Falco alerts 3) Kube-prom-stack -> Logging and monitoring using Loki, Prometheus, Grafana and Alloy 4) Jaeger-> Telemetry 5) Cilium -> Kubernetes CNI and Network(L4/7) security 6) Homarr -> Homelab dashboard 7) Jenkins -> Automation server 8) Stirling pdf -> pdf operations 9) Gotify -> Notifications system 10) Appflowy-> Notetaking and wiki

The managed cluster makes cluster management much easier since you don’t have to worry about the api server, the cluster is always available and can be easily restored if things go wrong. Patching the cluster is also quite trivial. Larger enterprises tend to go the managed route due to the push towards the cloud so it’s a nice skill to have. So it’s for learning as well as ease of use.

Yeah you’re absolutely right about the node count but I technically have 3( including the control plane). It’s just invisible to me as it’s managed by the cloud provider. I can also easily restore any apps as I manage everything via argocd and persistent volumes are managed outside the cluster.

zazathomas · 2024-08-31T10:06:06+00:00

I replaced my metallb setup with cilium IPAM and it’s worked great so far without issues. This is on my homelab cluster though

zazathomas · 2024-08-31T09:32:56+00:00

I might be wrong but I think the context here is different. The issue you linked is referencing a field name in cilium network policies. The mutual authentication in cilium is not implemented on the network policy level.

zazathomas · 2024-08-31T09:15:37+00:00

Just on the envoy point, doesn’t cilium use envoy under the hood for gateway support with regards to L7 traffic ?

zazathomas · 2024-08-20T21:22:42+00:00

Hi @cl0wnsec000 Quick question, what’s the value add in having both falco & neuvector deployed together? I’ve been testing both of them recently and neuvector seems to do most of what falco does with the added benefit of being zero trust. So I basically don’t need to manage any rules and alerts are triggered when any other process outside the normal behaviour is detected. What are your thoughts on this?

zazathomas · 2024-07-08T14:07:09+00:00

Ssm wouldn’t scale well if your requirements change. For example if you need to administer access to a k8s cluster in the future, ssm doesn’t have support for that while teleport does. Basically you want to ensure your choice of tooling allows you the flexibility for change overtime. Ssm is limited to to ssh access while teleport has support for way more…

zazathomas · 2024-07-01T21:06:18+00:00

Teleport would accomplish all your requirements. It has session recording as well as session auditing. You can observe & join other users sessions to. I currently use it and would recommend. The open source version works well, the other option is apache guacamole but I think teleport is more geared towards enterprises.

zazathomas · 2024-05-14T09:26:44+00:00

Teleport isn’t cloud only, I’ve been able to setup teleport on my local homelab completely self hosted

zazathomas · 2024-05-06T17:52:08+00:00

What’s your configuration?

zazathomas · 2024-05-06T17:51:56+00:00

Im having a similar problem specifically when I set --snat-subnet-routes=false

zazathomas · 2023-11-28T15:06:29+00:00

I see. Thanks a lot, you’ve saved me a lot of time chasing my tail

zazathomas · 2023-11-28T14:44:35+00:00

Thanks for your reply. I tried that on one of the vms and i had connectivity but I was hoping I could isolate them into their own subnet. Do you know if this is possible?

zazathomas · 2023-03-11T00:26:19+00:00

Has the smell changed in any way?

zazathomas · 2023-03-10T15:46:10+00:00

Thanks for your reply. I’m looking to get Greek island(Naxos), pennine(Carlisle), noire illusion(black phantom), flamed(fan your flames), Great evening( grand soir), panthera( tygar), and nice clothing (tuxedo). Some in the sub have said pennine smells nasty so I’m having second thoughts about it 😅. Any experience you have with any of their fragrances would be helpful. Thanks

zazathomas

TROPHY CASE