Another quick note on my very simple Argo CD, Argo Workflows, Argo Rollouts and Argo Events setup in my home lab. Only the base installation procedures are described here, in later posts I will document how I use this stuff to manage an actual workload. Argo CD Okay, so what’s this all about? Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Installation First we need to create a dedicated namespace: ...

In this post I’m sharing my approach for exposing Kubernetes services and workloads to my local network(s), it’s an addition to my simple Kubernetes setup which is documented here. Kubernetes doesn’t natively support network load balancers (Services of type LoadBalancer) for bare-metal clusters. The built-in load balancer solutions are designed to work with cloud platforms like GCP, AWS, and Azure, and rely on specific integrations with those IaaS providers. For clusters not running on these platforms, LoadBalancers remain in a perpetual “pending” state. ...

I finally got some free time and decided to use it for improving the security of my home network. The most effective measures for my environment would be any additional controls on the network level so that both the LAN and IOT networks could benefit from it. I recently setup a recursive nameserver using Unbound and have forced all DNS traffic to go through that. It’s nice because I get visibility on all DNS traffic which I monitor using Splunk. But now, it’s time to add some additional hardening to the DNS service using the publicly available blocklist from OISD. ...

Long story short, I need to be able to access my home machine(s) from the Internet. Unfortunately my ISP provides me with a dynamic IP address so I need to jump to another hoop to get where I want. Luckily there’s a lot of Dynamic DNS providers out there, for reason(s) I opted to use Duck DNS. So go over to Duck DNS and sign-in to create an account, claim your subdomain and grab the token. ...

Another quick note on my very simple (single-node) Kubernetes setup in my home lab. ...

OpenBSD does not provide many good options for shipping logs to a remote destination. Well known solutions like Fluentd, fluent-bit, Cribl, etc are just not (yet) available :( In this blog post I describe how I’m shipping Zeeks logs from my firewall using Rsyslog into my logging infrastructure which currently consists of Cribl and Splunk running on Linux VM’s. Enable JSON logging in Zeek The default TSV logging format of Zeek is fine when working with the logs locally with tools like cat, grep and zeek-cut. But when forwarding logs to a SIEM I prefer to use the JSON format. To make Zeek create logs in JSON you have to load the json-logs module in the site local configuration. ...

This post is just a quick note as I allways forget how to bump the hardcoded filesize limit in the awesome All-in-One-WP-Migration plugin for Wordpress. Since you’re reading this I guess the same applies to you ;). I’m using the Bitnami Wordpress image image in AWS Lightsail. So your paths will probably be different, use your brain.. ...

Sometimes you just need a quick solution for having a custom form in a Splunk dashboard. So this short blogpost will showcase how to create the HTML form and custom submit button using Javascript. ...

Sometimes you need to have multiple time widgets in a single Splunk dashboard, the scenario I encountered was for a global SOC operation. The solution provided here handles displaying local time using just a timezone parameter. As a bonus; it automatically handles daylight time savings too :-) ...

I needed to on-board the Linux system logs of all my homelab systems into Splunk. Apparantly I haven’t been paying attention… but only now I noticed that in EL8 (CentOS in my case) rsyslog is not even installed by default. So that prompted me to finally take a closer look into journald, this resulted in a very simple Splunk TA that can be deployed to any Splunk instance to ingest the journald logs. ...