Advertisement · 728 × 90

Posts by Fabian Kammel

How prepared is the Kubernetes ecosystem for the ever-growing threat of quantum computers?

After a deep-dive research week at ControlPlane, I wrote an article for the K8s blog answering that very question.

Read the answer here:
kubernetes.io/blog/2025/07...

#pqc #kubernetes #k8s #security #tls

9 months ago 2 0 0 0

Great news for #GitHubActions security! My data shows fully pinned actions rose from 2% to 3%, and partially pinned from 11% to 15%. A small but vital improvement, possibly due to incidents like tj-actions/changed-files. See the data: pin-gh-actions.kammel.dev

#DevSecOps #SupplyChainSecurity #CICD

10 months ago 1 0 0 0
Comparison of GitHub Action Scanners A comparison of GitHub Action Scanners.

I saw a lot of talk about #GitHubAction Static Code Analyzers in the wake of some high profile supply chain attacks. Primarily #poutine and #zizmor, but I also came across #octoscan and a research project by #Snyk. Here is my comparison of the four:

blog.kammel.dev/post/github_...

11 months ago 1 0 0 0
OpenPubkey SSH (OPKSSH) with Kanidm as Identity Provider Setting up OpenPubkey SSH with Kanidm as the Identity Provider.

#Cloudflare released OpenPubkey SSH #opkssh less than a month ago and the project already hit 1k ⭐ on GitHub!
Since I wrote about #kanidm the other day, I thought it be fun to see how easy it is to run OPKSSH with your own #IdP, actually pretty easy: blog.kammel.dev/post/opkssh/

1 year ago 2 1 0 1
Kubernetes Home Lab in 2025: Part 6 - Identity & Access Management A good Identity and Access Management (IAM) system is often overlooked in smaller environments and homelabs. Why is that?

This week we will explore how to secure your #Kubernetes cluster using #passkeys and #OIDC for a secure and user-friendly (because we actually like UX) log-in flow. We deploy our own identity provider using #kanidm for a truely self-hosted #homelab experience!

blog.kammel.dev/post/k8s_hom...

1 year ago 1 0 0 0
Kubernetes Home Lab in 2025: Part 5 - Persistent Storage Up until this point, we have only persisted data in K8s’ etcd database. Stateless workloads are nice, but at some point we want some of our data to survive a pod restart. In this part we will setup a ...

Let's get the final infrastructure service in our #Kubernetes #homelab cluster:
persistent storage! In this post we will deploy an #nfs server and configure
#storageclasses for dynamic provisioning of #pvc.
blog.kammel.dev/post/k8s_hom...

1 year ago 0 0 0 0
Kubernetes Home Lab in 2025: Part 4 - Cert-Manager Last time, we added ingress-nginx to our cluster so that external traffic can hit our services. In this post, we will secure that traffic using TLS.

After a one week hiatus, we are back on track with the #kubernetes #homelab series.

In this post we will secure our cluster by setting up #certmanager and connecting

it to #cloudflare and #letsencrypt, for automatic TLS certificate generation.

blog.kammel.dev/post/k8s_hom...

1 year ago 1 0 0 0
Kubernetes Home Lab in 2025: Part 3 - Ingress Last time, we added automated dependency updates to our cluster. In this post, we will get traffic into our cluster, by setting up an Ingress controller and a load balancer.

I just published the next post in the #kubernetes #homelab series, on my journey
to #kubestronaut. In this post we will get traffic into our cluster, by setting
up an #nginx Ingress controller and #metallb.
blog.kammel.dev/post/k8s_hom...

1 year ago 2 1 0 0
Kubernetes Home Lab in 2025: Part 2 - Automated Dependency Updates Last time, we set up Cilium and Flux to enable networking and GitOps for our Kubernetes cluster. In this post, we will add automated dependency updates to it.

Let's keep the series going. This week we set up automated dependency updates using #renovate and #fluxcd to keep our #kubernetes #homelab up to date and vulnerability free!
blog.kammel.dev/post/k8s_hom...

1 year ago 1 1 0 0
Kubernetes Home Lab in 2025: Part 1 - CNI & GitOps Last time, we left our Cluster in a semi-happy state: The nodes were up, the control plane was available, but we had no cluster network. Today, we will fix that, and a bit more.

The #kubernetes #homelab saga continues. In this weeks post we will answer the age old question: "Which came first the #CNI or #GitOps?" by analysing the dependencies
between #Flux and #Cilium.
blog.kammel.dev/post/k8s_hom...

1 year ago 1 0 0 0
Advertisement
Kubernetes Home Lab in 2025: Introduction The year was 2024, Cyber Monday was rolling by and my manager pointed out that I still had a budget available for training and certifications. One purchase of a Kubestronaut Certification Bundle and a...

Come join me on a journey building out a #Kubernetes #homelab. This will be an environment to study for my #Kubestronaut certifications. In this first post we will bootstrap a #kubeadm cluster using Infrastructure as Code (IaC) based on #libvirt and #kvm.
blog.kammel.dev/post/k8s_hom...

1 year ago 5 1 0 0