My notes and stuff - SecurityThis is just a space for me to share some notes and thoughts. I hope someone finds something useful here.Zola2025-11-02T00:00:00+00:00https://suchaboris.com/tags/security/atom.xmlDebugging K8s Network Policies2025-11-02T00:00:00+00:002025-11-02T00:00:00+00:00
Unknown
https://suchaboris.com/blog/debugging-k8s-network-policies/<p>My focus last week (in personal projects space) was to add network policies to my <strong>homelab</strong>. I added them to all custom namespaces but, in the end, had to revert some and replace them with less restrictive ones because some things just stopped working, and I had no time to investigate why.</p>
<p>The biggest challenge was in the very beginning when none of the policies I added did anything. Everything looked good in the logs and on the <strong>K8s</strong> cluster. I mean, there were no errors or reports of invalid configs.</p>
<p>After several hours of cumulative debugging, checking all configs, and brainstorming with AI, I found that my nodes just didn't have the <strong>iptables</strong> binary! 🤦</p>
<p>Everything looked great in the logs, but no rules were enforced. After adding the binary and updating my bootstrap scripts, all the rules started working as intended.</p>
The Joy of Scope Creep in a Homelab2025-10-26T00:00:00+00:002025-10-26T00:00:00+00:00
Unknown
https://suchaboris.com/blog/the-joy-of-scope-creep-in-a-homelab/<p>Last week was a classic case of <strong>scope creep</strong> (for a personal project): I started one task and it instantly spawned five more. On one hand, it's a good learning process; on the other, it feels less productive because my To-Do list got bigger, not smaller.</p>
<p>All I wanted was to set up some <strong>security scanner</strong> for my <strong>homelab K8s cluster</strong>. After researching different tools, I spun one up and got a summary report, which was great. Time to start fixing vulnerabilities and misconfigurations, right?</p>
<p>Well, I thought I needed to set up alerting first so I know the number does not go up. But for that, I need to set up <strong>secret management</strong> so alerts can be sent via email. And each part requires quite a bit of reading, research, and evaluation of which solution will work best for my case.</p>
<p>And so, by the end of the week, my To-Do list for the homelab is twice as big as it was when the week started. And I love it. I am learning so much with this project.</p>