https://lifeandshell.com/tags/k8s/ Recent content in k8s on Life and Shell Hugo -- gohugo.io en-us Mattias Hemmingssion mattias@lifeandshell.com Sun, 13 Apr 2025 09:32:36 +0000 https://lifeandshell.com/posts/wazuh-digest-any-source/ Sun, 13 Apr 2025 09:32:36 +0000 https://lifeandshell.com/posts/wazuh-digest-any-source/ How I Built a Custom Wazuh Log Ingest Pipeline (And Ditched the Wodle) If you’ve ever tried to push custom logs into Wazuh, you’ve probably stumbled across something called a Wodle. Wazuh uses these built-in scripts to collect and parse data—especially useful for integrations like AWS. So… Wodle for AWS? Sure, Wodle can collect AWS logs. But when I tried using it for my AWS environment, things didn’t exactly go as planned. https://lifeandshell.com/posts/wa/ Sun, 13 Apr 2025 08:56:12 +0000 https://lifeandshell.com/posts/wa/ Wazuh Wazuh is a powerful open-source security platform built to monitor systems for threats, intrusions, and anomalies. Traditionally, the Wazuh agent is installed on physical or virtual Linux servers to perform host-based intrusion detection (HIDS). It passively monitors the system and reports any suspicious changes or activity to the Wazuh manager. This works well in environments where systems are treated as immutable infrastructure — where servers are expected to remain unchanged. https://lifeandshell.com/posts/wazuh-on-kubernetes-using-helm/ Sat, 12 Apr 2025 21:50:16 +0000 https://lifeandshell.com/posts/wazuh-on-kubernetes-using-helm/ From OSSEC to Wazuh: My Journey and Kubernetes Setup I started a long time ago using OSSEC, and eventually transitioned over to Wazuh—back when it still relied on Elasticsearch for storage and search. Recently, when I returned to Wazuh for a new project, I was surprised to find that there was no simple way to deploy Wazuh into a local Kubernetes cluster for testing. So, I decided to revive and modernize an old Helm chart I had built a while back. https://lifeandshell.com/posts/k3s-cluster-on-setup-master-and-node/ Sat, 07 Jan 2023 11:31:43 +0000 https://lifeandshell.com/posts/k3s-cluster-on-setup-master-and-node/ For some IoT setups a need a k3s cluster running. To make it spread and to add more nodes a installed the k3s Master on my firewall running a small atom processor. But wanted to run the nodes on raspberry or rock nodes to handle the load. Then by using labels on nodes I want to apply different workloads on the nodes. Pre So before installing k3s master. I had my pihole running on port 80 and that did not work that well. https://lifeandshell.com/posts/migrate-elasticsearch-helm-to-elasticsearch-operator/ Thu, 01 Dec 2022 13:17:35 +0000 https://lifeandshell.com/posts/migrate-elasticsearch-helm-to-elasticsearch-operator/ Migrate elasticsearch helm to elasticsearch operator and from version 7 to version 8. So in the start, I used the helm chart for elasticsearch, and everything worked fine. Then elasticsearch 8 comes and the Elasticsearch operator. This broke by helm chart and kind of left me in a stalled state. But now I have to migrate my current elasticsearch that uses a helm chart to start using the operator. https://lifeandshell.com/posts/openstreat-map-docker-och-docker-compose/ Thu, 17 Nov 2022 16:53:00 +0000 https://lifeandshell.com/posts/openstreat-map-docker-och-docker-compose/ Split up in separate containers ! Running openstreetmap map in docker was hard. And the docs all wanted to run it bounded with postgress and not in separate containers. I setup so we can run osm I different containers for you to scale https://github.com/mattiashem/osm Clone this GitHub repo and then start it with docker compose build then to start it, run docker compose up What is happening First we are building a custom Postgres docker image. https://lifeandshell.com/posts/kubernetes-update-1-22-1-23-helm-error/ Thu, 15 Sep 2022 16:02:06 +0000 https://lifeandshell.com/posts/kubernetes-update-1-22-1-23-helm-error/ I was in the progress of updating my cluster and in version 1.23 we have breaking changes. What I did not know was that helm saves the latest deployed version in secret. So I updated the cluster to version 1.23 and started getting helm errors. And it does not matter if I delete the resources in the cluster. The issue is that helm has saved the last deployment with a API version that with the new k8s version is no longer supported. https://lifeandshell.com/posts/boundery-on-kubernetes-with-keycloak/ Sat, 22 Jan 2022 11:43:24 +0000 https://lifeandshell.com/posts/boundery-on-kubernetes-with-keycloak/ We have 3 clusters running 2 on AWS and 1 on-prem. And to sort out connections for developers and admin the goal is to implement boundary as an access point. To verify the user we use Keycloak and 2FA, Then based on roles we give the different users access to different services inside the cluster. Service The user should be able to connect to an ssh server inside the network but also to service running inside Kubernetes like elasticsearch ore MySQL, https://lifeandshell.com/posts/vault-eks-aws-to-pod-the-complete-guide/ Thu, 29 Oct 2020 09:17:42 +0000 https://lifeandshell.com/posts/vault-eks-aws-to-pod-the-complete-guide/ I have bean working some time with vault and to deploy it to our EKS cluster and then to get the secrets into our pods. After many hours of searching i have found out that using kube-vault and vault-env. This gude uses tarraform to setup the resources you need in AWS. Then deploy the kubevault with ui into to cluster that will use a s3 bucket and backend and autoseal it self during boot