Fabian Kammel
LightNews LightNews
banner
datosh18.bsky.social
Fabian Kammel
@datosh18.bsky.social
9 followers 3 following 11 posts
Principal Security Consultant @ ControlPlane
Posts Replies Media Videos
datosh18.bsky.social
How prepared is the Kubernetes ecosystem for the ever-growing threat of quantum computers?

After a deep-dive research week at ControlPlane, I wrote an article for the K8s blog answering that very question.

Read the answer here:
kubernetes.io/blog/2025/07...

#pqc #kubernetes #k8s #security #tls
kubernetes.io
July 18, 2025 at 8:11 AM
datosh18.bsky.social
Great news for #GitHubActions security! My data shows fully pinned actions rose from 2% to 3%, and partially pinned from 11% to 15%. A small but vital improvement, possibly due to incidents like tj-actions/changed-files. See the data: pin-gh-actions.kammel.dev

#DevSecOps #SupplyChainSecurity #CICD
June 20, 2025 at 5:48 PM
datosh18.bsky.social
I saw a lot of talk about #GitHubAction Static Code Analyzers in the wake of some high profile supply chain attacks. Primarily #poutine and #zizmor, but I also came across #octoscan and a research project by #Snyk. Here is my comparison of the four:

blog.kammel.dev/post/github_...
Comparison of GitHub Action Scanners
A comparison of GitHub Action Scanners.
blog.kammel.dev
May 17, 2025 at 11:16 AM
datosh18.bsky.social
#Cloudflare released OpenPubkey SSH #opkssh less than a month ago and the project already hit 1k ⭐ on GitHub!
Since I wrote about #kanidm the other day, I thought it be fun to see how easy it is to run OPKSSH with your own #IdP, actually pretty easy: blog.kammel.dev/post/opkssh/
OpenPubkey SSH (OPKSSH) with Kanidm as Identity Provider
Setting up OpenPubkey SSH with Kanidm as the Identity Provider.
blog.kammel.dev
April 15, 2025 at 4:54 PM
datosh18.bsky.social
This week we will explore how to secure your #Kubernetes cluster using #passkeys and #OIDC for a secure and user-friendly (because we actually like UX) log-in flow. We deploy our own identity provider using #kanidm for a truely self-hosted #homelab experience!

blog.kammel.dev/post/k8s_hom...
Kubernetes Home Lab in 2025: Part 6 - Identity & Access Management
A good Identity and Access Management (IAM) system is often overlooked in smaller environments and homelabs. Why is that?
blog.kammel.dev
April 10, 2025 at 5:25 PM
datosh18.bsky.social
Let's get the final infrastructure service in our #Kubernetes #homelab cluster:
persistent storage! In this post we will deploy an #nfs server and configure
#storageclasses for dynamic provisioning of #pvc.
blog.kammel.dev/post/k8s_hom...
Kubernetes Home Lab in 2025: Part 5 - Persistent Storage
Up until this point, we have only persisted data in K8s’ etcd database. Stateless workloads are nice, but at some point we want some of our data to survive a pod restart. In this part we will setup a ...
blog.kammel.dev
March 19, 2025 at 4:57 PM
datosh18.bsky.social
After a one week hiatus, we are back on track with the #kubernetes #homelab series.

In this post we will secure our cluster by setting up #certmanager and connecting

it to #cloudflare and #letsencrypt, for automatic TLS certificate generation.

blog.kammel.dev/post/k8s_hom...
Kubernetes Home Lab in 2025: Part 4 - Cert-Manager
Last time, we added ingress-nginx to our cluster so that external traffic can hit our services. In this post, we will secure that traffic using TLS.
blog.kammel.dev
March 12, 2025 at 7:55 PM
datosh18.bsky.social
I just published the next post in the #kubernetes #homelab series, on my journey
to #kubestronaut. In this post we will get traffic into our cluster, by setting
up an #nginx Ingress controller and #metallb.
blog.kammel.dev/post/k8s_hom...
Kubernetes Home Lab in 2025: Part 3 - Ingress
Last time, we added automated dependency updates to our cluster. In this post, we will get traffic into our cluster, by setting up an Ingress controller and a load balancer.
blog.kammel.dev
February 26, 2025 at 1:04 PM
datosh18.bsky.social
Let's keep the series going. This week we set up automated dependency updates using #renovate and #fluxcd to keep our #kubernetes #homelab up to date and vulnerability free!
blog.kammel.dev/post/k8s_hom...
Kubernetes Home Lab in 2025: Part 2 - Automated Dependency Updates
Last time, we set up Cilium and Flux to enable networking and GitOps for our Kubernetes cluster. In this post, we will add automated dependency updates to it.
blog.kammel.dev
February 19, 2025 at 2:03 PM
datosh18.bsky.social
The #kubernetes #homelab saga continues. In this weeks post we will answer the age old question: "Which came first the #CNI or #GitOps?" by analysing the dependencies
between #Flux and #Cilium.
blog.kammel.dev/post/k8s_hom...
Kubernetes Home Lab in 2025: Part 1 - CNI & GitOps
Last time, we left our Cluster in a semi-happy state: The nodes were up, the control plane was available, but we had no cluster network. Today, we will fix that, and a bit more.
blog.kammel.dev
February 12, 2025 at 11:42 AM
datosh18.bsky.social
Come join me on a journey building out a #Kubernetes #homelab. This will be an environment to study for my #Kubestronaut certifications. In this first post we will bootstrap a #kubeadm cluster using Infrastructure as Code (IaC) based on #libvirt and #kvm.
blog.kammel.dev/post/k8s_hom...
Kubernetes Home Lab in 2025: Introduction
The year was 2024, Cyber Monday was rolling by and my manager pointed out that I still had a budget available for training and certifications. One purchase of a Kubestronaut Certification Bundle and a...
blog.kammel.dev
February 5, 2025 at 10:26 AM