Skip to content

security

Monitoring a Kubernetes cluster for vulnerabilities

Replacing Ingress-NGINX with Pomerium, prompted by the upcoming retirement in March 2026 of Ingress-NGINX controller, was a stark reminder the importance of keeping deployments updated and staying abrest of security issues, vulnerabilities and deprecations.

Manually monitoring each application's repository for new releases, to then update each deployment manually, work well for a few deployments but does not scale well to dozens of deployments. The process should be automated to automatically update deployments, at last those with a good track record of hassle-free updates, so that manual updates are needed only for those prone to requiring more attention, intermediate backups, etc.

Remote access options for self-hosted services

Running self-hosted services behind a router that allows port forwarding is mostly as simple as forwarding a few ports, mainly 443 for everything over HTTPS and port 80 for automatically renewing Let's Encrypt certificates.

Otherwise, being behind a router that either doens't allow port forwarding, or just doesn't work well, or being behind CGNAT, may require the use of some sort of tunnels to route inbound traffic using outbound connections. This can also be useful even in the above case, when multiple systems need to be reachable on port 80.

Cloudflare tunnels do not enable access on port 80.

Cloudflare redirects port 80 to 443, to upgrade HTTP connections to HTTPS. That means ACME HTTP-01 challenges to renew Let's Encrypt certificates need to be routed to the relevant port (80 or 32080) based on the request path; see Let's Encrypt via tunnel.

Adopting Firefox and Bitwarden as daily drivers

Google Chrome has been my daily driver for a really long time; so long, in fact, that all I remember was the initial frustration when it first came out without a release for the GNU/Linux platforms. I don't remember why, or even whether, I was so eager to jump ship, and at this point I can only guess that the old ship was the one I'm preparing to jump back to: Firefox.

It seems on-line life has gotten a wee bit more comp-lic-ated that it was back in 2008, when smartphone apps were a new thing, YouTube had only 720p video, and Spotify was brand new...