BUILDING MIRECLOUD A Production-Grade Kubernetes Homelab from Scratch BARE METAL · GITOPS · ZERO TRUST · OBSERVABILITY · LLM Kubernetes Cilium Keycloak Vault ArgoCD eBPF OIDC Prometheus 🐙 github.com/mirecloud/home_lab A journey through bare metal, GitOps, OIDC, and the beautiful chaos of running enterprise-grade infrastructure in your living room. There's a specific kind of madness that grips platform engineers at some point in their career. It usually starts with an innocent thought: "I should have a homelab." Then you buy one server. Then two. Then you're configuring etcd, arguing with NFS mount options at 1 AM, and explaining to your partner why the internet is down because you're "testing Cilium network policies." Welcome to MireCloud — my bare-metal Kubernetes homelab, built to mirror what real production infrastructure lo...
Series Recap: So at this point in the MireCloud build, I've got OIDC working. Every kubectl call is authenticated through Keycloak , users get their groups injected into the JWT, and RBAC bindings match on oidc:k8s-viewers exactly as expected. It feels good. Then a thought hit me: I have no idea what's actually happening in this cluster. I can control who's allowed to do things. But if someone lists Secrets, deletes a Pod, or pokes around somewhere they shouldn't—I have zero trace of it. To learn production patterns, I needed to close that gap. This post is about enabling Kubernetes Audit Logging and shipping those events into Loki . A Quick "Why Loki?" Answer I already run Loki for application logs. Promtail is already a DaemonSet. Grafana is my single pane of glass. Adding a dedicated SIEM or an ELK stack just for audit logs would mean more overhead and a second query language. Loki fits naturally here. It’s low overhead, uses the same tooling, an...