In my Silence Not Golden: Fixing the Mute Button on Tetragon Logs post, I realized that I was an idiot. I also realized that I needed to get all of my Kubernetes into one place for a number of reasons. I’m most familiar with Splunk so it makes sense to centralize my Kubernetes logs with Splunk. In this post, I’m going to walk through configuring Splunk and Kubernetes so that all of my logs are in a central location. I’m not going to include setting up a Splunk instance so I’ll assume that you have deployed Splunk in Cloud or some version of Enterprise. ...

In my previous From Reactive to Proactive: Transforming Security with Tetragon post, I got Tetragon installed and working. After doing some digging, I found that I was only generating events and logs for one of the k8 nodes in my cluster. This article focuses on how I noticed this and how to fix tetragon logging issues. Identifying That I Had a Logging Issue While poking around at the logs and events from Tetragon, I noticed that I wasn’t getting logs and events from all of my pods. As an example, I have the following two nginx pods on separate Kubernetes nodes: ...

Update (January 2026): The email authentication requirements discussed in this post are now strictly enforced. Gmail and Yahoo began full enforcement in late 2025, and Microsoft joined in May 2025. SPF, DKIM, and DMARC are no longer optional for bulk senders - they’re required for reliable email delivery. After writing my DMARC Reports: Your Secret Weapon Against Domain Fraud (And How to Read Them) post, I realized that I hadn’t really looked at SPF and DKIM records too much. I had read how you could be protecting your brand from email spoofing with SPF and DKIM records but hadn’t explored them very much. I figured that it made more sense to dig a little deeper into what SPF and DKIM records are as well as how they work. ...

Update (January 2026): Since this post was originally written, Gmail and Yahoo’s DMARC requirements have moved from warning to full enforcement. As of November 2025, Gmail actively rejects non-compliant emails from bulk senders. Microsoft also joined in May 2025, requiring DMARC for senders of 5,000+ daily emails to Outlook.com, Hotmail, and Live.com. If you haven’t set up DMARC yet, now is the time - your emails may already be getting rejected. ...

I previously blogged about Starboard and How to Install and Use Starboard to Protect Your Kubernetes Cluster. These articles were focused more on vulnerability and configuration management. Now, I wanted to focus my attention on runtime security observability using Tetragon. Getting Started With Tetragon The first step is to install it. The Tetragon website recommends using Helm 3 to deploy it so that’s what we’ll do. I’m deploying with just the default values for now ...