Application Inventory

Cluster App Map — All Running Workloads

Every Deployment, StatefulSet, and DaemonSet across the SOC cluster (soc1–6) and SEC cluster (sec1–3), linked via Cilium ClusterMesh. Audit: 2026-05-03 14:44 AEST.

9
Total Nodes
219
Running Pods
222
Total Pods
14
PVCs Bound
127
Helm Releases
49
High Restarts
Networking / CNI
DevSecOps / GitOps
Security / SIEM
Observability
Storage / DB
Identity / PKI
Infra / System
CTI / Threat Intel
SOC Cluster — soc1 · soc2 · soc3 · soc4 · soc5 · soc6
Talos v1.12.6 · K8s v1.35.2 · VIP 172.16.x.x · ClusterMesh 172.16.x.x
Pods 130
Running 129
Namespaces 10
PVCs 10
kube-system
37 pods
Cilium 1.19.2
DaemonSet ×6
eBPF CNI · L3–L7
mTLS · NetworkPolicy
hub.onelabs.work ↗
6/6 Running
Cilium Envoy
DaemonSet ×6
L7 proxy · HTTP/gRPC
Policy enforcement
6/6 Running
Hubble Relay
Deployment ×1
Network visibility
Flow aggregation
1/1 Running
Hubble UI
Deployment ×1
Service map · UI
hub.onelabs.work ↗
1/1 Running
ClusterMesh API
Deployment ×1
SOC ↔ SEC mesh
:2379 etcd API
1/1 Running
Tetragon v1.6.1
DaemonSet ×6
eBPF syscall audit
Process · LSM
6/6 · 13 restarts
CoreDNS
Deployment ×2
Cluster DNS
Service discovery
2/2 Running
Metrics Server
Deployment ×1
HPA · kubectl top
Resource metrics
1/1 Running
argocd
15 pods
Argo CD Server
Deployment ×2
GitOps UI · API
v3.3.6 HA
argo.onelabs.work ↗
2/2 Running
Repo Server
Deployment ×2
Git clone · Helm
Kustomize render
2/2 · ⚠ 125 restarts
App Controller
StatefulSet ×1
Sync reconcile
Health assess
1/1 Running
Redis HA
StatefulSet ×3
Session cache
Sentinel mode
3/3 Running
HAProxy
Deployment ×3
Redis HA LB
Sentinel proxy
3/3 Running
Dex
Deployment ×1
OIDC connector
SSO bridge
1/1 Running
monitoring
28 pods
Prometheus v2.54.1
StatefulSet ×1
Metrics scrape
Rules · Recording
prom.onelabs.work ↗
1/1 Running
Alertmanager
StatefulSet ×1
Route · Dedup
Discord + AWX
alert.onelabs.work ↗
1/1 Running
Grafana 11.2.1
Deployment ×1
Dashboards · SOC
OIDC SSO
graf.onelabs.work ↗
1/1 Running
Loki 3.2.0
StatefulSet ×3+3
Write + Backend
MinIO S3 · 30d
loki.onelabs.work ↗
6/6 Running
Loki Gateway
Deployment ×1
nginx LB for Loki
Read/write split
1/1 Running
Fluent Bit 3.2.1
DaemonSet ×6
Log collect · Parse
→ Loki + Splunk HEC
6/6 Running
Node Exporter
DaemonSet ×6
Host metrics :9100
CPU · MEM · DISK
6/6 Running
kube-state-metrics
Deployment ×1
K8s object state
Pods · PVCs · HPAs
1/1 Running
Prometheus Operator
Deployment ×1
ServiceMonitor CRDs
PrometheusRule
1/1 Running
wazuh
6 pods
Wazuh Agent 4.14.4
DaemonSet ×6
FIM · auditd
MITRE tagging · CIS
wazu.onelabs.work ↗
6/6 Running
otel
6 pods
OTel Collector 0.150.1
DaemonSet ×6
:4317 gRPC
Traces · Metrics · Logs
6/6 · 8 restarts
metallb-system
6 pods
MetalLB Controller
Deployment ×0
IP allocation
LB pool mgmt
0/0 (BGP only)
MetalLB Speaker
DaemonSet ×6
Pool: 172.16.x.x–215
Used: 2 · Available: 6
6/6 · 21 restarts
cert-manager
3 pods
cert-manager v1.20.1
Deployment ×1
TLS automation
Vault + ACME issuer
1/1 Running
CA Injector
Deployment ×1
Webhook CA inject
MutatingWebhook
1/1 Running
Webhook
Deployment ×1
AdmissionWebhook
Cert validation
1/1 Running
ingress-nginx
1 pod
ingress-nginx 1.15.1
Deployment ×1
LB IP: 172.16.x.x
80 + 443 · wildcard TLS
1/1 Running
longhorn-system
27 pods
Longhorn Manager
DaemonSet ×3
Volume lifecycle
Replica placement
stog.onelabs.work ↗
3/3 · 10 restarts
Longhorn UI
Deployment ×2
Web dashboard
Volume management
2/2 Running
CSI Attacher
Deployment ×3
PVC attach/detach
Volume mount
3/3 Running
CSI Provisioner
Deployment ×3
Dynamic PVC create
StorageClass
3/3 Running
Engine Image
DaemonSet ×3
ei-75a03ec3
Storage engine
3/3 · 19 restarts
minio
1 pod
MinIO
Deployment ×1
S3 backend · 100 GiB
Loki chunks · Object Lock
minio.onelabs.work ↗
1/1 Running
SEC Cluster — sec1 · sec2 · sec3
Talos v1.12.6 · K8s v1.35.2 · VIP 172.16.x.x · ClusterMesh 172.16.x.x
Pods 92
Running 90
Pending 1
Namespaces 10
PVCs 4
opencti
16 pods
OpenCTI
Deployment ×1
CTI graph · STIX2
ATT&CK mapping
cti.onelabs.work ↗
1/1 Running
OpenCTI Worker
Deployment ×5
Async consumers
RabbitMQ queue
5/5 Running
Connector: AlienVault
Deployment ×1
OTX feed · IoC sync
Threat actors
1/1 · 7 restarts
Connector: CVE
Deployment ×1
NVD CVE feed
Vulnerability intel
1/1 · 6 restarts
Connector: MISP
Deployment ×1
Bidirectional sync
STIX2 exchange
1/1 Running
Connector: Shodan
Deployment ×1
IP enrichment
Port · Banner data
1/1 Running
Connector: URLHaus
Deployment ×1
Malicious URL feed
Phishing · Malware
1/1 Running
Connector: VirusTotal
Deployment ×1
Hash · URL scan
File reputation
1/1 Running
Elasticsearch
StatefulSet ×1
OpenCTI backend
30 GiB PVC
1/1 Running
RabbitMQ
StatefulSet ×1
Worker queue
5 GiB PVC
1/1 Running
Redis
Deployment ×1
Cache · Sessions
5 GiB PVC
1/1 Running
MinIO (SEC)
Deployment ×1
OpenCTI files S3
20 GiB PVC
1/1 Running
kube-system
25 pods · 1 pending
Cilium (SEC)
DaemonSet ×3
eBPF CNI · L3–L7
ClusterMesh peer
3/3 Running
ClusterMesh API (SEC)
Deployment ×1
:2379 · Cross-cluster
Shared service
1/1 · 40 restarts
ClusterMesh Certs
CronJob
Cert rotate job
generate-certs-*
⚠ 1 Pending
Tetragon (SEC)
DaemonSet ×3
eBPF syscall audit
Process · LSM
3/3 · 36 restarts
monitoring
8 pods
Prometheus Agent
Deployment ×1
Remote write → SOC
No local storage
1/1 Running
Fluent Bit (SEC)
DaemonSet ×3
→ Loki SOC
→ Splunk HEC
3/3 · 12 restarts
Node Exporter (SEC)
DaemonSet ×3
Host metrics :9100
sec1 · sec2 · sec3
3/3 · 12 restarts
kube-state-metrics
Deployment ×1
SEC cluster objects
Pod · Deploy state
1/1 Running
wazuh
3 pods
Wazuh Agent (SEC)
DaemonSet ×3
FIM · auditd
→ Wazuh Manager
3/3 Running
otel
3 pods
OTel Collector (SEC)
DaemonSet ×3
:4317 gRPC
Traces · Metrics
3/3 · 8 restarts
longhorn-system
27 pods
Longhorn Manager
DaemonSet ×3
4 PVCs · 60 GiB
2-replica volumes
stogs.onelabs.work ↗
3/3 · 22 restarts
CSI Attacher
Deployment ×3
PVC attach/detach
3/3 · 36 restarts
CSI Provisioner
Deployment ×3
Dynamic PVC create
3/3 · 34 restarts
Off-Cluster

VM-Hosted Services

Services running on dedicated VMs — not in Kubernetes. All behind OPNsense HAProxy, internal CA signed, integrated with Authentik SSO.

Active Directory
Windows Server VM
Identity · DNS · GPO
adone.onelabs.work
adone.onelabs.work ↗
UP
HashiCorp Vault
VM · HA Raft 3-node
Secrets · PKI
Intermediate CA
vault.onelabs.work ↗
UP
Authentik SSO
VM · Docker
OIDC · LDAP · MFA
All services unified
auth.onelabs.work ↗
UP (302)
GitLab CE 18.x
VM · Docker
Source · CI/CD
172.16.x.x
gitlab.onelabs.work ↗
UP (302)
Container Registry
VM · Docker
regis.onelabs.work
172.16.x.x
regis.onelabs.work ↗
UP (401)
AWX
VM · K8s operator
149 Playbooks
Event-driven
awx.onelabs.work ↗
UP (200)
TheHive
VM · Docker
Case management · IR
172.16.x.x:8443
hive.onelabs.work ↗
UP (200)
Cortex
VM · Docker
100+ analyzers
172.16.x.x:8443
cort.onelabs.work ↗
UP (200)
MISP
VM · Docker
IoC · STIX/TAXII
172.16.x.x
misp.onelabs.work ↗
UP (302)
Wazuh Dashboard
VM · Docker
SIEM UI · Indexer
Compliance reports
wazu.onelabs.work ↗
UP (302)
Caldera C2
VM · Docker
Red team · Sandcat
k8s-sandcat agent
c2c.onelabs.work ↗
UP
Splunk
VM
HEC :8088 · API :8089
172.16.x.x
UP (HEC 404 · API 200)
NEXT
→ Data Flow
BACK
← Infrastructure