Enterprise Security Operations Platform · onelabs.work
OneLabs SOC PLATFORM

A 26-component, 6-phase security operations platform — self-hosted on Talos Linux v1.12.6 · Kubernetes v1.35.2, spanning identity, DevSecOps, threat detection, and full observability.

→ Architecture Cluster Status SOC Stack
🌐 Live Access Points
LIVE · Audit 2026-04-13
ServiceURLTLSIP
Argo CDargo.onelabs.workwildcard-onelabs-tls172.16.x.x
Hubble UIhub.onelabs.workwildcard-onelabs-tls172.16.x.x
Longhornstog.onelabs.workwildcard-onelabs-tls172.16.x.x
Registryregis.onelabs.workInternal CAin-cluster
// Platform — Live Metrics
9
K8s Nodes · 2 Clusters
26
Components
v1.35.2
K8s Version
149
AWX Playbooks
219
Running Pods
// CLUSTER UPTIME
99.7%
// AUDIT SNAPSHOT · 2026-05-03
OSTalos v1.12.6
Kernel6.18.18-talos
Runtimecontainerd 2.1.6
CNICilium 1.19.2
Ingressnginx 1.15.1
StorageLonghorn 1.11.1
LBMetalLB 0.15.3
Implementation Roadmap

6-Phase Build Strategy

Each phase is independently deployable and operationally stable before advancing — zero single-point cascade failures across the platform.

→ Full Architecture
01
Identity & PKI ✓ COMPLETE
AD CA · Active Directory · HashiCorp Vault HA · Authentik SSO
02
Infrastructure Layer ✓ COMPLETE
Talos K8s · Cilium CNI · Longhorn · MinIO · MetalLB · Ingress-NGINX
03
DevSecOps Pipeline ✓ COMPLETE
GitLab CE · Registry · Trivy · Argo CD v3.3.6 · AWX 149 PBs
04
SOC & Threat Intel ✓ COMPLETE
Wazuh · TheHive · Cortex · MISP · OpenCTI · Caldera C2
05
Observability ◈ ACTIVE
Prometheus · Loki · Alertmanager · Grafana · Suricata IDS/IPS
06
Hardening & Compliance ○ PLANNED
KubeArmor · Kyverno · CIS Benchmark · OpenEx simulation
Full Component Registry

26 Platform Components

Every service is self-hosted, internal-CA signed, and integrated into the unified identity and observability stack. Images pulled from regis.onelabs.work.

🏛️
AD CA
Root Certificate Authority
adone.onelabs.work ↗
📂
Active Directory
Identity · DNS · GPO
adone.onelabs.work ↗
🔑
HashiCorp Vault
Secrets · PKI HA Raft
vault.onelabs.work ↗
🪪
Authentik SSO
OIDC · MFA/OTP
sso.onelabs.work ↗
🐙
GitLab CE 18.x
Source Control · CI/CD
gitlab.onelabs.work ↗
📦
Container Registry
OCI Images · Trivy-scanned
regis.onelabs.work ↗
🔄
Argo CD v3.3.6
GitOps · Sync · Rollback
argo.onelabs.work ↗
🤖
AWX
Ansible · 149 Playbooks
awx.onelabs.work ↗
📋
TheHive
Case Management · IR
hive.onelabs.work ↗
🔬
Cortex
Analysis · 100+ Analyzers
cortex.onelabs.work ↗
🦠
MISP
Threat Sharing · STIX/TAXII
misp.onelabs.work ↗
🧠
OpenCTI
CTI · ATT&CK · STIX2
cti.onelabs.work ↗
⚔️
Caldera C2
Red Team · Sandcat
c2c.onelabs.work ↗
☁️
Cloudflare
DDoS · WAF · Zero Trust
dash.cloudflare.com ↗
🔍
Suricata IDS/IPS
DPI · NFQueue · DaemonSet
In-cluster
🌐
Cilium 1.19.2 / Hubble
eBPF CNI · L3–L7 · mTLS
hub.onelabs.work ↗
📈
Prometheus Stack
kube-prometheus · ServiceMonitors
grafana.onelabs.work ↗
🌿
Loki
Log Aggregation · MinIO backend
grafana.onelabs.work ↗
🔔
Alertmanager
Route · Group · Discord/AWX
grafana.onelabs.work ↗
📊
Grafana
Dashboards · SOC Views
grafana.onelabs.work ↗
🛡️
Wazuh
SIEM · Compliance · FIM
wazuh.onelabs.work ↗
🗄️
Longhorn 1.11.1
Distributed Storage · Replicated
stog.onelabs.work ↗
🪣
MinIO
S3 · Object Lock · Anti-RW
minio.onelabs.work ↗
⚖️
MetalLB 0.15.3
BGP LoadBalancer · 6 speakers
172.16.x.x
📜
cert-manager 1.20.1
TLS Automation · ACME/Vault
In-cluster
📜
Kyverno + KubeArmor
Policy Engine · Runtime Security
In-cluster