Reading time ~2 minutes
Introducing k8s-lab-plz:
A modular Kubernetes Lab
Today I want to talk a bit about a side project I’ve been working on for a while, but never actively publicised it.
As a security engineer I often like to test new tools and technologies related to Kubernetes, but I realised I didn’t have a proper environment to do so.
Previous Iterations
In the past, I did blog about having a dedicated Kubernetes lab
(see Deploy Your Own Kubernetes Lab),
and also released automation to
Deploy a Multi-node Production Ready Kubernetes Cluster
via kubespray
, but much has changed since I released that blog post,
and relying on virtual machines seems so 2019 to me 😅.
So earlier this year I blogged on how to have a Kubernetes Lab on Baremetal, detailing the steps I took to deploy my own Kubernetes Lab on baremetal, and on an Intel NUC in particular.
That’s great for the provisioning phase, but I wanted to take this a step further, by having an automated and (more importantly) repeatable way to deploy tools/components onto the cluster.
Enter please
It’s no secret that, once I got exposed to the world of monorepos and repeatable builds in my previous job at Thought Machine, I fell in love with their elegance and engineering philosophy.
Therefore, for this project I decided to use please, a cross-language build system with an emphasis on high performance, extensibility and correctness, highly inspired by Google’s Bazel.
The Result: k8s-lab-plz
The result is k8s-lab-plz, a modular Kubernetes lab which provides an easy and streamlined way to deploy a test cluster (on minikube or baremetal) with support for different components.
Components
The components currently supported are:
- HashiCorp Vault
- ELK (Elasticsearch, Kibana, Filebeats)
- Observability (Prometheus, Grafana, Alertmanager)
- Kafka (Kafka, Zookeeper, KafkaExporter, Entity Operator)
- Cartography



For a more detailed view of what’s coming up next (i.e., Istio, Gatekeeper, Falco, etc.), you can refer to the project roadmap.
Ok, How Does it Work?
Deploying a component is as simple as running a command. For example, to deploy Vault:
❯ plz run //components/vault:deploy [minikube|baremetal]
This will automagically:
- Create a
vault
namespace - Create a
StorageClass
and aPersistentVolume
(baremetal only) - Fetch and deploy the Vault Helm chart in the
vault
namespace - Initialize (unseal) Vault
- Enable the Vault’s Kubernetes backend
- Setup the sidecar Agent, by creating a role/policy for the sidecar which allows it to read any secret in the kv-v2
secret/
backend
All with one (reproducible) command.
For another concrete example, you can check “Automating Cartography Deployments on Kubernetes”.
Show Me the Code
k8s-lab-plz can be found on Github: https://github.com/marco-lancini/k8s-lab-plz.
Conclusions
I hope you’ll find k8s-lab-plz useful, and I’m keen to get feedback on it!
If you find the information shared was useful, if something is missing, or if you have ideas on how to improve it, please let me know on Twitter.