Kubernetes

Make hybrid networking boring: route securely from your Tailscale tailnet into a dedicated homelab VLAN using a Proxmox LXC subnet router, with a least-privilege ACL model, clear failure modes, and a validation checklist.

A pragmatic way to provision a “hybrid” homelab: local Proxmox VMs plus one (or more) Hetzner Cloud nodes acting as public ingress, with clean boundaries and a safe handoff into configuration management.

Overview Kubernetes components On my little home lab host, I run a small Kubernetes cluster mainly to tinker around with. However, in the last months, I have started migrating some productive applications to it. The cluster should be able to serve the public internet without exposing my home IP address, which also changes every 24 hours, and I was not particularly eager to play around with DynDNS. For that, I found a pretty elegant solution with an exposed node in the Hetzner cloud that handles all ingress and Tailscale as peer-to-peer VPN to connect all nodes and functions as the interface for the cluster CNI. But first, a rundown of the nodes that the cluster is composed of. ...

Descriping my homelab setup, the hardware used, the main components and a short introduction into the Software stack.