Skip to content

Configuration management

All the software runs in Kubernetes. I use Terraform with it’s kubernetes provider to manage deployments, services, jobs and so on.


Load Balancer

I use MetalLB as a bare metal implementation Load-Balancer

  • IPAddressPool is set to
  • This way I can use services of type LoadBalancer and they will get an IP address on that range and that IP address will resolve inside the network
  • For examples I configured Traefik to be in and CoreDNS in
  • Installed using Helm


I use the special domain so I can go to from anywhere in my network to access my Plex server.

In the Unity Security Gateway I configured the DNS to go primarily to a CoreDNS server running in Kuberentes at and secondary to IN SOA 2015082541 7200 3600 1209600 3600 IN A IN A IN A IN A IN A IN A IN A IN A

Installed using helm.


I use Traefik as the Application Proxy to all the software.

I can simply point all the DNS entries to the same IP address and Traefik routes it to the correct service with a simple Rule: host = "".

Installed using helm.

Exposing services to the outside

I use Cloudflare to manage my domains and use other of it’s services:

  • Tunnels to expose my self-hosted services domain. For example I can go do to access NocoDB
  • I use Cloudflare Zero Trust to manage who can access my services (family and friends). This way only valid traffic hits the server and it’s totally secure

This also runs inside a kubernetes container using the cloudflare/cloudflared image and some config files.


  • I have a secondary domain for my private stuff just to separete concerns
  • It’s pretty crazy I don’t pay for any of this, I will be happy to do it but the free tiers are so good I don’t have to

Managing the servers

I use Ansible to install Kubernetes and other software in the machines.

  • I keep its use to a minimal and try to keep everything else in Kubernetes + Terraform
  • Roles used:
    • geerlingguy.containerd
    • geerlingguy.kubernetes
  • Other config
    • Download a couple of Kubernetes tools
    • Mount the NAS to /mnt/nas

Then I moved the Kubernetes config to my workstation and work directly from there.


I don’t have this open-sourced at the moment because I haven’t cleaned it up.