Skip to content



In Mikrotik I configured 3 subnets.

  • Regular devices
  • Homelab devices (NUC, RaspberryPis, NAS)
  • Kubernetes services using LoadBalancer from MetalLb

I use the special domain so I can go to from anywhere in my network to access my Plex server.

I configured router DNS to go primarily to a self-hosted CoreDNS server running in Kuberentes at and secondary to

Load Balancer: MetalLb

I use MetalLB as a bare metal implementation LoadBalancer

  • This way I can use services of type LoadBalancer and they will get an IP address on that range and that IP address will resolve inside the network
  • IPAddressPool is set to

| Service | IP | | Traefik| | | CoreDNS | |


I point most of the entries to go to Traefik              IN SOA 2015082541 7200 3600 1209600 3600          IN A      IN A         IN A  IN A       IN A         IN A     IN A IN A

Ingress: Traefik

Traefik as the Application Proxy to all the software.

I can simply point all the DNS entries to the same IP address and Traefik routes it to the correct service with a simple Rule: host = "".

Exposing services to the outside: Cloudflare

I use Cloudflare to manage my domains so I can use Cloudflare Tunnels to expose the service to the outside world

  • I use Cloudflare Zero Trust to manage who can access my services (family and friends)
  • That way only valid traffic hits the server and it’s totally secure

This also runs inside a kubernetes container using the cloudflare/cloudflared image and some config files.


  • I have a secondary domain for my private stuff just to separate concerns
  • It’s pretty crazy I don’t pay for any of this, I will be happy to do it but the CF free tier is so good I don’t have to
  • I don’t have this open-sourced at the moment because I haven’t cleaned it up but maybe one day.