In this post, I explain how I exposed Kubernetes services from my homelab using Cloudflare Tunnels to bypass CGNAT without port forwarding, VPNs, or a public IP. Instead of using a Cloud VPS with WireGuard, I opted for Cloudflare’s cloudflared daemon running as a DaemonSet inside the cluster for high availability. The blog walks through domain setup using a free Digiplat domain, connecting it to Cloudflare, creating a tunnel, deploying cloudflared on Kubernetes, and publishing internal services like Argo CD to the internet securely. Simple, secure, and zero headache. Staying tuned for securing routes with Cloudflare Access next.
In this post, I walk through building my homelab setup powered by K3s, Cilium, and Longhorn running on two tiny Lenovo ThinkCentre M920q nodes. I share why I chose K3s for a lightweight HA capable Kubernetes cluster, why Cilium felt exciting to try, and how Longhorn made network storage super easy with RWX support for Jellyfin. I also talk about experimenting with Cloudflare Tunnels for secure external access and outline future plans like adding another node, finishing kube VIP, tuning Authentik, and improving GitOps and observability. Homelabs are never really finished and that is what makes them fun.
This article breaks down how Docker works under the hood — revealing that containers are not lightweight virtual machines but isolated Linux processes. It explains what happens when you run docker run, how images form a root filesystem, and how Linux namespaces, cgroups, and the shared host kernel combine to create container isolation.
This article provides a detailed guide on setting up a self-hosted media stack using Docker containers, designed to automate the downloading, organizing, and streaming of movies and TV shows. It covers key components like Jellyfin for media streaming, Radarr and Sonarr for automatic downloading and organization, qBittorrent for torrenting, and Jellyseerr for managing media requests. The guide explains how to configure each component and how they work together to create a seamless, privacy-focused media management system. The setup allows users to easily request and stream media content from their personal server.