In this post, I explain how I exposed Kubernetes services from my homelab using Cloudflare Tunnels to bypass CGNAT without port forwarding, VPNs, or a public IP. Instead of using a Cloud VPS with WireGuard, I opted for Cloudflare’s cloudflared daemon running as a DaemonSet inside the cluster for high availability. The blog walks through domain setup using a free Digiplat domain, connecting it to Cloudflare, creating a tunnel, deploying cloudflared on Kubernetes, and publishing internal services like Argo CD to the internet securely. Simple, secure, and zero headache. Staying tuned for securing routes with Cloudflare Access next.

In this post, I walk through building my homelab setup powered by K3s, Cilium, and Longhorn running on two tiny Lenovo ThinkCentre M920q nodes. I share why I chose K3s for a lightweight HA capable Kubernetes cluster, why Cilium felt exciting to try, and how Longhorn made network storage super easy with RWX support for Jellyfin. I also talk about experimenting with Cloudflare Tunnels for secure external access and outline future plans like adding another node, finishing kube VIP, tuning Authentik, and improving GitOps and observability. Homelabs are never really finished and that is what makes them fun.