Tools: Kubernetes, FluxCD, Prometheus, Grafana, Tailscale, Cloudflare, Cert-Manager & Let’s Encrypt

During my summer 2025 internship, I started a GitOps-driven homelab made up of an old gaming laptop (which I used to play World of Warcraft), a cost-effective HP EliteDesk Mini, and a TP-Link router. It is the place where I learn about Kubernetes and other infrastructure-related topics such as security, storage, and monitoring.

The core component of the homelab is Flux, which reconciles the desired state of my cluster with its actual state. This is made possible by using a Git repository as a single source of truth for the Kubernetes manifests powering my infrastructure. No more kubectl apply, only Git commits.

In addition, I’m using a tailnet to interconnect my machines and to access them from outside without exposing them to the Internet. While Cloudflare provides TLS termination from the client web browsers to itself, Cert-Manager along with Let’s Encrypt fill the gap for secure communications up to my Ingress Controller.

Some components, such as my router and my Ingress Controller, expose Prometheus metrics that are used and displayed by Grafana to ensure everything runs smoothly.

Future steps include (1) buying a NAS and two other EliteDesk Minis, (2) using Talos as the nodes’ operating system (they currently use Debian 13), and (3) hosting my own private cloud.

The repository is available here.