Forem: subnet savy

How to Build a Home Kubernetes Cluster With Raspberry Pi (2025 Guide)

subnet savy — Mon, 07 Jul 2025 22:29:21 +0000

If you’ve ever wanted to get hands-on with Kubernetes without paying for expensive cloud resources, building your own home lab is the perfect solution.

This guide walks you through setting up a lightweight Kubernetes cluster using Raspberry Pi devices, K3s, MetalLB, and Tailscale for secure networking.

🏠 Why Build a Home Kubernetes Cluster?

Practice DevOps and cloud-native workflows locally.
Avoid recurring cloud costs.
Learn cluster networking, persistent storage, and scaling in a safe environment.

🚀 Step-by-Step Setup

1. Flash Raspberry Pi OS

Use Raspberry Pi Imager to install Raspberry Pi OS Lite. Configure SSH access and Wi-Fi/Ethernet.

2. Install K3s on Each Node

On your master node:

curl -sfL https://get.k3s.io | sh -

Get the join token for worker nodes:

sudo cat /var/lib/rancher/k3s/server/node-token

On worker nodes, join them to the cluster:

curl -sfL https://get.k3s.io | K3S_URL=https://<MASTER_NODE_IP>:6443 K3S_TOKEN=<TOKEN> sh -

3. Configure MetalLB

Enable load balancing for your cluster by installing MetalLB:

kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml

Create a MetalLB ConfigMap to define the IP address pool:

apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: my-ip-pool
  namespace: metallb-system
spec:
  addresses:
  - 192.168.1.240-192.168.1.250

Apply it with:

kubectl apply -f metallb-config.yaml

4. Secure with Tailscale

Install Tailscale on all nodes for secure VPN access to your cluster from anywhere.

On each node:

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

Once connected, you can access your cluster securely from any device.

📊 Next Steps: Add Monitoring

Set up Prometheus and Grafana for monitoring, or deploy test apps using Helm charts to validate your setup.

📌 Original Post: Build a Home Kubernetes Cluster (Subnet Savy)

Why You Should Be Using Tailscale in 2025

subnet savy — Sun, 06 Jul 2025 03:34:09 +0000

Tailscale is hands-down one of the easiest ways to create a secure mesh VPN. Whether you’re connecting your dev environments, homelab, or cloud workloads—it just works.

✅ Why use Tailscale?

Zero config: install & connect in minutes.

Works behind NATs and firewalls.

Access your private services from anywhere securely.

Here’s how to start:

bash
Copy
Edit
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
🎉 You now have a private network between your devices.

📖 Full walkthrough: https://subnetsavy.com/wp-content/uploads/articles/tailscale-ssh-guide.html

Kubernetes Networking at Home—Made Simple

subnet savy — Sun, 06 Jul 2025 03:33:37 +0000

Networking in Kubernetes can feel like black magic, especially in a home lab. But with the right tools, you can route traffic like a pro.

✅ Key tools to use:

MetalLB for load balancing in bare metal setups.

Ingress Controllers (like NGINX) for managing HTTP(S) traffic.

Tailscale for secure remote access without exposing your cluster.

Here’s an example of setting up a simple ingress:

yaml
Copy
Edit
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:

host: myapp.local http: paths:
- path: / pathType: Prefix backend: service: name: my-service port: number: 80 📖 Full guide here: https://subnetsavy.com/wp-content/uploads/articles/k8s-network-guide.html

📦 Title: Why You Should Be Using Tailscale in 2025
Tailscale is hands-down one of the easiest ways to create a secure mesh VPN. Whether you’re connecting your dev environments, homelab, or cloud workloads—it just works.

✅ Why use Tailscale?

Zero config: install & connect in minutes.

Works behind NATs and firewalls.

Access your private services from anywhere securely.

Here’s how to start:

bash
Copy
Edit
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
🎉 You now have a private network between your devices.

📖 Full walkthrough: https://subnetsavy.com/wp-content/uploads/articles/tailscale-ssh-guide.html

Secure Kubernetes External Access with ExternalDNS and cert-manager

subnet savy — Sun, 06 Jul 2025 03:32:14 +0000

Running Kubernetes at home or in the cloud? Exposing apps externally can be tricky—but ExternalDNS + cert-manager makes it simple.

✅ What they do:

ExternalDNS automatically manages DNS records for your services.

cert-manager provisions SSL certificates with Let’s Encrypt.

Here’s how easy it is:

yaml
Copy
Edit
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-app-cert
spec:
dnsNames:
- "app.mydomain.com"
secretName: my-app-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
🎉 Boom—your app is secured with HTTPS and has an updated DNS record.

👉 Full guide here: https://subnetsavy.com/wp-content/uploads/articles/externaldns-certmanager-setup.html

Simplify Kubernetes Secrets Management

subnet savy — Sun, 06 Jul 2025 03:31:44 +0000

Kubernetes is powerful, but managing secrets like API keys and credentials can quickly get messy. If you’re still embedding secrets in your YAML files—stop! 😅

✅ Better ways to manage secrets in Kubernetes:

Use Kubernetes Secrets API with kubectl create secret.

Integrate external vaults like HashiCorp Vault or SealedSecrets for encryption.

Rotate secrets automatically with tools like External Secrets Operator.

Here’s a quick example of creating a basic secret:

bash
Copy
Edit
kubectl create secret generic my-api-key \
--from-literal=apikey=1234567890
Now you can mount or inject it into pods without exposing it in plain text.

👉 Want a full walkthrough? Read here: https://subnetsavy.com/wp-content/uploads/articles/k8s-secret-management.html

Exposing Local Dev Apps Securely with Tailscale Funnel

subnet savy — Sun, 06 Jul 2025 03:30:25 +0000

If you’ve ever needed to share a local development service or dashboard with someone outside your network, you’ve probably turned to port forwarding or ngrok. But there’s a better way: Tailscale Funnel.

Funnel lets you securely expose services running on your Tailscale-connected device to the public internet without opening firewall ports or setting up reverse proxies.

✅ Why use Funnel?

Share dev environments instantly.

Built-in HTTPS and encryption.

No VPN or static IP needed.

Here’s a quick example:

bash
Copy
Edit

Expose your local app running on port 3000

tailscale funnel 3000 on
Your app is now securely accessible at:
https://your-device-name.ts.net

🔒 Traffic is encrypted end-to-end, and you can restrict access with ACLs.

👉 Read the full guide here: https://subnetsavy.com/wp-content/uploads/articles/tailscale-funnel-guide.html

How Helm Can Simplify Your Kubernetes Deployments — A Beginner’s Guide

subnet savy — Wed, 25 Jun 2025 23:18:58 +0000

If you’re just getting started with Kubernetes, you’ve probably felt overwhelmed by the sheer amount of YAML files and configs needed to deploy even a simple app. Managing deployments manually can quickly become a headache.

Enter Helm — the Kubernetes package manager that makes your life way easier.

Why Helm?

Helm lets you bundle your Kubernetes manifests into reusable packages called charts. This means you can:
• Deploy apps with a single command
• Manage environment-specific configs with simple values.yaml files
• Upgrade or rollback your releases safely
• Share charts with your team or the community

Quickstart with Helm
1. Install Helm CLI — It’s straightforward and supports macOS, Linux, Windows.
2. Find or create a chart — You can use popular community charts or build your own.
3. Customize with values.yaml — Override defaults for your dev, staging, or prod environments.
4. Deploy and manage — Use helm install, helm upgrade, and helm rollback commands for lifecycle management.

Example commands:

helm install myapp ./mychart -f myvalues.yaml
helm upgrade myapp ./mychart -f myvalues.yaml
helm rollback myapp 1

Tips for Success
• Keep charts modular and well-documented
• Secure secrets with Helm plugins or external tools
• Integrate Helm commands into your CI/CD pipelines for automation
• Always test your charts locally before deploying to clusters

⸻

Want to dive deeper? Check out my detailed step-by-step guide on how to deploy apps on Kubernetes with Helm where I walk through examples and common pitfalls.

⸻

If you found this helpful, feel free to follow for more Kubernetes and DevOps tips!

⸻

Kubernetes #Helm #DevOps #CloudNative #CI/CD

How I Built a Kubernetes Cluster at Home (And Why You Should Too)

subnet savy — Wed, 18 Jun 2025 19:19:05 +0000

Want to run your own private cloud from your garage, office, or homelab? Here’s exactly how I built a production-grade Kubernetes cluster using Raspberry Pis, SSDs, and open source tools — and how you can too.

🧰 The Gear I Used
3x Raspberry Pi 4B (8GB recommended)
3x SSDs (like the Crucial X8 with USB 3.0 adapters)
1x Gigabit managed switch
1x Router or Tailscale for remote access
Ethernet cables, Pi cases with cooling, SD cards for boot
🛠️ Flashing the Raspberry Pi OS
Start with Raspberry Pi Imager. Choose the 64-bit Lite version of Raspberry Pi OS.

Set a hostname (like k8s-master), enable SSH, and add Wi-Fi credentials (or plug into Ethernet). You can do this from the advanced settings (gear icon) in the imager tool.

For headless setups, enable SSH by placing a blank file named ssh in the /boot directory after flashing.

🔧 First Boot and Configuration
Boot your Pi, then SSH into it using the hostname or IP address. Change the password, run full updates, and reboot.

If you’re using DHCP, assign a static IP using /etc/dhcpcd.conf.

You can also set the hostname with hostnamectl if you didn’t already during flashing.

🚀 Installing Kubernetes (K3s)
We’re using K3s — a lightweight Kubernetes distribution designed for low-power devices.

Run the official K3s install script on the master node. It sets up your API server, scheduler, and controller manager in one binary.

Verify your cluster by checking kubectl get nodes.

To add workers, grab the token from the master node and run the K3s join command on each worker.

⚙️ Install Helm
Helm is the package manager for Kubernetes. Install it using the official install script and verify the installation.

🌐 Add Load Balancing with MetalLB
Kubernetes doesn’t expose services directly on bare metal. MetalLB solves this by assigning external IPs from your local LAN.

First, enable strictARP in the kube-proxy configmap.

Then apply the MetalLB manifests, and configure an IP address pool (e.g., 192.168.1.240–250). Add a Layer 2 advertisement so MetalLB can respond to ARP requests.

🔐 Add Secure Remote Access with Tailscale
Tailscale makes remote cluster access easy with encrypted, zero-config VPN. Install the Tailscale agent, authenticate, and your Pi cluster will appear in your Tailscale network instantly.

Bonus: it works across NATs and firewalls.

📈 Monitoring the Cluster
Install Prometheus + Grafana using the kube-prometheus-stack Helm chart.

Port-forward the Grafana service to access dashboards, or expose it via Ingress and secure it with Tailscale ACLs.

Grafana provides beautiful dashboards for CPU, memory, pod health, and more — critical for long-term reliability.

🧪 Common Problems I Faced
Time sync errors prevented nodes from joining
Tailscale required approval from the admin panel before traffic would route
MetalLB wouldn’t assign IPs until strictARP was enabled
Some Pis overheated under load — active cooling was a must
Pods stuck in Pending? Often a resource issue — check node taints or available RAM
📦 Affiliate Hardware I Actually Use
Crucial X8 SSD
TP-Link SG108 switch
Argon Neo or FLIRC case
Raspberry Pi 4B (8GB model)
I’ve tested all of these personally in my cluster and recommend them without hesitation.

🔁 What’s Next?
If you want to:

Self-host services like Pi-hole, Uptime Kuma, or Vaultwarden
Learn GitOps with ArgoCD

Practice real-world cloud skills
Or build a private edge cloud…
Then a home Kubernetes cluster is the best playground.

You can download my printable Kubernetes Lab Checklist (with gear links and setup steps) free here:
👉 👉 Download the Home Kubernetes Lab Checklist (Free PDF)

I Built a Home Kubernetes Lab with Raspberry Pis — Here's Everything I Learned

subnet savy — Tue, 03 Jun 2025 03:12:43 +0000

Hey Devs 👋

Over the past few months, I’ve gone down the home lab rabbit hole — and ended up building a fully functional Kubernetes cluster using Raspberry Pis, SSDs, open source tools, and a bunch of trial-and-error.

I created SubnetSavy.com to share what I learned along the way. If you’ve ever wanted to run your own infrastructure from home (instead of renting it from AWS), this might be for you.

What I cover:
🖥️ Setting up Kubernetes on Raspberry Pi 4 and 5
💾 Choosing the best SSDs and storage gear for long-term reliability
🔐 Building a zero-trust network using Tailscale
📦 Deploying apps with Helm and automating infra with Terraform
📊 Monitoring your cluster with Grafana, Prometheus, and alerts
🌐 Managing DNS, Load Balancing, Ingress, and ExternalDNS
🚀 Hands-on gear reviews for networking, cooling, power, and more

This isn't a "hello world" Kubernetes blog. It's focused on practical, tested guides — with affiliate-supported gear picks to help others build smarter.

Check it out:
➡️ SubnetSavy.com