Skip to main content

Kubernetes Cluster from a Shed Computer

ยท 3 min read
Andy Reid
Andy Reid
Andy the Muppit

A computer I recovered from my shed is currently running 72 pods including my web site as a single worker in one of my production Kubernetes clusters.

Everything is running on 8-year-old desktop computers, one repurposed as a worker node the others as a control node and load balancer.

My website is running on it. I recently migrated from an expensive cloud hosted provider to my own infrastructure and serving it via a Cloudflare tunnel (on their free plan).

You really don't need to spend much money to stand-up a cluster yourself. If you are like me, you probably have some old computers gathering dust.

What supports the cluster?

  • UPS (with new batteries from Amazon) providing 4 hours run-time.
  • NAS providing NFS storage and S3-compatible buckets.

This is a non-GPU cluster as my workloads currently don't require one.

Everything documented in The Muppit Sphere is running on this cluster (apart from dev, which is virtualised on my MacBook).

If you want to build your own cluster, please follow my detailed runbooks which include all the code, descriptions and covers the following:

  • Kubernetes: design choices, setup, operations, and runbooks.
  • Applications: local-first apps I am building, including a fitness coach and a retro blaster game.
  • Cluster-wide wildcard TLS trust: how to roll out cluster-wide trust for your wildcard certificate (or internal CA) using cert-manager trust-manager and Gatekeeper.
  • Identity provider series: how to run your own identity provider on Kubernetes (ZITADEL), including OAuth/OIDC setup, SSO for cluster services, secrets management with SOPS, backups and restores, and practical hardening patterns.
  • WordPress GitOps series: how to host your own WordPress on Kubernetes with full control, including GitOps deployments, hardened ingress, external cron jobs, Redis object cache, and practical backup and restore workflows.
  • Blaster GitOps series: an end-to-end, real-world walkthrough of taking a Next.js arcade game from a laptop to an on-prem Kubernetes cluster using GitLab CI, FluxCD, SOPS, and Cloudflare Origin CA.
  • Code vulnerabilities: my notes and runbooks to quickly determine latest vulnerabilities, whether they affect anything I run, and the exact steps to verify and remediate.

What's next:

  • Adding a GPU node to the cluster to support AI workloads.
  • Upgrading the cluster to a newer version.
  • Migrating the blaster and fitness dev apps from Clerk authentication to my internal identity provider.
  • Standing up the external identity provider and migrating the blaster production app from Clerk authentication to it.
  • Build a flexible security sentinel that collects an inventory from my clusters with evidence, match it deterministically against vulnerability sources, then use a local LLM to explain impact and generate a recommendation with email summary.

I will continue to document and update as I go.

I hope that you find it useful and please ask me any questions.

Read more: Kubernetes Foundation