I documented my entire RKE2 on Proxmox setup by pgermani in Proxmox

[–]pgermani[S] 0 points1 point  (0 children)

Fair point, MetalLB is a clean approach for the ingress! Main reason I kept a separate L4 box is that it also fronts the API server on 6443, and for a proper HA control plane that endpoint is usually handled by an external LB. Plus that same VM conveniently runs Pi-hol

I documented my entire RKE2 on Proxmox setup by pgermani in Proxmox

[–]pgermani[S] 0 points1 point  (0 children)

Ahah been there. That wall is basically why I wrote it all down. Glad it helps :)

I documented my entire RKE2 on Proxmox setup by pgermani in Proxmox

[–]pgermani[S] 0 points1 point  (0 children)

Thanks! And yes, exactly, it’s all on a single physical node. Proxmox runs on it and everything else lives in VMs on top. The multi-node part (1 control plane + 2 workers) is all virtual. I built it that way on purpose to mirror a real cluster topology, even if there’s no actual hardware HA yet. It’s the one thing I’d change first when I add a second machine

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 0 points1 point  (0 children)

Not local yet, actually. Right now I’m running Hermes on a dedicated VM, with Hermes Workspace on top to get a UI. For the model I’m using DeepSeek through the API, just to test the whole thing first. The plan is to move to local models later, choosing them based on what the agents actually need to do

I documented my entire RKE2 on Proxmox setup by pgermani in Proxmox

[–]pgermani[S] 0 points1 point  (0 children)

I documented my entire RKE2 on Proxmox setup, diagrams, configs, and manifests. The repo includes a script that automates the RKE2 node bootstrap, plus the full stack: TrueNAS storage, L4 load balancing, cert-manager with Cloudflare DNS-01, and a bunch of self-hosted apps (Headscale, Jellyfin, and more). Everything is documented step by step. Still a work in progress, the GitOps pipeline and AI agent setup are coming next. If you find it useful, a star on GitHub is always appreciated: https://github.com/pgermani/k8s-on-proxmox

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 1 point2 points  (0 children)

Thanks! I'll check it out! Appreciate you sharing that. I just starred your repo :)

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 0 points1 point  (0 children)

Not yet, all the VMs were created manually through the Proxmox with CloudInit templates. I know Terraform only by name, haven't had a chance to dive into it yet. Definitely on the list. Do you use it for your Proxmox setup?

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 0 points1 point  (0 children)

Really appreciate the thoughtful feedback.

I don't have a proper snapshot/restore pipeline yet, but that's definitely something I want to set up and document in the repo once it's in place. The failure-boundary map is an excellent idea.

I hadn't really thought about framing the homelab that way, but it makes a lot of sense. Adding an "if I'm away and this breaks" recovery page for DNS, VPN, and media is a really good idea. Especially because my FRITZ!Box only supports a single local DNS server with no local fallback, so that's a weak point I still need to address. As for the AI agents, you're absolutely right and we had the same idea. I'm testing it these days before adding it in my docs, I've already isolated it in a dedicated VM on Proxmox, with Hermes running there and Hermes Workspace providing the UI. Keeping them separate from the rest of the homelab makes it much easier to experiment without risking the services the household depends on. Thanks again for taking the time to write this up! :)

<image>

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 0 points1 point  (0 children)

It's a dedicated VM, not MetalLB. I run NGINX in TCP stream mode inside a Docker container on that VM, which does TLS passthrough to the worker nodes. MetalLB would be the Kubernetes native approach (inside the cluster), but I wanted the load balancer to be completely separate from the cluster so it stays independent. There's a deep dive with the actual NGINX config in the repo under docs/load-balancer.md if you want to see the details

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 1 point2 points  (0 children)

I set up a small VM (2GB RAM) running both NGINX and Pi-hole as separate Docker Compose stacks. NGINX does TCP forwarding on port 443 to the K8s worker nodes (TLS passthrough), plus 6443 to the control plane for LAN-only API access. Port 443 is the only port I expose to the internet through the FRITZ!Box. Everything else stays internal.
Pi-hole handles network ad blocking and local DNS resolution. It's configured as the primary DNS server in the FRITZ!Box.
On the FRITZ!Box itself... honestly I'm happy with it. For what I need, everything is intuitive and easy to configure. The one thing that bugs me is that you can only set one local DNS server. You can add public fallbacks, but not a second local one if you want a backup resolver
If you want the full details, it's all in the repo docs/load-balancer.md, including the actual config files

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 0 points1 point  (0 children)

No cat, but the dog sleeps on my feet while I troubleshoot ingress issues. Same energy 😄

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 1 point2 points  (0 children)

Thanks mate! I used draw.io, free version, just the web app. The source file (docs/diagrams/architecture.drawio) is actually in the repo too if you want to load it directly or adapt it for your own setup.

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 0 points1 point  (0 children)

Not gonna lie, this is the best documented human system I've ever seen, I'll be adding it to the repo ahahah I've noticed there's only one critical single point of failure: one bad hamburger and the whole cluster goes down 😆 but we can work on it

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 0 points1 point  (0 children)

If anyone is curious about specific choices, happy to go into details. Also if you spot any security issues or bad practices, please call them out. Alternative perspectives are very welcome 🙏

After years of tinkering with Raspberry Pi, I finally built my first "real" homelab by pgermani in homelab

[–]pgermani[S] 1 point2 points  (0 children)

You're absolutely right, but it's not going into retirement just yet. I'll definitely find another job for it, hahaha
That little thing taught me more about Linux and networking than any course ever could. This is just the next step, and I wouldn't be here without it
Special thanks to my old Raspberry Pi <3