Cadence Agyirey
Creating art through automation
homelab

Bringing the Cloud Home with K3s, Pulumi and F#: Introduction


Background

For almost 2 decades, I've been hosting my own game, Plex and web servers for family, friends and clients — I was the IT girl, and sysadmin was a way to solve many of our needs on a budget. Now, as a site reliability engineer (SRE) in my professional life, my hosting needs have expanded and I'm studying for the Certified Kubernetes Administrator exam.

Six months ago, I decided to build a Kubernetes "personal cloud" that could support all of the workloads my family already use, with the ability to scale in order to host small communities, or even a product beta. In this blog series, we'll dive deep into parts of Linux and Kubernetes that even I was unfamiliar with, and show you how to apply SRE principles at home to save hundreds of dollars a year and reclaim your data.

I will provide high-level subject overviews and pre-requisite readings, but also dive deep into subjects like infrastructure-as-code, Kubernetes security and even demonstrate what I believe is novel research in the area of rootless Kubernetes, pushing the boundaries of what's possible for self-managed Kubernetes. I will show you how to apply functional programming concepts using F# and Pulumi to solve complex infrastructure automation problems that I hope will change the way you think about them.

This is the first of a long series; I'll provide some context and explain my ambitions, but we'll break down the tech stack in greater detail and explain our engineering decisions in the next blog.

Bringing the cloud home

Subscription fees for the online services can get pricy, especially if you need family accounts; I'm paying for Apple, Spotify, Netflix, Nintendo, seedboxes, cloud-hosted containers, backups, and so on — hundreds of dollars a year that many of us have accepted as the cost of business when it comes to daily activities like storing photos and listening to music.

Infrastructure is hard, and that's why the cloud service model is so successful. Why spend hundreds of dollars upfront and hours of learning to set up network-attached storage when you could pay Dropbox a few bucks a month to automatically provision some storage for you? These costs compound though; over 2-3 years, all those subscriptions cost just as much as a powerful gaming computer or rack-mount server.

Sysadmin has changed since the days I first installed Ubuntu and set up LAMP stack. With modern containerization platforms like Docker and Kubernetes, you can configure and deploy an incredible range of software for your home or business in moments with exceptional reliability and confidence. In fact, anyone with basic Linux and networking skills can get started.

I could have used an off-the-shelf platform like TrueNAS SCALE to take advantage of many of the same technologies we'll be exploring in this series, which I've already used to reduce my subscription costs by $600 CAD annually. However, I wanted to build my own platform, to truly understand how the underlying technologies work — in fact, despite sharing some similarities with TrueNS SCALE like using K3s as a production-quality Kubernetes distribution and ZFS for enterprise-grade storage, what I'm going to share in this series is entirely original work.

This project was as much a learning exercise as it was for teaching. I want to make SRE skills more accessible by , and "personal clouds" financially viable for the average family. In this multi-part series, I'll share the techniques and problem-solving workflows I use as an SRE to quickly and easily stand up a Kubernetes cluster and deploy deploy a variety of services, using infrastructure-as-code techniques to automate as much as possible and minimize our maintenance burden as sole engineers.

Next steps

In the next blog, we'll introduce our hardware and software tech stack and take a deeper look at some of the topics this series will cover. We'll outline what a "complete" personal cloud looks like and how we'll get from a blank thumb drive to a fully operational and secure cluster with services reachable by internal DNS name or IP address, or over the internet.

If you're as excited as I am about this series, please consider sharing it to relevant circles. My partner and I are both looking for work as cloud solutions architects and having visibility on this platform is one of the best ways you can help us. You can find me on Twitter and LinkedIn. Thanks for reading, I can't wait to share more with you.