Craig Weber

Exposing Kubernetes service to LAN

As πŸ‡ΊπŸ‡ΈπŸ¦…πŸ†“ day approaches, I've been wanting to introduce my wife to the 1996 Will Smith film by the same name. I have the film on an external hard drive, hooked up to my Jellyfin media server which is accessible on my Tailscale VPN ("tailnet" in Tailscale parlance). However, neither our smart TVs nor our router support Tailscale, so I needed to figure out how to expose my media server (which is running as a Kubernetes service) to my LAN. This post will lay out my solution.

Read More

Overlayroot Problem Statement

This week I've been looking at overlayroot as a potential solution to reduce the effort to make changes to the nodes in my Raspberry Pi cluster. In this post I want to brain-dump about the problem I'm hoping it solves and the problems I'm running into with respect to implementing overlayroot as well as potential solutions that I'm exploring.

Read More

Moving blog to EC2 Spot Instance

We recently moved from Chicago to Des Moines, and we're staying in an AirBnB for a couple months while we look for the right house to buy. In the meanwhile, most of our stuff (including critical components of my homelab) are in storage, which means my blog wasn't running. In this transient period, I figured I would try to run my blog in the cloud, and while there are easier and even cheaper options, I decided to try out running it on EC2 in order to learn a bit more about traditional Linux system administration. This post will document the approach I arrived at.

Read More


I'm starting a new series where I briefly discuss what I've been working on, what I've read, and what I'd like to explore. I'm just calling it "Update" because I know I can't commit to any particular schedule. To find out what I've been thinking about recently, read on.

Read More

Securely expose private service for cheap

Disclaimer: This is not a production-grade solution

At home I have a Raspberry Pi Kubernetes cluster running, among other things, this blog (or at least at the time of this writing). One of my goals for this cluster is to keep my cloud/SaaS/etc costs down below $5/month. Another goal is to avoid poking holes in my home router's firewall.

Read More


I worked on this blog for several hours this weekend, releasing a new post, implementing a couple new features and fixing some bugs. Here are the highlights:

  • Published the first entry in my Homelab series
  • Fixed a bug on iPad that was causing a ~300% zoom
  • Implemented syndication (atom feed)
  • Fixed broken relative links in post snippets
  • Reduced coupling between markdown and site configuration
Read More

Homelab Part I: Hardware

For hardware, I settled on Raspberry Pi 4Bs. They support up to 8GB of RAM (enough power to run the k3s master nodes) and USB 3.0 for fast external SSD I/O. The only downside of the 4Bs is that they require more power than the 3Bs, and the same multiport USB power supplies that could support a 3B cluster couldn't support a 4B cluster. To solve for this, I decided on PoE hats and a PoE switch. This halves the number of cables that need to be run to each Pi, which makes the Pi cluster that much more enjoyable and easy on the eyes.

Read More

Kubernetes + Raspberry Pi Homelab: Introduction

As I alluded to in my last post, I've finally decided to pull the trigger and build my own homelab: a personal computing environment for playing around with new tools and approaches for developing or operating software, including software that is personally useful. Read More

K3s + Tailscale

I've recently been working on my Raspberry Pi Kubernetes cluster. I also use Tailscale for my home VPN (because it's performant and absurdly easy to setup and configure). I wanted to run Kubernetes services on my VPN using private DNS names (e.g., foo.local) and addresses from the Tailscale address space (e.g., 100.*) as opposed to the host network address space (e.g., 192.168.*).

Read More