Homelab Arena: Prologue

5 min read
shelldockerk3s

Prologue: Welcome to Homelab Arena

originally posted at LinkedIn

Everything in my homelab starts by hand.

I spin up VMs, deploy containers, and tweak configs by hand. There’s a README that reminds me what I did last time, and a couple scripts that mostly work—until they don’t. Nothing is automated. Nothing is elegant. And honestly? That’s kind of the point right now.

Konami World's Heroes are ready to engage.

This is my current state: chaotic, fragile, but fully mine. Every experiment, every misstep, every “why is this not reachable?” moment ends up written down somewhere—scripts, notes, or the ever-growing README that reads like patch notes for a game that never shipped.

The Arena awaits.

I know I will break things. I know I will rebuild them. But for now, I fight with what I have—manual deployments, half-baked scripts, and sheer stubbornness.

This is where the homelab story begins: from messy beginnings to controlled chaos… one pod, one VM, one Helm chart at a time.

Welcome to Homelab Arena.

What I’m running today (a.k.a. my current loadout)

The “Start Button” that absolutely is not automation

Right now, I’ve got a start_all.sh script that does two very real homelab things:

  1. Fixes my storage mess (specifically: PersistentVolumes stuck in Released) by patching PVs to clear claimRef.
  2. Installs / upgrades apps with Helm, one by one, using shared values plus per-app overrides.

It’s not fancy—just reliable enough to be dangerous.

And the current roster includes:

  • uptime-kuma
  • stirlinng-pdf (yes, it’s spelled that way in the script 😄)
  • snippet-box
  • math-worksheet (project I built to generate math practice worksheet for my kids)
  • two ghost blog for my kids
  • job-winner (opensource project that I built and used for job hunting)

Each one deployed manually, deliberately, and with full awareness that I’ll probably redo this later.

Traffic control (learning the hard way)

Traefik handles ingress and routing—but getting it there was not smooth.

At this stage, TLS isn’t missing because of some grand architectural decision. It’s missing because I didn’t fully understand it yet. Certificates, challenges, annotations, entrypoints, middleware… all of it looked straightforward, until it wasn’t.

I tried. I read docs. I copied examples. I broke things repeatedly.

Eventually, I reached a truce: routing works, services are reachable, and traffic flows where I expect it to. That’s enough—for now.

This isn’t me postponing automation out of discipline.
It’s me acknowledging the gap between knowing the tools exist and actually knowing how to use them well.

The fundamentals come first. The polish can wait.

The battlefield notes: “do this, then this, then pray”

My notes show the origin story:

  • Started with Minikube on Ubuntu, immediately ran into the “remote access is annoying” wall.
  • Switched to K3s, because LAN access should not require a ritual.
  • Played with deploying a sample app and exposing it.
  • Installed Argo CD (and also removed it at least once—because we all do that).

If Homelab Arena has a tutorial level, this was it.

My “known spells” (Kubernetes reference page)

I keep a cheatsheet of commands I always forget five minutes after using them:

  • Context checks (current-context, get-contexts)
  • The “what is even happening” commands (describe, get all -A)
  • Node draining (because maintenance always turns into an event)
  • Scaling deployments to zero (a soft reboot for your dignity)
  • Helm workflows (installing, version pinning, template previewing)
  • A solid initContainer example for “download stuff before app starts”

This is the stuff that turns “I’m stuck” into “okay, I’m unstuck… for now.”

The practice dummy: nginx, exposed three different ways

To test routing and sanity, I’ve got a classic nginx Deployment.

From there, I’ve experimented with multiple exposure patterns:

Option A: Traefik CRDs (IngressRoute + Middleware)

Route traffic via host + path prefix, then strip /nginx before it hits the service.

Option B: Kubernetes Ingress + TLS annotations

A more “standard” Ingress object, with cert-manager annotations and a TLS secret. Also strips prefix using a Traefik middleware reference.

Option C: Services (ClusterIP vs LoadBalancer)

There’s a basic ClusterIP service definition.
And there’s also a LoadBalancer service example that shows an internal IP assigned (which is very homelab, depending on how your network is set up).

Basically: I’m trying things until traffic goes where I want—and learning why when it doesn’t.

What this series is really about

Homelab Arena isn’t a “perfect setup” series. It’s the opposite.

It’s:

  • messy beginnings
  • repeatable wins
  • accidental disasters
  • the slow transition from “hand-crafted chaos” to “intentional chaos”

Each post will take one part of the lab and push it forward:

  • scripts → real automation
  • notes → actual runbooks
  • “works on my box” → “works after reboot”
  • “why is TLS broken again” → “TLS is boring now” (the dream)

For now, though?

I enter the Arena with my current gear:

  • a patch-and-pray shell script
  • Traefik (TLS still a work in progress)
  • a pile of YAML
  • and enough stubbornness to outlast my own mistakes

Let the Arena begin. 🛠️⚔️