Kubernetes on heezy.blog

Getting Cloudflare on IaC

Thu, 14 May 2026 00:00:00 +0000

Everything in the lab is managed as code. FortiGate firewall rules, Proxmox VMs, Kubernetes manifests. Cloudflare was the last holdout. DNS records, tunnel config, and zone settings all lived in the dashboard, clicked into existence and never tracked anywhere. Time to fix that.

Pi-hole on Kubernetes with MetalLB and a Ruckus SSID

Wed, 15 Apr 2026 00:00:00 +0000

🚧 UNDER CONSTRUCTION 🚧 Switch and Ruckus configuration pending. Screenshots to be added.

Pi-hole was already running on the cluster. It worked fine from inside the cluster and via NodePort on weird high ports. The problem was that no actual client device could use it as a DNS server, because DNS clients expect port 53 and NodePort gives you 30054.

What started as “just give Pi-hole a real IP” turned into a new VLAN, a new DHCP server, firewall policy changes, switch configuration, and a Ruckus SSID. The usual homelab scope creep.

About This Site

Mon, 13 Apr 2026 00:00:00 +0000

This site is built with Hugo using the Terminal theme. The Hugo static site is compiled inside a Docker multi-stage build, bundled into a SWAG container image, pushed to Amazon ECR, and deployed to a MicroK8s cluster via GitHub Actions. Source content lives in a Git repo and a push to main triggers the full build-and-deploy pipeline automatically.

Hosting a Blog on Kubernetes Through Cloudflare with Zero Exposed Ports

Sun, 12 Apr 2026 00:00:00 +0000

I wanted a blog. Not a WordPress instance, not a hosted platform, not something I pay monthly for. A static site built with Hugo, baked into a container image, served by nginx, tunneled through Cloudflare, running on my Kubernetes cluster at home. No ports exposed to the internet. No public IP pointing at my house. Just a Cloudflare Tunnel and a reverse proxy.

The Heezy: A Homelab That Got Out of Hand

Tue, 10 Mar 2026 00:00:00 +0000

What Even Is a Heezy

If you grew up in the early 2000s, you probably remember when Snoop Dogg had everyone adding “-izzle” to everything. “For sheezy” was peak vocabulary for a 12-year-old who spent too much time on Counter-Strike and not enough time on homework. “Heezy” rhymes with “easy,” which is what I told myself this project would be. It was not easy. But the name stuck, and now my entire infrastructure is named after slang that peaked in 2003. No regrets.

Running 25+ Services on a 5-Node MicroK8s Cluster

Fri, 20 Feb 2026 00:00:00 +0000

This is the full story of building a MicroK8s cluster from scratch, migrating a Docker Compose stack onto it, and all the things that broke along the way. If you’re thinking about running Kubernetes at home for self-hosted services, this is what it actually looks like.

Cheap NVMe, Dead Talos, and How I Ended Up on MicroK8s

Thu, 15 Jan 2026 00:00:00 +0000

I wanted to experiment with Kubernetes on a budget. The rules:

Five nodes
Intel QuickSync-compatible processors for hardware transcoding
As cheap as possible

I found a bulk refurb reseller and bought five Lenovo ThinkCentres off the used market.