What comes after Kubernetes?

I tend to cherish the time between Christmas and the New Year: Work is quieter, There’s little happening socially and I can spend time trying out new things on my Homelab! I’d been ignoring a home assistant error for a month at this point, so I decided to finally take a look - only to be immediately met with a wall of certificate related errors. A few years ago, I decided to setup Kubernetes as the orchestration engine for my homelab in an attempt to learn the internals better - it seems like ignoring to update kubernetes leads to certificates expiring, causing the wall of errors I saw earlier. Apparently updating k3s also takes care of the certificate renewals, something I had to manually trigger to get the cluster and my applications healthy again.

The experience just showed me how much I dislike kubernetes again - its way too over-engineered, atleast for a homelab. While I did learn a lot from the experience, I prefer knowing the moving bits and pieces! However the experience also showed me what I was missing with the plain docker compose approach I had before! I appreciated having the ability to auto-create certificates, having git as my source of truth and not thinking about routing or monitoring!

Thinking about the requirements led to the following:

• Github as the source of truth, with a services and a core folder
• The core folder outside the scope of gitops, its the ingress and deployment manager (to avoid the bootstrap problem)
• The services contain all the configs that need deploying
• Github bot/action to track releases and auto-create PRs that can be automatically deployed on approval

With Claude code all the hype this year, I decided to see how nice it was for design exploration! I came up with a list of requirements and let claude interactively suggest options for me, once we narrowed down a list of options - I asked it to generate all the template configs so that I could visually see what was possible and not. Additionally I could setup small test examples and prod at them, refining my requirement list each time. This sort of iterative exploration would have taken days in the past, I didn’t have to deal with outdated READMEs or bespoke bugs!

The stack I ended up deploying (and liking!):

• Traefik to handle ingress and certificates. I avoided traefik in the past because the middleware concept wasn’t intuitive for me, but using examples from claude - I could finally grok it! My old default was HAProxy and at work we use nginx + proxy mangager, both now seem more cumbersome compared to traefik.
• Komodo for deployments. Komodo handles gitOps for docker compose files, it can track a folder in a github repository and deploy the changes. However, unlike Kubernetes, I can still SSH into the machine and make changes manually if I wish (the next run would overwrite it unless I upstream the changes). This lets me easily interact with my homelab and extend it with host binaries (during dev), without having to write a helm chart to even start. Komodo also has the concept of a core and a periphery, so I can theoretically have it running on multiple hosts if I want to expand my homelab. The config for Komodo is a simple TOML file, so the deployment orchestrator settings is also tracked in git.
• Renovate bot for PRs, deployed as a github action with scoped access and permissions. This allows me to automate away updates as komodo will pick them up after merging.
• PockedID for Passkey based OIDC. This is something I wanted to try out this year, Traefik integrates well with OIDC and so do most of the services I plan on using. I wanted to centralize my user management and use passkeys by default everywhere. I’m not sold on the idea of passkeys, but I must admit that they work better for me since moving to iPhone from a Samsung.

Exploring, iterating and debugging on the entire workflow wouldn’t have been possible without Claude! The last years, this exercise used to take 2-3d of toil, that’s down to an afternoon now. Claude isn’t bulletproof yet, it makes mistakes that are often hard to catch or would only show up later in time - but we’ve really come a long way with AI tooling!