ms_83

I’ve run Kubernetes training sessions where all of the trainees had Windows laptops with VMware Workstation. I used K3S on K3OS as the guest OS at the time, and built a cluster of 3 Kubernetes servers with 2 CPUs and 2GB of RAM each, that ran a few basic workloads. I don’t see why you couldn’t do something similar on Ubuntu with VirtualBox as the vm host.

A simpler alternative might be to use microk8s or minikube on Ubuntu.

You have a very narrow view of why certain technologies should or should not be used. I'm not behind CG-NAT but there is still plenty of value to Cloudflare tunnels for me. Even behind my IP I have a fairly complex network environment but CF tunnels make it easy for me to stand up a connection from a cluster, make it resilient and highly available, and automatically handle failure modes to keep the service up to the world. They also give me a transferable configuration that allows me to quickly move my apps to the cloud or to other hosting if I need to.

So no, I'm not "mindlessly" using them, and I'm not using them just for security or just for DDoS protection. I've actually put quite a lot of thought into my architecture and why I used certain technologies, thank you very much.

But if you don’t trust Cloudflare, who do you trust, and why? Do you trust your ISP? Do you trust Intel or AMD? The people who manufacture your router or other networking kit? People’s trust boundaries exist at different levels. If you are happy with your own, fine, but you don’t get to tell other people that they are doing it wrong just because their boundaries are different.

Because it’s not always about the encryption. I use Cloudflare tunnels because they are a good way of exposing sites to the internet without exposing my IP or opening ports, which means I don’t have to worry as much about DDoS or other attacks and therefore I don’t need to spend as much effort defending against them.

Even Cloudflare decides to inspect my traffic (and seriously why would they care about a tiny hobbyist website) it’s not like it gives them full access to everything, there are other controls you can use depending what your site is for.

Honestly what I don’t understand is why some on this sub have such strong objections to Cloudflare. Like I get they are a terrible company in a lot of ways, but name a tech company that isn’t?

Why do you need to transfer just the internals? There are options out there that will allow you to rackmount the NUC in its case. Racknex are the best ones but MyElectronics ones might also work.

How exactly are Cloudflare tunnels “unsafe”? And what makes you think VPNs are a better option?

I’ve used CF quite a lot and the major downside is that you have to have decent authn/authz on at least one end of your tunnel but CF does not necessarily provide this. VPNs provide authn but not necessarily authz depending on the setup. In either case, how you set up and manage identities and credentials is key.

The best way to achieve this depends entirely on what applications you are exposing and what options they give you for identity management.