How one homelab operator redesigned his network after hosting public cloud workloads
A homelab operator running a Proxmox-based setup initially placed all workloads — including a NAS, workstation, and Kubernetes cluster — on a single flat /24 subnet. The design became untenable after he stood up an Akash provider, a Kubernetes cluster that accepts real tenant workloads from the internet, leaving public containers on the same broadcast domain as his personal infrastructure. Concerned about east-west traffic risks and the inability to apply per-workload firewall policies, he rearchitected the network along data-centre principles. Each project now gets its own VLAN, its own /24 subnet, and its own firewall policy at the routing boundary, with no default trust between segments. The redesign, anchored by OPNsense and a Cisco Nexus switch, draws on commercial data-centre isolation models to bound fault radius and enforce distinct security postures per workload.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in