I would go with direct burial shielded twisted pair and coax if I were doing it, especially if it will run directly inside for termination.

No judgement here. I think it’s a worthy goal just not one I am particularly interested in at this point. Maybe if the automation was a bit easier and the mobile device management was easier I might join you.

My experience is it’s really a lot of work and with the prevalence of letsencrypt, there is not a lot of automated setups for this use case (at least that I have been able to find). It is kind of a pain in the ass to run your own CA, especially if you plan to not use wildcard and to rotate certs often. If you use tailscale, they offer https certs with a subdomain given to you:

[server-name].[tailnet-name].ts.net

That’s honestly what I’m moving towards.

Another vote for wiki.js. It has tons of authentication options and integrations. The mobile web interface is a tad clunky but usable.

Yea that looks pretty amazing. Thanks for sharing!

Single node k3s is possible and can do what you’re asking but has some overhead (hence your acknowledgment of overkill). One thing i think it gets right and would help here is the reverse proxy service. It’s essentially a single entity with configuration of all of your endpoints in it. It’s managed programmatically so additions or changes are not needed to he done by hand. It sounds like you need a reverse proxy to terminate the TLS then ingress objects defined to route to individual containers/pods. If you try for multiple reverse proxies you will have a bad time managing all of that overhead. I strongly recommend going for a single reverse proxy setup unless you can automate the multiple proxies setup.

And here I am running a bare metal k3s cluster fully managed by custom ansible playbooks with my templatized custom manifests. I definitely learned a lot going that way. This project looks like it has just about everything covered except high availability or redundancy, but maybe I missed it in the readme. Good work but definitely not for me.

Check out Termux. It lets you install nearly any linux software on your Android device. Probably a good place to start to get your toes wet.

That would be pretty dope. If you end up writing it up don’t forget about me 😁

Do you have a link to a tutorial on this? I’ve been thinking about adding my amd64 server with an nVidia GPU to my Raspberry Pi K3s cluster.

deleted by creator

deleted by creator

deleted by creator

Node-Red is a graph flow tool and MQTT is a protocol. Neither of which can do what HA does, so not sure why that comment was made.

I know this isn’t what you’re asking for but I think this is still a good starting point. Like you correctly surmised, identity and authentication management is not an easy subject and does require extensive experience and theory.

deleted by creator

I had similar problems doing the same thing with a Pi 4.

Sure! I’m using ansible to manage the hosts, install k3s, and deploy the manifests. I’m looking at switching to nixos for reproducibility purposes. I have a couple Pi 4’s, and a handful of Pi 3Bs. Each one is booting off USB drives (Pi 4s have SSDs and others have thumb drives). Then I have an old computer I turned into a NAS server that is hosting NFS for the PVs of each pod. Then I have a rackmount gigabit switch, and I set up tailscale on each node, and reference everything by the tailnet names. Works really well and I have complete access while I’m away from home.

Edit: oh yea my NFS server is also hosting a docker server. My ansible stages the docker containers to the local docker server then each pod pulls from the local server to save on bandwidth and if internet goes down I can still do everything locally.

I have k3s running on my Pi cluster and have dozens of services running on them. USB drives for the lot of them.

Try running a server image on it without desktop and then logging into it over the network from another device like a laptop via ssh