8 docs tagged with "networking"

Network-wide DNS ad-blocker — every device on the home LAN points at it for resolution, ads and trackers never make it past the gateway.

Reusable Kustomize component that drops a baseline `NetworkPolicy` into every app's namespace — default-deny ingress + egress, with explicit allow-rules for what the app actually needs to talk to.

eBPF-based CNI providing pod networking, kube-proxy replacement, network policy, WireGuard node-to-node encryption, L2 announcements for LoadBalancer IPs, and Hubble flow visibility.

Dynamic DNS updater — keeps the public DNS records for the homelab in sync with the WAN IP, even when the ISP rotates it.

Shared cluster resource that defines the internal `HTTPRoute` parent — the Gateway that internal-only apps attach to so their hostnames resolve on the home/mesh side without ever being routed publicly.

NetBird peer running on the Maresa Synology host so the NAS is reachable over the mesh — Syncthing, AdGuard, and the Traefik dashboard all available to authenticated mesh members.

Use PROXY protocol v2 to carry the real client IP through netbird/SNAT and a multi-proxy chain — with Gitea (HTTP + SSH) as a worked example showing both mental models.

Local reverse proxy + TLS terminator on the Maresa Synology host — exposes the host-local services (Syncthing UI, AdGuard UI, Traefik dashboard) on the internal *.maresa.int.kueber.eu zone with Let's Encrypt certs.