logo
logo

Home Lab K8 Media Server

No Repo
Home Lab K8 Media Server

This homelab project showcases a self-hosted Kubernetes cluster running on a dedicated PC that serves as a Plex Media Server. The setup enables centralized storage and streaming of movies, TV shows, and music to various client devices—including a laptop, smart TV, and mobile devices—across the home network. The project highlights both orchestration and secure networking practices.

Stack

  • Kubernetes cluster (single-node)
  • Plex Media Server in a containerized deployment
  • Persistent volumes for media storage
  • Traefik ingress controller for reverse proxying

Networking

  • Topology
    • Media server connected via Ethernet for stability
    • Clients connected via wired and wireless networks
    • VLAN segmentation to isolate media server from guest devices
    • Internal DNS-based access through Traefik ingress (plex.home.local)
  • Routing
    • Internal routing handled by the home router
    • External access disabled by default for security

Security Hardening

  • Access Control
    • Kubernetes RBAC for fine-grained permission control
    • Plex admin dashboard accessible only from trusted IP ranges
  • Network Security
    • VLAN isolation for server workloads
    • Firewall rules to strictly limit inbound and outbound traffic
  • Data Protection
    • Encrypted backups of Plex metadata and configurations
    • TLS encryption for all internal service-to-service traffic
  • Monitoring
    • Prometheus stack and Kubernetes metrics server for performance insights
    • Alerts configured for unusual network patterns or high resource usage