Why I Moved<\/h2>\n\n\n\n
The honest answer is that I wanted to dogfood my own infrastructure. I had already built a Kubernetes cluster on Hetzner Cloud (you can read about that setup here<\/a>), and running my actual website on it felt like the natural next step. There is a big difference between running tutorial workloads on a cluster and running something you actually care about.<\/p>\n\n\n\n The request flow for simon-frey.com goes through quite a few layers now, which is both the beauty and the absurdity of this setup.<\/p>\n\n\n\n DNS is currently handled by Cloudflare, though I’m planning to move to a European provider like Bunny CDN at some point because I’d prefer to keep things closer to home. Cloudflare points to a Hetzner Load Balancer, which distributes traffic across the Kubernetes worker nodes. From there, Traefik acts as the ingress controller. It terminates TLS with certificates from Let’s Encrypt, which are automatically managed by cert-manager.<\/p>\n\n\n\n The Nginx cache sits in front of everything and is honestly the most important piece of the whole setup. It’s configured with Behind the cache, the site is split into two backends. The main site at simon-frey.com is a custom PHP application that renders markdown files into HTML. The content lives in a GitHub repository and gets synced into the running pod via git-sync, a Kubernetes-native sidecar that polls every 60 seconds. When I push a commit to GitHub, the site updates within a minute, and git-sync automatically fires a webhook that purges the Nginx cache so visitors see the new content immediately.<\/p>\n\n\n\n There’s also a MinIO instance serving static files under simon-frey.com\/files<\/a>. This handles larger assets that don’t belong in a git repository.<\/p>\n\n\n\n The cluster has a cluster autoscaler that can spin up additional Hetzner worker nodes when resource pressure increases. In theory, this means the site can handle traffic spikes by scaling out. In practice, provisioning a new Hetzner server takes around 5 minutes, which is an eternity if your site just got posted on Hacker News. This is fine since the Nginx cache can absorb a lot of traffic on its own, but it’s worth being honest about the limitations.<\/p>\n\n\n\n The cluster runs Victoria Metrics for metrics collection, with KWatch monitoring pod states and sending alerts via Pushover directly to my phone. I also have UpDown.io doing external HTTP checks, so I get notified if the site is unreachable from the outside, not just from the cluster’s perspective.<\/p>\n\n\n I am Simon, the author of this blog. And I have great news: You can work with me<\/b><\/p>\n As DevOps and Infrastructure freelancer, I will help you choose the right Infrastructure technology for your company, fix your cloud problems and support your team in building scalable products.<\/p>\n I work with Golang, Docker, Kubernetes, Google Cloud, AWS and Terraform.<\/p>\n Checkout my CV<\/a> to learn more or directly contact me via the button below.<\/p>\n <\/div> \n I went from paying 5 euros a month on Uberspace to roughly 14 euros a month for the Hetzner infrastructure. That’s nearly three times the cost for hosting a personal website, which is hard to justify on pure economics. But the cluster doesn’t just run my website. It also runs monitoring, a few other small services, and serves as a general playground for testing Kubernetes features and tools. The marginal cost of adding my website to the existing cluster is essentially zero since the resources it consumes are tiny, so the real comparison is more like “5 euros for hosting only my website” versus “14 euros for a whole platform that also hosts my website.”<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" My personal website, simon-frey.com, now runs on a self-managed Kubernetes cluster on Hetzner Cloud. This is, by any reasonable measure, complete overkill for a personal website that gets a few hundred visitors a day. But…<\/p>\nHow It Works<\/h2>\n\n\n\n
graph LR\n User([User]) --> Cloudflare[Cloudflare DNS]\n Cloudflare --> LB[Hetzner Load Balancer]\n LB --> Traefik[Traefik Ingress]\n Traefik --> Cache[Nginx Cache]\n Traefik -->|\/files| MinIO[MinIO]\n Cache -->|\/| PHP[PHP + git-sync]\n Cache -->|\/blog| WP[WordPress]\n WP --> MySQL[(MySQL)]\n PHP -.->|pulls every 60s| GitHub([GitHub Repo])<\/pre><\/div>\n\n\n\n
proxy_cache_use_stale<\/code>, which means it will serve cached content even when the backends are slow, throwing errors, or completely down. The cache also does background updates, so the first visitor after a cache expiry doesn’t have to wait for the backend response.<\/p>\n\n\n\nAutoscaling<\/h2>\n\n\n\n
Monitoring and Alerting<\/h2>\n\n\n\n
Highly skilled DevOps\/SRE Freelancer<\/h3>\n
![\"Simon](\"https:\/\/simon-frey.com\/cv\/img\/simon-frey.jpg\")
\n\n <\/div>\n \n Let’s work together!<\/a>\n<\/div><\/div>\n\n\nCost<\/h2>\n\n\n\n