GitPod on LAN k3s Raspberry Pi cluster

I’m trying to deploy self-hosted GitPod on a home k3s cluster of Raspberry Pi 4s (5 of them). This is partly an experiment as we’re looking to self-host GitPod at my university, and having a local instance I can tinker with would be valuable.

I understand that there are some architectural concerns but my plan was to use Docker’s buildx system to compile the base GitPod Docker images for arm64 and use that as a starting point.

The bigger issue (at least, from my inexperienced viewpoint) has to do with i) self-hosting GitPod on a home LAN, and ii) setting up the SSL certificates. With the first case, this seems to run afoul of the DNS requirements. Is there any way to configure a virtual network within my LAN to effectively satisfy this requirement? And would something like Let’s Encrypt still work in this case?

Any help is greatly appreciated.

Hello!

Beyond not having an arm64 image there shouldn’t be any issues with hosting Gitpod at home, in fact I do it myself.

I also use a Let’s Encrypt SSL certificate as well. Since you’ll need a wildcard certificate it actually seemed to work better (at least for me) since I have Traefik 80/443.

Currently I am using Gitpod in a single Docker container so I was able to easily fetch a wildcard SSL certificate using the certbot Docker container in conjunction with the NSOne plugin (this allowed for the necessary DNS records to be created and removed automagically).

I have gone down the k3s route using multiple Ubuntu VMs. Looking back at my notes I had my Traefik instance handle the SSL certificates. That said they have this section in the docs which should work for you, and I think luckily here it uses DNS challenges to perform the verification (note the --preferred-challenges=dns line in the command).

Hopefully that helps a bit! Please don’t hesitate to ask any other questions!

Hi @astuffedtiger, thanks so much for the info!

I have to be blunt–I’m a total newbie when it comes to k3s and kubernetes in general. I’m still working my way through the k3s setup tutorials to get the cluster to interface with my NAS. As such, I understand the references to Traefik and NSOne, but I’m not sure how to configure them to interface with each other. This is something I can probably figure out on my own, but I just wanted to alert you that you may have some very dumb questions coming your way.

For the DNS entry, though: the NSOne plugin looks like it’ll do what I need it to do… as long as I have a top-level domain? That’s the part that I’m wondering if I can get away with not having: if there’s a way to simply run GitPod on a LAN, using the local network (or some fancy virtual configuration entirely located within the LAN itself) to satisfy the requirements.

Thanks again!!

You’re very welcome! We all have to start somewhere! :smiley: I was (and definitely still am) a complete newbie when it comes to k3s and Kubernetes. Gitpod is actually what got me to learn a little something about both.

Thankfully k3s seems to make it a lot easier and with Rancher even a bit easier!

I found the easiest thing to do while I was learning was install Ubuntu 20.04 (or whatever the latest is) onto each Raspberry Pi. Then I installed k3s onto each of my Pi’s. I used one Pi as a master node, and the other 4 as worker nodes. Of note each of my worker nodes also had a 1TB drive connected via USB. This at least allowed me to learn the basics of k3s, Kubernetes, Rancher and MetalLB. I then applied whatever I learned when I setup 4 Ubuntu VMs (x64) so getting Gitpod going was much easier. For what it’s worth I’ve also installed Gitpod on Google Cloud and DigitalOcean - again using the previously learned knowledge. It may take some time to grasp it all, but it’s definitely worth when you see it all coming together!

You should be able to run Gitpod without a real domain. I assume you mean something like gitpod.lan (a fake domain)? If that’s the case and it does work, you won’t have to worry about SSL certificates (which I believe Gitpod can do without). I’ve only ever run it with one of my real domains so I cannot be 100% sure. It would be worth a quick search on the forums to see if anyone else has done it. You would need to ensure all systems are aware of this fake domain and can reach it.

Hope that helps some! :smiley: