Home

// PLATFORM — LIVE ACCESS

Platform

The running BLS platform, exposed publicly through Cloudflare Zero Trust — no inbound port on the homelab, every request authenticated at the edge before it reaches the cluster. Open a surface to see what it is and how to get in.

How access works

Grafana is reviewer-friendly: a one-time PIN to any email, 1-hour session, read-only. ArgoCD, Guacamole and the gateway are operator-only (MFA). Authentication happens at Cloudflare's edge first, then again at the backend — the cluster never trusts the network alone.

Grafana
[ ONE-TIME PIN ]

Observability — dashboards, traces, logs, metrics

Live dashboards over the k3s platform — the LLM-gateway tracing / logs / metrics board with Loki, Tempo and Prometheus behind one OpenTelemetry pipeline.

GrafanaLokiTempoPrometheusOpenTelemetry
View & open
ArgoCD
[ OPERATOR MFA ]

GitOps control plane

The GitOps control plane: every workload's sync/health state, the matrix ApplicationSet that fans charts across the cluster, and live Git-to-cluster diffs.

ArgoCDHelmGitOpsKubernetes
View & open
Apache Guacamole
[ OPERATOR MFA ]

Clientless remote-desktop gateway

Clientless remote desktop — RDP, VNC and SSH delivered entirely in the browser, no client install. An operator-only surface behind Cloudflare Access and per-session authentication.

GuacamoleRDPVNCSSH
View & open
LLM Gateway
[ OPERATOR MFA ]

OpenAI-compatible LLM routing

An OpenAI-compatible API: FastAPI at the edge, LiteLLM routing across a homelab Ollama fleet and cloud providers, Redis-backed caching, OpenTelemetry on every request.

FastAPILiteLLMRedisOpenTelemetry
View & open

Surfaces are gated by Cloudflare Access — you'll meet the edge challenge before any page loads. If a link does not resolve yet, the tunnel is mid-deployment; access goes live once the cluster-side cloudflared daemon is synced.