DEV Community: Slimane BOUHADI The latest articles on DEV Community by Slimane BOUHADI (@bouhadi_labs_18401393c835). https://dev.to/bouhadi_labs_18401393c835 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3913756%2F99ed95a0-fcba-4cfa-a711-8f36f2efe5de.png DEV Community: Slimane BOUHADI https://dev.to/bouhadi_labs_18401393c835 en Building a Production-Grade MLOps Home Lab on Windows — K8s, LLM, RAG & GitLab CI Slimane BOUHADI Sat, 23 May 2026 18:42:59 +0000 https://dev.to/bouhadi_labs_18401393c835/building-a-production-grade-mlops-home-lab-on-windows-k8s-llm-rag-gitlab-ci-54f0 https://dev.to/bouhadi_labs_18401393c835/building-a-production-grade-mlops-home-lab-on-windows-k8s-llm-rag-gitlab-ci-54f0 <blockquote> <p><strong>TL;DR</strong> — I set up a complete MLOps stack on my Windows 11 PC using Multipass + k3s. This is the real guide — including every error I hit and how I fixed it. No fluff, no perfect screenshots. Just what actually worked.</p> </blockquote> <h2> Why Build a Home Lab? </h2> <p>Cloud bills add up fast when you're learning. A local home lab gives you:</p> <ul> <li> <strong>Real Kubernetes</strong> — not Minikube toy mode</li> <li> <strong>Full MLOps stack</strong> — MLflow, Minio, Airflow, Ollama, Qdrant</li> <li> <strong>CI/CD with GitLab</strong> — actual pipelines, not tutorials</li> <li> <strong>Zero cost</strong> — runs on hardware you already own</li> <li> <strong>Safe sandbox</strong> — break things without consequences</li> </ul> <p>The goal wasn't just to have services running. The goal was to <strong>practice the full DevOps + MLOps workflow</strong> end to end: push code → pipeline triggers → Terraform provisions → services deploy → metrics appear in Grafana.</p> <h2> My Setup </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Resource</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>OS</td> <td>Windows 11 Pro</td> </tr> <tr> <td>RAM</td> <td>32 GB</td> </tr> <tr> <td>CPU</td> <td>8 cores</td> </tr> <tr> <td>Disk</td> <td>500 GB SSD</td> </tr> <tr> <td>Hypervisor</td> <td>Hyper-V (native Windows Pro)</td> </tr> <tr> <td>VM Manager</td> <td>Multipass</td> </tr> <tr> <td>Kubernetes</td> <td>k3s</td> </tr> </tbody> </table></div> <p><strong>Architecture decision:</strong> I kept Windows as my daily driver and ran everything inside a single Ubuntu VM via Multipass. Clean separation, easy to pause/resume, no dual boot headaches.</p> <h2> The Stack </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Windows 11 (daily driver) │ ├── 🌐 GitLab.com (SaaS — free tier) │ └── Pipelines + Container Registry │ └── Multipass → vm-k3s (10 GB RAM / 4 CPU / 80 GB) │ ├── ☸️ k3s (Kubernetes) │ ├── ⚙️ MLOps │ ├── MLflow — experiment tracking │ ├── Minio — S3-compatible artifact storage │ └── Airflow — pipeline orchestration │ ├── 🤖 LLM Stack │ ├── Ollama — run LLMs locally (CPU) │ └── LiteLLM — unified OpenAI-compatible API │ ├── 🔍 RAG Stack │ ├── Qdrant — vector database │ └── LangChain — RAG orchestration │ ├── 📊 Observability │ ├── Prometheus — metrics │ ├── Grafana — dashboards │ └── Loki — centralized logs │ └── 🔐 HashiCorp Vault — secrets management </code></pre> </div> <h2> Step 1 — Enable Hyper-V and Install Tools </h2> <p>First, enable Hyper-V on Windows Pro (required for Multipass):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Run as Administrator</span><span class="w"> </span><span class="n">Enable-WindowsOptionalFeature</span><span class="w"> </span><span class="nt">-Online</span><span class="w"> </span><span class="nt">-FeatureName</span><span class="w"> </span><span class="nx">Microsoft-Hyper-V-All</span><span class="w"> </span><span class="c"># Reboot when prompted</span><span class="w"> </span></code></pre> </div> <p>After reboot, install all tools via winget:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">winget</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">Canonical.Multipass</span><span class="w"> </span><span class="n">winget</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">Git.Git</span><span class="w"> </span><span class="n">winget</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">Microsoft.VisualStudioCode</span><span class="w"> </span><span class="n">winget</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">Hashicorp.Terraform</span><span class="w"> </span><span class="n">winget</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">Helm.Helm</span><span class="w"> </span><span class="n">winget</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">Kubernetes.kubectl</span><span class="w"> </span></code></pre> </div> <blockquote> <p><strong>Why winget over Chocolatey?</strong> I originally used <code>choco install multipass</code> and hit this error:<br> <code>Exception calling "Start": "The specified executable is not a valid application for this OS platform."</code><br> Winget installs the proper signed installer directly. Use winget.</p> </blockquote> <h2> Step 2 — Create the VM </h2> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">multipass</span><span class="w"> </span><span class="nx">launch</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nx">vm-k3s</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cpus</span><span class="w"> </span><span class="nx">4</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--memory</span><span class="w"> </span><span class="nx">10G</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--disk</span><span class="w"> </span><span class="nx">80G</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nx">22.04</span><span class="w"> </span></code></pre> </div> <blockquote> <p><strong>RAM tip:</strong> I originally tried 16 GB and got:<br> <code>Failed to allocate 16384 MB of RAM: Insufficient system resources</code><br> Windows was already consuming ~20 GB. 10 GB for the VM is the sweet spot on a 32 GB machine — leaves your OS comfortable and gives k3s plenty of room.</p> </blockquote> <p>Check your actual free RAM before creating the VM:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-CimInstance</span><span class="w"> </span><span class="nx">Win32_OperatingSystem</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select-Object</span><span class="w"> </span><span class="nx">FreePhysicalMemory</span><span class="p">,</span><span class="w"> </span><span class="nx">TotalVisibleMemorySize</span><span class="w"> </span></code></pre> </div> <p>Enter the VM:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">multipass</span><span class="w"> </span><span class="nx">shell</span><span class="w"> </span><span class="nx">vm-k3s</span><span class="w"> </span><span class="c"># Prompt becomes: ubuntu@vm-k3s:~$</span><span class="w"> </span></code></pre> </div> <h2> Step 3 — Install Docker + k3s </h2> <p>Inside the VM:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Docker</span> curl <span class="nt">-fsSL</span> https://get.docker.com | <span class="nb">sudo </span>sh <span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker ubuntu <span class="nb">sudo </span>systemctl <span class="nb">enable </span>docker <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>systemctl start docker <span class="c"># k3s — lightweight Kubernetes</span> curl <span class="nt">-sfL</span> https://get.k3s.io | sh <span class="nt">-s</span> - <span class="se">\</span> <span class="nt">--write-kubeconfig-mode</span> 644 <span class="se">\</span> <span class="nt">--disable</span> traefik <span class="se">\</span> <span class="nt">--docker</span> <span class="nb">sleep </span>20 <span class="nb">sudo </span>k3s kubectl get nodes </code></pre> </div> <p>Configure kubectl:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> ~/.kube <span class="nb">sudo cp</span> /etc/rancher/k3s/k3s.yaml ~/.kube/config <span class="nb">sudo chown </span>ubuntu:ubuntu ~/.kube/config <span class="nb">echo</span> <span class="s1">'export KUBECONFIG=~/.kube/config'</span> <span class="o">&gt;&gt;</span> ~/.bashrc <span class="nb">source</span> ~/.bashrc kubectl get nodes <span class="c"># NAME STATUS ROLES AGE VERSION</span> <span class="c"># vm-k3s Ready control-plane,master 30s v1.29.x</span> </code></pre> </div> <h2> Step 4 — Helm + Namespaces </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install Helm</span> curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash <span class="c"># Add repos</span> helm repo add grafana https://grafana.github.io/helm-charts helm repo add prometheus https://prometheus-community.github.io/helm-charts helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts helm repo add hashicorp https://helm.releases.hashicorp.com helm repo update <span class="c"># Create namespaces</span> <span class="k">for </span>ns <span class="k">in </span>mlops llm rag monitoring logging vault<span class="p">;</span> <span class="k">do </span>kubectl create namespace <span class="nv">$ns</span> <span class="k">done</span> </code></pre> </div> <h2> Step 5 — Connect GitLab CI </h2> <p>I used <strong>GitLab.com SaaS</strong> instead of self-hosting GitLab. This saved 6 GB of RAM — GitLab CE alone needs 6+ GB. Free tier is more than enough for a home lab.</p> <p>Create a project on gitlab.com, grab the registration token from <strong>Settings → CI/CD → Runners</strong>, then:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install GitLab Runner</span> curl <span class="nt">-L</span> https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | <span class="nb">sudo </span>bash <span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> gitlab-runner <span class="nb">sudo </span>usermod <span class="nt">-aG</span> docker gitlab-runner <span class="c"># Register</span> <span class="nb">sudo </span>gitlab-runner register <span class="se">\</span> <span class="nt">--non-interactive</span> <span class="se">\</span> <span class="nt">--url</span> <span class="s2">"https://gitlab.com"</span> <span class="se">\</span> <span class="nt">--registration-token</span> <span class="s2">"YOUR_TOKEN_HERE"</span> <span class="se">\</span> <span class="nt">--executor</span> <span class="s2">"docker"</span> <span class="se">\</span> <span class="nt">--docker-image</span> <span class="s2">"alpine:latest"</span> <span class="se">\</span> <span class="nt">--docker-volumes</span> <span class="s2">"/var/run/docker.sock:/var/run/docker.sock"</span> <span class="se">\</span> <span class="nt">--docker-privileged</span> <span class="se">\</span> <span class="nt">--description</span> <span class="s2">"homelab-runner"</span> <span class="se">\</span> <span class="nt">--tag-list</span> <span class="s2">"homelab,k8s,mlops,terraform"</span> <span class="se">\</span> <span class="nt">--run-untagged</span> <span class="nb">true sudo </span>gitlab-runner start </code></pre> </div> <p>Your runner appears green in GitLab within seconds. Every push now triggers real CI/CD on your local machine.</p> <h2> Step 6 — Deploy Minio (The Right Way) </h2> <p>This is where I hit my first major blocker.</p> <p><strong>What I tried first:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm <span class="nb">install </span>minio bitnami/minio <span class="se">\</span> <span class="nt">--namespace</span> mlops <span class="se">\</span> <span class="nt">--set</span> auth.rootUser<span class="o">=</span>minioadmin <span class="se">\</span> <span class="nt">--set</span> auth.rootPassword<span class="o">=</span>minioadmin123 </code></pre> </div> <p><strong>What happened:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">Failed to pull image "docker.io/bitnami/minio:2025.7.23-debian-12-r3": not found Error: ErrImagePull → ImagePullBackOff </span></code></pre> </div> <p>Bitnami generates Helm chart tags that reference Docker images which don't yet exist on Docker Hub. Classic timing issue.</p> <p><strong>The fix — use the official Minio image directly:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="sh">'</span><span class="no">EOF</span><span class="sh">' | kubectl apply -f - apiVersion: apps/v1 kind: Deployment metadata: name: minio namespace: mlops spec: replicas: 1 selector: matchLabels: app: minio template: metadata: labels: app: minio spec: containers: - name: minio image: quay.io/minio/minio:latest command: ["minio", "server", "/data", "--console-address", ":9001"] env: - name: MINIO_ROOT_USER value: "minioadmin" - name: MINIO_ROOT_PASSWORD value: "minioadmin123" ports: - containerPort: 9000 name: api - containerPort: 9001 name: console --- apiVersion: v1 kind: Service metadata: name: minio namespace: mlops spec: type: NodePort ports: - name: api port: 9000 nodePort: 30900 - name: console port: 9001 nodePort: 30901 selector: app: minio </span><span class="no">EOF </span></code></pre> </div> <p><code>quay.io/minio/minio</code> is Minio's own registry — always up to date, no tag mismatch issues.</p> <h2> Step 7 — Deploy MLflow </h2> <p>MLflow needs Minio as its artifact backend. I used SQLite to keep it simple (no PostgreSQL dependency for a home lab):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="sh">'</span><span class="no">EOF</span><span class="sh">' | kubectl apply -f - apiVersion: apps/v1 kind: Deployment metadata: name: mlflow namespace: mlops spec: replicas: 1 selector: matchLabels: app: mlflow template: metadata: labels: app: mlflow spec: initContainers: - name: create-minio-bucket image: quay.io/minio/mc:latest command: ["/bin/sh", "-c"] args: - | mc alias set minio http://minio:9000 minioadmin minioadmin123 mc mb minio/mlflow --ignore-existing containers: - name: mlflow image: ghcr.io/mlflow/mlflow:latest command: - mlflow - server - --host=0.0.0.0 - --port=5000 - --backend-store-uri=sqlite:///mlflow.db - --default-artifact-root=s3://mlflow/ - --serve-artifacts env: - name: MLFLOW_S3_ENDPOINT_URL value: "http://minio:9000" - name: AWS_ACCESS_KEY_ID value: "minioadmin" - name: AWS_SECRET_ACCESS_KEY value: "minioadmin123" - name: AWS_DEFAULT_REGION value: "us-east-1" ports: - containerPort: 5000 --- apiVersion: v1 kind: Service metadata: name: mlflow namespace: mlops spec: type: NodePort ports: - port: 5000 nodePort: 30500 selector: app: mlflow </span><span class="no">EOF </span></code></pre> </div> <p>The <code>initContainer</code> automatically creates the <code>mlflow</code> bucket in Minio before the server starts — no manual setup needed.</p> <h2> Step 8 — Run a Local LLM with Ollama </h2> <p>This is where it gets interesting. Running a real LLM on your local machine, inside Kubernetes, on CPU only.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="sh">'</span><span class="no">EOF</span><span class="sh">' | kubectl apply -f - apiVersion: apps/v1 kind: Deployment metadata: name: ollama namespace: llm spec: replicas: 1 selector: matchLabels: app: ollama template: metadata: labels: app: ollama spec: containers: - name: ollama image: ollama/ollama:latest ports: - containerPort: 11434 env: - name: OLLAMA_NUM_PARALLEL value: "1" - name: OLLAMA_MAX_LOADED_MODELS value: "1" resources: requests: memory: "2Gi" cpu: "1" limits: memory: "4Gi" cpu: "3" volumeMounts: - name: ollama-data mountPath: /root/.ollama volumes: - name: ollama-data emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: ollama namespace: llm spec: type: NodePort ports: - port: 11434 nodePort: 31434 selector: app: ollama </span><span class="no">EOF </span></code></pre> </div> <blockquote> <p><strong>Critical: always set resource limits on shared VMs.</strong> Without limits, Ollama will consume all available RAM and OOMKill your other pods. I learned this the hard way.</p> </blockquote> <h3> Choosing the Right Model for CPU </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Model</th> <th>RAM needed</th> <th>Good for</th> </tr> </thead> <tbody> <tr> <td>Mistral 7B Q4</td> <td>4.3 GB</td> <td>Too heavy for 4 GB limit</td> </tr> <tr> <td>Phi-3 Mini</td> <td>3.5 GB</td> <td>Still too heavy</td> </tr> <tr> <td><strong>llama3.2:1b</strong></td> <td><strong>1.3 GB</strong></td> <td>✅ Perfect for CPU home lab</td> </tr> <tr> <td>gemma2:2b</td> <td>1.6 GB</td> <td>✅ Good alternative</td> </tr> </tbody> </table></div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">OLLAMA_POD</span><span class="o">=</span><span class="si">$(</span>kubectl get pod <span class="nt">-n</span> llm <span class="nt">-l</span> <span class="nv">app</span><span class="o">=</span>ollama <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.items[0].metadata.name}'</span><span class="si">)</span> <span class="c"># Pull the model</span> kubectl <span class="nb">exec</span> <span class="nt">-n</span> llm <span class="nv">$OLLAMA_POD</span> <span class="nt">--</span> ollama pull llama3.2:1b <span class="c"># Test it</span> kubectl <span class="nb">exec</span> <span class="nt">-n</span> llm <span class="nv">$OLLAMA_POD</span> <span class="nt">--</span> ollama run llama3.2:1b <span class="s2">"Explain RAG in 2 sentences"</span> </code></pre> </div> <p>Test via API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">VM_IP</span><span class="o">=</span><span class="si">$(</span><span class="nb">hostname</span> <span class="nt">-I</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span> curl <span class="nt">-s</span> http://<span class="nv">$VM_IP</span>:31434/api/generate <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "model": "llama3.2:1b", "prompt": "What is MLOps?", "stream": false }'</span> | python3 <span class="nt">-c</span> <span class="s2">"import sys,json; print(json.load(sys.stdin)['response'])"</span> </code></pre> </div> <h2> Step 9 — Observability Stack </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Prometheus + Grafana</span> helm <span class="nb">install </span>kube-prometheus prometheus/kube-prometheus-stack <span class="se">\</span> <span class="nt">--namespace</span> monitoring <span class="se">\</span> <span class="nt">--set</span> grafana.service.type<span class="o">=</span>NodePort <span class="se">\</span> <span class="nt">--set</span> grafana.service.nodePort<span class="o">=</span>30300 <span class="se">\</span> <span class="nt">--set</span> grafana.adminPassword<span class="o">=</span>admin123 <span class="se">\</span> <span class="nt">--set</span> prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues<span class="o">=</span><span class="nb">false</span> <span class="c"># Loki (log aggregation) + Promtail (log shipper)</span> helm <span class="nb">install </span>loki grafana/loki-stack <span class="se">\</span> <span class="nt">--namespace</span> logging <span class="se">\</span> <span class="nt">--set</span> grafana.enabled<span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">--set</span> promtail.enabled<span class="o">=</span><span class="nb">true</span> </code></pre> </div> <p>Access Grafana:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">VM_IP</span><span class="o">=</span><span class="si">$(</span><span class="nb">hostname</span> <span class="nt">-I</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"Grafana: http://</span><span class="nv">$VM_IP</span><span class="s2">:30300"</span> <span class="c"># Login: admin / admin123</span> </code></pre> </div> <p>Add Loki as a data source in Grafana:</p> <ul> <li><strong>Settings → Data Sources → Add → Loki</strong></li> <li>URL: <code>http://loki.logging:3100</code> </li> </ul> <p>Now you have unified logs + metrics in one dashboard.</p> <h2> Step 10 — Vault for Secrets Management </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm <span class="nb">install </span>vault hashicorp/vault <span class="se">\</span> <span class="nt">--namespace</span> vault <span class="se">\</span> <span class="nt">--set</span> server.dev.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> server.dev.devRootToken<span class="o">=</span>root <span class="se">\</span> <span class="nt">--set</span> ui.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> ui.serviceType<span class="o">=</span>NodePort <span class="se">\</span> <span class="nt">--set</span> ui.serviceNodePort<span class="o">=</span>30820 <span class="c"># Store your first secret</span> <span class="nv">VAULT_POD</span><span class="o">=</span><span class="si">$(</span>kubectl get pod <span class="nt">-n</span> vault <span class="nt">-l</span> app.kubernetes.io/name<span class="o">=</span>vault <span class="nt">-o</span> <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">'{.items[0].metadata.name}'</span><span class="si">)</span> kubectl <span class="nb">exec</span> <span class="nt">-n</span> vault <span class="nv">$VAULT_POD</span> <span class="nt">--</span> vault secrets <span class="nb">enable </span>kv-v2 kubectl <span class="nb">exec</span> <span class="nt">-n</span> vault <span class="nv">$VAULT_POD</span> <span class="nt">--</span> vault kv put secret/homelab <span class="se">\</span> <span class="nv">minio_key</span><span class="o">=</span>minioadmin <span class="se">\</span> <span class="nv">minio_secret</span><span class="o">=</span>minioadmin123 <span class="nv">VM_IP</span><span class="o">=</span><span class="si">$(</span><span class="nb">hostname</span> <span class="nt">-I</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"Vault UI: http://</span><span class="nv">$VM_IP</span><span class="s2">:30820 (token: root)"</span> </code></pre> </div> <p>In your GitLab CI pipeline, reference Vault secrets instead of hardcoding them in variables.</p> <h2> The Full Picture — All Services Running </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">VM_IP</span><span class="o">=</span><span class="si">$(</span><span class="nb">hostname</span> <span class="nt">-I</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"=== Your Home Lab ==="</span> <span class="nb">echo</span> <span class="s2">"MLflow : http://</span><span class="nv">$VM_IP</span><span class="s2">:30500"</span> <span class="nb">echo</span> <span class="s2">"Minio : http://</span><span class="nv">$VM_IP</span><span class="s2">:30901"</span> <span class="nb">echo</span> <span class="s2">"Grafana : http://</span><span class="nv">$VM_IP</span><span class="s2">:30300 (admin/admin123)"</span> <span class="nb">echo</span> <span class="s2">"Vault : http://</span><span class="nv">$VM_IP</span><span class="s2">:30820 (token: root)"</span> <span class="nb">echo</span> <span class="s2">"Ollama : http://</span><span class="nv">$VM_IP</span><span class="s2">:31434"</span> </code></pre> </div> <h2> Lessons Learned </h2> <p><strong>1. Bitnami Helm charts break on image tags</strong><br> Don't use <code>bitnami/minio</code> — it references images that don't exist yet. Use <code>quay.io/minio/minio:latest</code> directly.</p> <p><strong>2. Always set Kubernetes resource limits on shared VMs</strong><br> Without limits, one greedy pod (looking at you, Ollama) will OOMKill everything else. Set <code>limits.memory</code> always.</p> <p><strong>3. RAM planning matters more than you think</strong><br> On a 32 GB machine, Windows itself consumes ~20 GB. That leaves 12 GB for your VM. Budget carefully — 10 GB for the VM is the realistic sweet spot.</p> <p><strong>4. GitLab SaaS &gt; self-hosted for a home lab</strong><br> Self-hosting GitLab CE needs 6+ GB of RAM just to idle. GitLab.com free tier gives you unlimited private repos, 400 CI/CD minutes/month, and a container registry. Use it.</p> <p><strong>5. Start small with LLMs on CPU</strong><br> Forget Mistral 7B on CPU without a GPU. <code>llama3.2:1b</code> is surprisingly capable for RAG experiments and uses only 1.3 GB. Add GPU passthrough later if you need more power.</p> <p><strong>6. Use <code>winget</code> not <code>choco</code> for Multipass on Windows</strong><br> Chocolatey's Multipass package uses an installer that fails on recent Windows builds. <code>winget install Canonical.Multipass</code> works every time.</p> <h2> What's Next </h2> <p>This setup is a solid foundation. Here's what I'm building on top of it:</p> <ul> <li> <strong>Kubeflow Pipelines</strong> — proper ML pipeline orchestration on K8s</li> <li> <strong>OpenTelemetry Collector</strong> — unified traces/metrics/logs routing</li> <li> <strong>Datadog integration</strong> — ship everything to cloud observability</li> <li> <strong>Terraform IaC</strong> — replace all <code>kubectl apply</code> with proper infrastructure as code</li> <li> <strong>RAG pipeline</strong> — Qdrant + LangChain + Ollama end-to-end</li> </ul> <h2> Quick Reference </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># VM management (Windows PowerShell)</span> multipass list <span class="c"># list VMs</span> multipass shell vm-k3s <span class="c"># enter VM</span> multipass <span class="nb">suspend </span>vm-k3s <span class="c"># pause (saves RAM)</span> multipass start vm-k3s <span class="c"># resume</span> <span class="c"># Inside the VM</span> kubectl get pods <span class="nt">-A</span> <span class="c"># all pods</span> kubectl top pods <span class="nt">-A</span> <span class="c"># RAM/CPU usage</span> free <span class="nt">-mh</span> <span class="c"># available RAM</span> watch kubectl get pods <span class="nt">-A</span> <span class="c"># live monitoring</span> </code></pre> </div> <h2> Resources </h2> <ul> <li><a href="https://k3s.io" rel="noopener noreferrer">k3s Documentation</a></li> <li><a href="https://mlflow.org" rel="noopener noreferrer">MLflow Documentation</a></li> <li><a href="https://ollama.com/library" rel="noopener noreferrer">Ollama Models</a></li> <li><a href="https://multipass.run" rel="noopener noreferrer">Multipass</a></li> <li><a href="https://developer.hashicorp.com/vault" rel="noopener noreferrer">HashiCorp Vault</a></li> </ul> <p><em>Built this through caffeine and <code>kubectl describe pod</code> debugging. If you hit issues I didn't cover, drop a comment — happy to help.</em></p> <p><em>If this saved you time, leave a ❤️ — it helps others find it.</em></p> homelab llm k8s mlops