Less Is More - How My Tech Stack Got Leaner and Meaner

In the modern world of technology, we often obsess over scaling up - more cores, more micro-services, more buzzwords. After almost two decades of scaling enterprise platforms and delivering MVPs, I’ve learned that elite teams scale value, not vanity metrics. If a product design can’t grow gracefully, respond quickly, and pay for itself, no amount of code will save it. A few months ago, I put that belief to the test by gut-renovating my personal homelab.

Ready for the spoiler?

• A staggering 30% reduction in power consumption
• Resilient architecture that can be rebuilt from scratch with RTO less than 1 hour
• More operational efficiency via IaC for not only applications but also infrastructure, networking and domain configurations.
• No more data privacy concerns on Cloudflare Tunnel/Zero Trust (even though they have a good reputation)

This was not a cosmetic tweak; it was a ground-up rearchitecture driven by first-principles thinking and the ruthless elimination of anything that didn’t move the needle. Here’s the play-by-play of how I migrated from “enterprise cosplay” to an intentionally minimalist, product-centred platform.

The “Before”: An Enterprise-Grade Architecture

My previous architecture was built with enterprise-grade tools, which, while powerful, brought significant overhead for a homelab environment. It was a classic case of using a sledgehammer to crack a nut.

• An Overwhelming Kubernetes Cluster: I was running a Kubernetes cluster inside my NAS server to manage my applications. Kubernetes is a phenomenal tool for large-scale, distributed systems, but its control plane, networking, and various operators demand a constant, non-trivial amount of CPU and RAM. This baseline resource usage translated directly into higher, continuous power draw.
• ArgoCD for GitOps: To manage deployments, I used ArgoCD. It provided a fantastic GitOps workflow, ensuring my cluster state always matched my Git repository. However, it added another layer of complexity and resource consumption on top of an already heavy Kubernetes foundation.
• Cloudflare Zero Trust for Ingress: For secure external access, I relied on Cloudflare’s Zero Trust platform and Cloudflare Tunnels. This is an excellent, secure-enough solution that simplifies ingress without exposing ports. The trade-off was a dependency on a third-party service for core connectivity and routing all my traffic through their network, which raised some data privacy considerations.

Elegant on paper, this setup was a poster child for the law of diminishing returns. The Kubernetes control-plane alone burned ~45 W at idle, ArgoCD piled on another container stack, and every third-party dependency introduced a new blast radius.

The “After”: A Leaner, Meaner Architecture

The new architecture is built on the principle of “just enough”. Each component was chosen to perform its function efficiently without unnecessary overhead.

Rightsizing Compute: From Kubernetes to Streamlined Containers

The biggest change was moving away from a heavy Kubernetes cluster inside the NAS server. My applications are now running as simple, vanilla Docker containers inside a separate VM, managed by Terraform. This single move was responsible for the majority of the power savings, as the system’s idle resource consumption dropped dramatically.

Evolving IaC: From ArgoCD to Terraform Cloud

With Kubernetes no longer at the center of the universe, a k8s-native tool like ArgoCD was no longer the right fit. I migrated my entire infrastructure management to Terraform Cloud. This was a strategic shift towards a more holistic Infrastructure as Code (IaC) approach. Terraform allows me to define not just the applications, but the entire environment - Proxmox VMs, network and domain configurations - all in one place. It provides a more comprehensive and versatile workflow for the new, simplified stack.

Reclaiming the Edge: From Cloudflare to Traefik

To replace Cloudflare Zero Trust, I deployed a self-hosted edge stack:

• Traefik Reverse Proxy: Traefik is now my single entry point for all web traffic. It’s a lightweight yet incredibly powerful reverse proxy that automatically discovers my running containerized services and routes traffic to them.
• Let’s Encrypt Integration: Traefik handles SSL/TLS certificates automatically via its built-in Let’s Encrypt support, ensuring all my endpoints are served over secure HTTPS.
• Google SSO Authentication: To secure sensitive applications, I integrated an authentication plugin that uses Google SSO. This provides robust, multi-factor authentication without relying on a third-party tunnel, giving me the best of both worlds: top-tier security and full control over my data path.

Key Takeaways

This refactoring project was a powerful reminder that “bigger” isn’t always “better.” By critically evaluating my needs and choosing the right tools for the job, I not only achieved my goal of significant cost savings but also ended up with a system that is simpler, faster, and more enjoyable to maintain.

My key takeaways are:

• Challenge Your Assumptions: Popular ≠ appropriate. Start with the problem statement, not the tool catalogue.
• Model Total Cost of Ownership: Energy, licenses, cognitive load, incident response - they all end up on your P&L one way or another.
• Optimise for MTTR over Peak Throughput: Most of our real-world downtime cost sits in recovery, not capacity ceilings.
• Automate the Boring, Not the Rare: Automation debt is real; script only what you touch frequently.
• Default to Simplicity: Fewer moving parts means a tighter security posture and happier on-call rotations.
• Instrument Relentlessly: What gets measured gets improved - and funded.

What cost-saving optimizations have you made in your own lab or infrastructure? I’d love to hear your stories in the comments!