PSA: saying "I run Nextcloud and don't have any problems" doesn't help anyone or contribute anything useful to the conversation. It just makes you look like an insecure fanboy.

The hardware doesn't matter. Something with 2 cores and 4GB of RAM is enough to run a k8s lab.

Throughput on these "cheap" VPS providers is atrocious. I have 1Gbe into my home and none of the VPS providers can break more than a few hundred mbps, except for Cloudflare. The other issue is consistency, speeds fluctuate all over the map with these cheap VPS providers - even the big one like Vultr, Linode, and Hetzner aren't much better.

Also, WAF is now free with Cloudflare, so using a solution like this really doesn't make much sense, unless you're serving non-http content.

To help you with this, you need to tell us what your environment looks like. A CI/CD pipeline for a VM based infrastructure looks VERY different than a fully GitOpsed k8s platform, which looks different than a pipeline for regular Docker containers, which looks different than if you have some cloud infrastructure, etc etc.

Don't expose unnecessary things to the internet, keep any client PCs patched, use some sort of malware protection ... and that's all you need to do.

All these VLANs are such are just overkill unless you're actively exposing things to the internet. They wind up breaking really useful stuff, especially stuff that relies on multicast.

Besides, that Chinese IoT device can't get hacked if it's not open to the 'net in the first place.