Three Continents, Zero Dollars

February 1, 2026 · 8 min read

Summary

A story about building enterprise-grade global infrastructure on free tiers, and learning that constraints breed better architecture than budgets.

---

The Sales Pitch

The enterprise sales pitch was impressive.

Global load balancing. Multi-region failover. Latency-aware routing. Automatic health checks. Traffic management across continents. The kind of infrastructure that makes your architecture diagrams look professional.

The price tag had too many zeros.

I closed the tab and opened a terminal.

---

The Constraint

Here's what I needed:

A blockchain network spanning multiple continents

Low latency for users regardless of location

Automatic failover if a region went down

Production-grade reliability

Zero additional infrastructure cost

Here's what I had:

Four servers across three continents (already provisioned)

A domain name

A free Cloudflare account

The willingness to figure it out

The constraint wasn't a limitation. It was a design requirement.

---

The Discovery

I started researching what "global load balancing" actually meant.

Strip away the marketing, and it's surprisingly simple: route users to the server closest to them. Measure latency. Make smart decisions about where traffic goes.

Enterprise solutions wrap this in dashboards, SLAs, and support contracts. But the core technology? It's been free for years.

Cloudflare GeoDNS: Free tier includes geographic routing. When a user in Germany requests your domain, Cloudflare can return the IP of your German server. User in Malaysia? Malaysian server. The routing happens at the DNS level, before the request even reaches your infrastructure.

Health checks: Free tier includes basic health checks. If a server stops responding, Cloudflare removes it from the rotation. Automatic failover, no code required.

Let's Encrypt: Free TLS certificates. Automatic renewal. Wildcard support. The same encryption that enterprises pay for, available to anyone who can run a certbot command.

K3s: Lightweight Kubernetes. Runs on servers with 2GB of RAM. Full Kubernetes API compatibility. The orchestration layer that makes multi-node deployments manageable.

I had everything I needed. I just had to put it together.

---

The Architecture

The design emerged over a few days:

                    ┌─────────────────────┐
                    │   Cloudflare DNS    │
                    │   (GeoDNS routing)  │
                    └──────────┬──────────┘
                               │
           ┌───────────────────┼───────────────────┐
           │                   │                   │
           ▼                   ▼                   ▼
    ┌─────────────┐     ┌─────────────┐     ┌─────────────┐
    │  Malaysia   │     │   Germany   │     │    USA      │
    │   (Node)    │     │   (Node)    │     │   (Node)    │
    │             │     │             │     │             │
    │  ┌───────┐  │     │  ┌───────┐  │     │  ┌───────┐  │
    │  │ Nginx │  │     │  │ Nginx │  │     │  │ Nginx │  │
    │  │ Proxy │  │     │  │ Proxy │  │     │  │ Proxy │  │
    │  └───┬───┘  │     │  └───┬───┘  │     │  └───┬───┘  │
    │      │      │     │      │      │     │      │      │
    │  ┌───┴───┐  │     │  ┌───┴───┐  │     │  ┌───┴───┐  │
    │  │  K3s  │  │     │  │  K3s  │  │     │  │  K3s  │  │
    │  │Cluster│  │     │  │Cluster│  │     │  │Cluster│  │
    │  └───────┘  │     │  └───────┘  │     │  └───────┘  │
    └─────────────┘     └─────────────┘     └─────────────┘

Layer 1: Cloudflare GeoDNS

The domain points to Cloudflare. Cloudflare's DNS looks at where the request comes from and returns the IP of the nearest server. A user in Singapore gets routed to Malaysia. A user in France gets routed to Germany. A user in Canada gets routed to USA.

Configuration: A few DNS records. One load balancer pool. Health check endpoints.

Layer 2: Nginx Reverse Proxy

Each node runs Nginx as the entry point. TLS termination happens here, Let's Encrypt certificates, auto-renewed by certbot. Nginx routes traffic to the K3s cluster running behind it.

Configuration: A few nginx.conf files. SSL certificates. Upstream definitions.

Layer 3: K3s Cluster

The actual workloads run on K3s. Lightweight. Single-binary installation. Full Kubernetes compatibility. StatefulSets for databases. Deployments for stateless services. NetworkPolicies for security.

Configuration: YAML manifests. The same ones that would work on any Kubernetes cluster.

---

The Implementation

Day one: DNS and health checks

I configured Cloudflare's load balancer. Added the three server IPs. Created health check endpoints, simple HTTP endpoints that return 200 if the node is healthy.

Cloudflare started monitoring. Within minutes, it knew which nodes were up. It started routing traffic based on geography.

Day two: TLS automation

Let's Encrypt with certbot. One command per node. Automatic renewal via cron. Wildcard certificates for subdomains.

certbot certonly --nginx -d example.com -d *.example.com

Five minutes of work. Production-grade encryption.

Day three: Nginx configuration

The reverse proxy config was straightforward:

upstream k3s_backend {
    server 127.0.0.1:30080;
}

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_pass http://k3s_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Same config on each node. Traffic flows in, gets encrypted, gets routed to K3s.

Day four: K3s deployment

K3s installation is one command:

curl -sfL https://get.k3s.io | sh -

Then kubectl works. Then you apply manifests. The same workflow as any Kubernetes cluster, but running on a single 4GB RAM server.

---

The Test

I needed to verify it actually worked.

I spun up VPN connections from different regions. Made requests. Watched the logs.

Request from Singapore: hit the Malaysia node. Request from UK: hit the Germany node. Request from East Coast US: hit the USA node.

Latency was exactly what you'd expect, users were talking to nearby servers.

Then I killed the Germany node. Simulated a failure. Made more requests from UK.

Cloudflare's health check detected the failure within 30 seconds. Traffic from Europe started routing to the next closest healthy node. No downtime. No manual intervention.

I brought Germany back. Traffic resumed. Automatic failover, automatic recovery.

---

What It Cost

Let me be specific about the cost:

Component	Cost
Cloudflare GeoDNS	$0 (free tier)
Cloudflare Load Balancer	$0 (free tier)
Let's Encrypt certificates	$0 (free)
K3s	$0 (open source)
Nginx	$0 (open source)
Certbot	$0 (open source)
Total additional cost	$0

The servers were already provisioned for other purposes. The infrastructure layer, the part that enterprises charge thousands for, cost nothing.

---

What I Learned

1. Constraints breed creativity.

A budget would have made this easy. I would have clicked "buy" on an enterprise solution and moved on. The constraint forced me to understand what global load balancing actually is, how DNS routing works, what health checks do at the protocol level.

I learned more from the constraint than I would have from the budget.

2. Free doesn't mean inferior.

Cloudflare's free tier is production-grade. Let's Encrypt certificates are identical to paid certificates. K3s passes the Kubernetes conformance tests. "Free" doesn't mean "amateur." It means "available to everyone."

3. Enterprise solutions are convenience, not capability.

The enterprise price tag buys you dashboards, support contracts, SLAs, and integration with existing enterprise tools. It doesn't buy you fundamentally different technology. The same geo-routing that costs thousands per month is available for free, you just have to configure it yourself.

4. Simplicity scales better than complexity.

My setup has fewer moving parts than most enterprise solutions. DNS routing at Cloudflare. TLS at Nginx. Workloads at K3s. Each layer does one thing. When something breaks, I know exactly where to look.

5. Documentation is your support contract.

Without enterprise support, I relied on documentation. Cloudflare's docs. K3s docs. Nginx docs. Let's Encrypt docs. All of it free, all of it comprehensive. The knowledge is there for anyone willing to read.

---

The Result

The infrastructure has been running for months.

Traffic routes automatically to the nearest server. Failures are detected and traffic reroutes. Certificates renew themselves. The monitoring dashboards (Grafana, also free) show latency numbers that would make an enterprise sales team jealous.

And when someone asks how much the global infrastructure costs?

Zero dollars.

---

Closing

I still have that enterprise sales email somewhere. The one with the impressive pitch and the price tag with too many zeros.

I never replied.

Not because I'm cheap. Because the constraint taught me something that a budget never could:

Money solves problems.

Constraints solve them better.

The infrastructure I built isn't a compromise. It's not "good enough for now." It's production-grade, globally distributed, automatically failover-capable architecture that happens to cost nothing.

The best solutions aren't always the ones you pay for.

Sometimes they're the ones you're forced to build yourself.

---

Technical Notes

For anyone building global infrastructure on a budget:

Cloudflare free tier includes GeoDNS, basic load balancing, and health checks. You don't need the paid plans for geographic routing.

Let's Encrypt + certbot gives you the same TLS certificates that enterprises pay for. Automatic renewal via cron. Wildcard certificates supported.

K3s is production-ready Kubernetes for resource-constrained environments. Single binary. 512MB RAM minimum. Full kubectl compatibility.

Nginx as a reverse proxy handles TLS termination efficiently. The configuration is straightforward and well-documented.

Health check endpoints should be simple. Return 200 if healthy, 500 if not. Cloudflare checks every 60 seconds on the free tier.

Zero-trust networking with Kubernetes NetworkPolicies. Even if an attacker reaches one pod, they can't reach others without explicit permission.

The tools exist. The documentation exists. The free tiers are generous. The only cost is the time to learn how they work.

For most projects, that's a trade worth making.

February 1, 2026 · 8 min read

Summary

A story about building enterprise-grade global infrastructure on free tiers, and learning that constraints breed better architecture than budgets.

---

The Sales Pitch

The enterprise sales pitch was impressive.

The price tag had too many zeros.

I closed the tab and opened a terminal.

---

The Constraint

Here's what I needed:

A blockchain network spanning multiple continents

Low latency for users regardless of location

Automatic failover if a region went down

Production-grade reliability

Zero additional infrastructure cost

Here's what I had:

Four servers across three continents (already provisioned)

A domain name

A free Cloudflare account

The willingness to figure it out

The constraint wasn't a limitation. It was a design requirement.

---

The Discovery

I started researching what "global load balancing" actually meant.

Strip away the marketing, and it's surprisingly simple: route users to the server closest to them. Measure latency. Make smart decisions about where traffic goes.

Enterprise solutions wrap this in dashboards, SLAs, and support contracts. But the core technology? It's been free for years.

Health checks: Free tier includes basic health checks. If a server stops responding, Cloudflare removes it from the rotation. Automatic failover, no code required.

Let's Encrypt: Free TLS certificates. Automatic renewal. Wildcard support. The same encryption that enterprises pay for, available to anyone who can run a certbot command.

K3s: Lightweight Kubernetes. Runs on servers with 2GB of RAM. Full Kubernetes API compatibility. The orchestration layer that makes multi-node deployments manageable.

I had everything I needed. I just had to put it together.

---

The Architecture

The design emerged over a few days:

                    ┌─────────────────────┐
                    │   Cloudflare DNS    │
                    │   (GeoDNS routing)  │
                    └──────────┬──────────┘
                               │
           ┌───────────────────┼───────────────────┐
           │                   │                   │
           ▼                   ▼                   ▼
    ┌─────────────┐     ┌─────────────┐     ┌─────────────┐
    │  Malaysia   │     │   Germany   │     │    USA      │
    │   (Node)    │     │   (Node)    │     │   (Node)    │
    │             │     │             │     │             │
    │  ┌───────┐  │     │  ┌───────┐  │     │  ┌───────┐  │
    │  │ Nginx │  │     │  │ Nginx │  │     │  │ Nginx │  │
    │  │ Proxy │  │     │  │ Proxy │  │     │  │ Proxy │  │
    │  └───┬───┘  │     │  └───┬───┘  │     │  └───┬───┘  │
    │      │      │     │      │      │     │      │      │
    │  ┌───┴───┐  │     │  ┌───┴───┐  │     │  ┌───┴───┐  │
    │  │  K3s  │  │     │  │  K3s  │  │     │  │  K3s  │  │
    │  │Cluster│  │     │  │Cluster│  │     │  │Cluster│  │
    │  └───────┘  │     │  └───────┘  │     │  └───────┘  │
    └─────────────┘     └─────────────┘     └─────────────┘

Layer 1: Cloudflare GeoDNS

Configuration: A few DNS records. One load balancer pool. Health check endpoints.

Layer 2: Nginx Reverse Proxy

Each node runs Nginx as the entry point. TLS termination happens here, Let's Encrypt certificates, auto-renewed by certbot. Nginx routes traffic to the K3s cluster running behind it.

Configuration: A few nginx.conf files. SSL certificates. Upstream definitions.

Layer 3: K3s Cluster

The actual workloads run on K3s. Lightweight. Single-binary installation. Full Kubernetes compatibility. StatefulSets for databases. Deployments for stateless services. NetworkPolicies for security.

Configuration: YAML manifests. The same ones that would work on any Kubernetes cluster.

---

The Implementation

Day one: DNS and health checks

I configured Cloudflare's load balancer. Added the three server IPs. Created health check endpoints, simple HTTP endpoints that return 200 if the node is healthy.

Cloudflare started monitoring. Within minutes, it knew which nodes were up. It started routing traffic based on geography.

Day two: TLS automation

Let's Encrypt with certbot. One command per node. Automatic renewal via cron. Wildcard certificates for subdomains.

certbot certonly --nginx -d example.com -d *.example.com

Five minutes of work. Production-grade encryption.

Day three: Nginx configuration

The reverse proxy config was straightforward:

upstream k3s_backend {
    server 127.0.0.1:30080;
}

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_pass http://k3s_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Same config on each node. Traffic flows in, gets encrypted, gets routed to K3s.

Day four: K3s deployment

K3s installation is one command:

curl -sfL https://get.k3s.io | sh -

Then kubectl works. Then you apply manifests. The same workflow as any Kubernetes cluster, but running on a single 4GB RAM server.

---

The Test

I needed to verify it actually worked.

I spun up VPN connections from different regions. Made requests. Watched the logs.

Request from Singapore: hit the Malaysia node. Request from UK: hit the Germany node. Request from East Coast US: hit the USA node.

Latency was exactly what you'd expect, users were talking to nearby servers.

Then I killed the Germany node. Simulated a failure. Made more requests from UK.

Cloudflare's health check detected the failure within 30 seconds. Traffic from Europe started routing to the next closest healthy node. No downtime. No manual intervention.

I brought Germany back. Traffic resumed. Automatic failover, automatic recovery.

---

What It Cost

Let me be specific about the cost:

Component	Cost
Cloudflare GeoDNS	$0 (free tier)
Cloudflare Load Balancer	$0 (free tier)
Let's Encrypt certificates	$0 (free)
K3s	$0 (open source)
Nginx	$0 (open source)
Certbot	$0 (open source)
Total additional cost	$0

The servers were already provisioned for other purposes. The infrastructure layer, the part that enterprises charge thousands for, cost nothing.

---

What I Learned

1. Constraints breed creativity.

I learned more from the constraint than I would have from the budget.

2. Free doesn't mean inferior.

3. Enterprise solutions are convenience, not capability.

4. Simplicity scales better than complexity.

5. Documentation is your support contract.

---

The Result

The infrastructure has been running for months.

And when someone asks how much the global infrastructure costs?

Zero dollars.

---

Closing

I still have that enterprise sales email somewhere. The one with the impressive pitch and the price tag with too many zeros.

I never replied.

Not because I'm cheap. Because the constraint taught me something that a budget never could:

Money solves problems.

Constraints solve them better.

The infrastructure I built isn't a compromise. It's not "good enough for now." It's production-grade, globally distributed, automatically failover-capable architecture that happens to cost nothing.

The best solutions aren't always the ones you pay for.

Sometimes they're the ones you're forced to build yourself.

---

Technical Notes

For anyone building global infrastructure on a budget:

Cloudflare free tier includes GeoDNS, basic load balancing, and health checks. You don't need the paid plans for geographic routing.

Let's Encrypt + certbot gives you the same TLS certificates that enterprises pay for. Automatic renewal via cron. Wildcard certificates supported.

K3s is production-ready Kubernetes for resource-constrained environments. Single binary. 512MB RAM minimum. Full kubectl compatibility.

Nginx as a reverse proxy handles TLS termination efficiently. The configuration is straightforward and well-documented.

Health check endpoints should be simple. Return 200 if healthy, 500 if not. Cloudflare checks every 60 seconds on the free tier.

Zero-trust networking with Kubernetes NetworkPolicies. Even if an attacker reaches one pod, they can't reach others without explicit permission.

The tools exist. The documentation exists. The free tiers are generous. The only cost is the time to learn how they work.

For most projects, that's a trade worth making.

Three Continents, Zero Dollars

Summary

The Sales Pitch

The Constraint

The Discovery

The Architecture

The Implementation

The Test

What It Cost

What I Learned

The Result

Closing

Technical Notes

Discussion

Three Continents, Zero Dollars

Summary

The Sales Pitch

The Constraint

The Discovery

The Architecture

The Implementation

The Test

What It Cost

What I Learned

The Result

Closing

Technical Notes

Discussion