Kubernetes yes, but minikube is kinda meh as a way to install it outside of development environments.

There’s so many better manageable ways like RKE/Rancher (which gives you the possibility to go k3s),Kubespray or even kubeadm.

All of those will result in a cluster that’s more suitable for running actual workloads.

I don’t think programming language is a good metric for security. I assume everything I host has issues, and then try to mitigate from there.

IMHO, a better approach is to vet the project beforehand, looking at whether it is still actively maintained. I usually use things like commits, issues, etc to try and gauge whether a piece of software is actively maintained so that when an issue arises, it can be fixed.

You can mitigate much of the risk by using some basic best practices, like isolating all apps from each other (using docker, for example), using a reverse proxy, tools like fail2ban or a web application firewall, using proper database permissions for each app, etc

What I also do is add another layer by making certain applications accessible only over vpn. That won’t work for some tools, obviously, but also reduces the risk for tools you are only using yourself.