Skip to content
/ homelab Public

GitOps configuration and documentation of my Kubernetes homelab

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Sawangg/homelab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

144 Commits
apps
apps
 
 
clusters
clusters
 
 
infrastructure
infrastructure
 
 
patches
patches
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
cluster.yaml
cluster.yaml
 
 

Repository files navigation

Homelab 🏡

State of the art multi-cluster GitOps repository for homelab use. Currently used with my bare metal Kubernetes clusters at home to host a bunch of useful apps.

🏗️ Infrastructure

Apps Description
talos Immutable Linux distro for Kubernetes, allowing to deploy the cluster with Omni
cilium Full network stack, replaces Flannel as the CNI and kube-proxy from Talos. Also used as the Load Balancer with Gateway API support
fluxcd Fully managed Kubernetes deployment using GitOps practices
eso Manage secrets remotely & securely from a large list of providers
cert-manager Automatic x.509 certificates management with Gateway API support
externaldns Manage automatically the DNS records of domains listed in the Gateway API's routes
pi-hole Custom DNS server with blocking capabilities to route internal traffic

📦 Applications

Apps Description
unbound Recursive DNS server used with Pi-hole to provide more privacy
git Git server to host personal stuff likes notes etc.

🔭 Monitoring

Apps Description
graphana Open-source analytics and interactive visualization web application
prometheus Monitoring system with a dimensional data model, flexible query language & more
renovate Automatically inform of new updates for deployed apps in the cluster

☸️ Deploy the Kubernetes clusters

I'm using Sidero Omni to manage and deploy my Kubernetes clusters.

You'll need the following:

  • A static public IP address with a router able to forward ports
  • A domain name with a DNS provider usable with ExternalDNS
  • An API token of the DNS provider that will allow challenges to create certificates. This repository uses a Cloudflare token with the permissions: Zone - DNS - Edit, Zone - Zone - Read & Include - All Zones
  • Another API token of the same provider to manage DNS records. Using Cloudflare, the token should have the same permissions as above
  • A GitHub PAT to be used by FluxCD, with Read-Write permissions for Admnistration & Contents
  • Any secret provider supported by External Secrets Operator. This repository uses GitLab

🔑 Secrets

Here is the following list of secrets you need to add in your external secrets provider of choice

Name Description
dns_provider_challenge_token API token of your DNS management provider of your domain, used to generate the x.509 certificates
dns_provider_management_token API token of your DNS management provider of your domain, used to manage your DNS records
pihole_password Password for the web interface of Pi-hole

About

GitOps configuration and documentation of my Kubernetes homelab

Topics

kubernetes grafana prometheus unbound talos homelab pihole external-dns gitops cert-manager cilium fluxcd external-secret-operator

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository