This is a mono repository for my home infrastructure and Kubernetes cluster. It is deployed and managed using tools like Talos, Kubernetes, Flux, Terraform, Renovate and GitHub Actions.

There is a template over at onedr0p/flux-cluster-template if you wanted to try and follow along with some of the practices I use here.

This semi hyper-converged cluster runs Talos Linux, an immutable and ephemeral Linux distribution built for Kubernetes, deployed on Proxmox. Rook then provides my workloads with persistent block, object, and file storage; while a seperate server running TrueNAS provides file storage for my media.

🔸 Click here to see my Talos configuration.

• actions-runner-controller: Self-hosted Github runners.
• cilium: Internal Kubernetes networking plugin.
• cert-manager: Creates SSL certificates for services in my Kubernetes cluster.
• external-dns: Automatically manages DNS records from my cluster in a cloud DNS provider.
• external-secrets: Managed Kubernetes secrets using 1Password Connect.
• ingress-nginx: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
• rook: Distributed block storage for peristent storage.
• sops: Managed secrets for Kubernetes and Terraform which are commited to Git.
• tf-controller: additional Flux component used to run Terraform from within a Kubernetes cluster.
• volsync and snapscheduler: Backup and recovery of persistent volume claims.

Flux watches my kubernetes folder (see Directories below) and makes the changes to my cluster based on the YAML manifests.

The way Flux works for me here is it will recursively search the kubernetes/apps folder until it finds the most top level kustomization.yaml per directory and then apply all the resources listed in it. That aforementioned kustomization.yaml will generally only have a namespace resource and one or many Flux kustomizations. Those Flux kustomizations will generally have a HelmRelease or other resources related to the application underneath it which will be applied.

Renovate watches my entire repository looking for dependency updates, when they are found a PR is automatically created. When some PRs are merged Flux applies the changes to my cluster.

This Git repository contains the following directories under kubernetes.

📁 kubernetes      # Kubernetes cluster defined as code
├─📁 bootstrap     # Flux installation
├─📁 flux          # Main Flux configuration of repository
└─📁 apps          # Apps deployed into my cluster grouped by namespace (see below)

Below is a a high level look at the layout of how my directory structure with Flux works. In this brief example you are able to see that authelia will not be able to run until lldap and cloudnative-pg are running. It also shows that the Cluster custom resource depends on the cloudnative-pg Helm chart. This is needed because cloudnative-pg installs the Cluster custom resource definition in the Helm chart.

• cilium is configured with the io.cilium/lb-ipam-ips annotation to expose Kubernetes services with their own IP over L3 (BGP), which is configured on my router. L2 (ARP) can also be announced in addition to L3 via the io.cilium/lb-ipam-layer2 label.
• cloudflared provides a secure tunnel for Cloudflare to ingress into ingress-nginx, my ingress controller.

🔸 Click here to see my cloudflared configuration.

Opnsense resolves DNS queries via Adguardhome that then goes to upstream Unifi DNS on my UDM.

external-dns is deployed in my cluster and configured to sync DNS records to Cloudflare using ingresses external-dns.alpha.kubernetes.io/target annotation.

External-DNS is also used to sync internal records to Adguardhome and Unifi DNS

Thanks to the usual @home-operation champions such as @buroa for the initial repo structure idea, @onedr0p for various yoinks, @bjw-s for the amazing cluster-template.

Thanks to all the people who donate their time to the Home Operations Discord community. A lot of inspiration for my cluster comes from the people that have shared their clusters using the k8s-at-home GitHub topic. Be sure to check out the Kubernetes @Home search for ideas on how to deploy applications or get ideas on what you can deploy.

See LICENSE