{"id":13820757,"url":"https://github.com/allenporter/k8s-gitops","last_synced_at":"2025-05-16T10:32:42.731Z","repository":{"id":37039169,"uuid":"336904386","full_name":"allenporter/k8s-gitops","owner":"allenporter","description":"Flux/Gitops managed k8s cluster","archived":false,"fork":false,"pushed_at":"2024-04-22T03:42:31.000Z","size":5793,"stargazers_count":32,"open_issues_count":12,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-04-22T13:34:49.188Z","etag":null,"topics":["flux","gitops","helm","k8s","k8s-at-home","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/allenporter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-02-07T22:31:23.000Z","updated_at":"2024-04-24T08:57:48.224Z","dependencies_parsed_at":"2024-04-24T08:57:34.178Z","dependency_job_id":"409d32aa-fd02-4fd5-9bfb-7a62800c0638","html_url":"https://github.com/allenporter/k8s-gitops","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allenporter%2Fk8s-gitops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allenporter%2Fk8s-gitops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allenporter%2Fk8s-gitops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/allenporter%2Fk8s-gitops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/allenporter","download_url":"https://codeload.github.com/allenporter/k8s-gitops/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225423688,"owners_count":17472165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flux","gitops","helm","k8s","k8s-at-home","kubernetes"],"created_at":"2024-08-04T08:01:08.381Z","updated_at":"2024-11-19T20:31:09.670Z","avatar_url":"https://github.com/allenporter.png","language":"Jinja","funding_links":[],"categories":["Jinja"],"sub_categories":[],"readme":"# k8s-gitops\n\n## Introduction\n\nThis is a Flux/Gitops managed k8s cluster following the model used by [k8s@home](https://github.com/k8s-at-home). This repository defines the cluster, and flux watches for updates and pushes them.\n\n## Bare Metal\n\nThe cluster is provisioned as [Kairos](https://kairos.io) high availability [k3s](http://k3s.io) using [kube-vip](https://kube-vip.io/) and [Calico](https://docs.tigera.io/calico/latest/about/) for simple to deploy cluster networking.\n\nThe nodes have a mix of accelerators.\n\nSee [bootstrap](/bootstrap/kairos/) for more background on provisioning of bare\nmetal nodes.\n\n## Development Toolchain\n\nThis repository contains a `.devcontainer` which is the environment used to manage the k8s cluster\nfrom the CLI. The `.devcontainer` has some default mounts including the private terraform\ninventory and `.env` which is a local directory for local secret storage. More detail on\nbootstrapping can be found in `bootstrap/env` and `k8s-gitops-env.yaml` performs the secret setup.\n\n## Network Operations\n\nThe cluster follows best practices for a server [naming scheme](https://mnx.io/blog/a-proper-server-naming-scheme/)\nincluding specifying a geography, environment (`dev` and `prod`) and a purpose\nand serial number per machine (e.g. `sto01`, `cfg01`, etc). DNS for machines are\nmanaged outside of the cluster.\n\n## Services \u0026 Naming\n\nReliable, secure, and discoverable services are provided by the following:\n  - [metallb](https://metallb.universe.tf/): A load balancer for bare metal kubernetes.\n  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx): Used for proxying services through kubernetes ingress, exposing any service through the LoadBalancer with TLS.\n  - [k8s_gateay](https://github.com/ori-edge/k8s_gateway): DNS server for all relevant ingress services in the cluster. This relies on an existing local dns server outside of the cluster to perform forwwarding.\n  - [cert-manager](https://cert-manager.io/docs/): Creates TLS certs using LetsEncrypt for each service in the cluster. Uses `dns01` on a DNS server managed outside of the cluster.\n\n## Storage\n\nThe key storage components running within the cluster are:\n\n  - [rook-ceph](https://rook.io/): Provides persistent volumes, allowing any application to use the external ceph storage cluster.\n  - [volsync](https://volsync.readthedocs.io/en/stable/): Backup and restore for persistent volumes.\n  - [democratic-csi](https://github.com/democratic-csi/democratic-csi): For other non-standard\n  volumes (local, nfs, smb, etc)\n\n## Updates\n\nUpdates to the cluster are managed by Renovate and and a handful of github actions. Renovate will either apply updates\nsilently or send PRs to update packages to the latest versions, which are then automatically pushed to the cluster by\nflux. Renovate has a bit of a learning curve, so here are the pieces i've put together following the patterns of the\nk8s-at-home folks:\n\n- See [Renovate Docs: GitHub app installation](https://docs.renovatebot.com/install-github-app/) for how to enable Renovate on a github repo\n- See the [Renovate configuration](renovate.json5) for this cluster which has separate updates schedules for the `dev`\n  and `prod` clusters. The `dev` cluster is updated silently, while the `prod` cluster has minor updates applied on\n  weekends. This config is heavily documented given there are numerous [Configuration Options](https://docs.renovatebot.com/configuration-options/) that may be hard to piece together.\n- See [Renovate Dashboard](https://app.renovatebot.com/dashboard) for visibility into what Renovate is doing behind the\n  scenes. This is pretty useful if you start making configuration changes.\n- See [Renovate Helm Releases](https://github.com/k8s-at-home/renovate-helm-releases) for a GitHub action that adds the\n  neccessary annotations to a `HelmRelease` so that renovate knows how to manage it. In other words, renovate-helm-releases\n  doesn't actually do any updating itself, just prep work to make Renovate work. You have to update your renovate\n  configuration with a regexp, which is a simple solution to avoid adding special code in Renovate itself to support\n  this. This runs as a nightly action to opt in any newly added `HelmRelease`.\n\n## Resources\n\n  - https://github.com/fluxcd/flux2-kustomize-helm-example\n  - https://github.com/k8s-at-home/awesome-home-kubernetes\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallenporter%2Fk8s-gitops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fallenporter%2Fk8s-gitops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fallenporter%2Fk8s-gitops/lists"}