{"id":13821500,"url":"https://github.com/angelnu/k8s-gitops","last_synced_at":"2026-02-09T18:09:58.523Z","repository":{"id":36990234,"uuid":"338407275","full_name":"angelnu/k8s-gitops","owner":"angelnu","description":"My home Kubernetes cluster managed with git-ops","archived":false,"fork":false,"pushed_at":"2025-05-09T16:06:33.000Z","size":5592,"stargazers_count":167,"open_issues_count":10,"forks_count":15,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-09T17:23:52.772Z","etag":null,"topics":["ansible","git-ops","gitops","home-assistant","k8s-at-home","kubernetes","sops"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/angelnu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-02-12T19:01:26.000Z","updated_at":"2025-05-03T09:06:10.000Z","dependencies_parsed_at":"2024-02-21T05:23:39.301Z","dependency_job_id":"8ef48849-8dd8-4e9a-b952-f58d2d0d01aa","html_url":"https://github.com/angelnu/k8s-gitops","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angelnu%2Fk8s-gitops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angelnu%2Fk8s-gitops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angelnu%2Fk8s-gitops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angelnu%2Fk8s-gitops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/angelnu","download_url":"https://codeload.github.com/angelnu/k8s-gitops/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254530743,"owners_count":22086672,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","git-ops","gitops","home-assistant","k8s-at-home","kubernetes","sops"],"created_at":"2024-08-04T08:01:22.910Z","updated_at":"2026-02-09T18:09:58.479Z","avatar_url":"https://github.com/angelnu.png","language":"Shell","funding_links":[],"categories":["HCL","Shell"],"sub_categories":[],"readme":"\u003cimg src=\"https://camo.githubusercontent.com/bd0df216af51c1525f14e62155608e448562cb4033554e001a0ac2009e545aec/68747470733a2f2f726173706265726e657465732e6769746875622e696f2f696d672f6c6f676f2e737667\" align=\"left\" width=\"144px\" height=\"144px\"/\u003e\n\n#### k8s-gitops - Home Cloud via Flux v2 | GitOps Toolkit\n\u003e GitOps state for my cluster using flux v2\n\n[![Discord](https://img.shields.io/badge/discord-chat-7289DA.svg?maxAge=60\u0026style=flat-square)](https://discord.gg/DNCynrJ)\n[![test](https://github.com/angelnu/k8s-gitops/workflows/test/badge.svg)](https://github.com/angelnu/k8s-gitop/workflows/actions)\n[![renovate](https://github.com/angelnu/k8s-gitops/workflows/renovate/badge.svg)](https://github.com/angelnu/k8s-gitop/workflows/renovate/actions)\n[![update-flux](https://github.com/angelnu/k8s-gitops/workflows/update-flux/badge.svg)](https://github.com/angelnu/k8s-gitop/workflows/update-flux/actions)\n\u003cbr /\u003e\n\nK3S multi-arch highly available cluster installed via [Ansible](ansible/README.md) on Proxmox VMs.\n\nThe cluster is designed to allow tearing it completely without any data lost.\n\nStack is ordered in multiple layers (Flux kustomizations) depending on the lower one (example apps depend on infrasteructure).\n\n* Applications\n  * [default](apps/default)\n  * [kube-system](apps/kube-system)\n  * [podinfo](apps/podinfo)\n  * [vpn](apps/vpn)\n* Core\n  * [ceph](core/ceph)\n  * [ceph-rbd](core/ceph-rbd)\n  * [cert-manager](core/cert-manager)\n  * [flux-system](core/flux-system)\n  * [kube-system](core/kube-system)\n  * [monitoring](core/monitoring)\n  * [nginx](core/nginx)\n  * [postgres](core/postgres)\n  * [redis](core/redis)\n  * [vpn](core/vpn)\n  * [vpn-gateway](core/vpn-gateway)\n* Custom Resource Definitions\n  * [cert-manager](crds/cert-manager)\n  * [multus](crds/multus)\n  * [postgres](crds/postgres)\n* Settings and Secrets\n  * [global settings](settings/settings.yaml)\n  * [global secrets](settings/secrets.yaml)\n  * [production global settings](settings/production/settings.yaml)\n  * [production global secrets](settings/production/secrets.yaml)\n  * [staging global settings](settings/staging/settings.yaml)\n  * [staging global secrets](settings/staging/secrets.yaml)\n* Base\n  * [sources](base/sources)\n  * [namespaces](base/namespaces)\n  * [flux-system](base/flux-system)\n* Clusters:\n  * [production](clusters/production)\n  * [staging](clusters/staging)\n* Persistance:\n  * Cluster configuration:\n    * [flux2](https://github.com/fluxcd/flux2) - Keep cluster in sync with this repo\n  * Secrets - see [Secret Management](##-Secret-Management)::\n    - [Ansible Vault](ansible) - Ansible, Deployment\n    - [SOPS](##-Secret-Management) - Flux, K8S GitOps\n  * Files:\n    * Fast but depending on Sinology NAS: nfs\n    * Slower but replicated: Ceph in Promox\n  * Databases:\n    * postgres: 3 instances deployed via [Zalando´s Postgres Operator](https://github.com/zalando/postgres-operator)\n\n## HW setup\n\n- 3x Intel NUC 11 vPro (NUC11TNHv5) with:\n  - 11th Gen Intel® Core™ i5-1145G7 @ 2.60GHz\n  - 32 GB DDR4 \n  - 250 GB Sata SSD for local disks - 2x Samsung SSD 850 EVO, 1x CT240BX500SSD1\n  - 500 GB NVME for Ceph - WDC WDS500G1B0C-00S6U0\n  - 2 Thunderbolt 4/3 connected as network mesh for ceph:\n    - Node 1, Port 1 \u003c-\u003e Node 2, Port 1\n    - Node 1, Port 2 \u003c-\u003e Node 3, Port 1\n    - Node 2, Port 2 \u003c-\u003e Node 2, Port 2\n## Installation\n\n### Install / Update / Uninstall\n\nInstalled via [Ansible](ansible/README.md). It creates the VMs for the 3 nodes\n\nThe cluster is designed to allow tearing the cluster completly without any data lost. \n\n## Secret Management\n\nMaster secret is stored in [Ansible Vault](ansible/README.md).\n\nKubernetes passwords and secrets encrypted with [mozilla SOPS](https://github.com/mozilla/sops) which it is [supported out of the box in Flux2](https://toolkit.fluxcd.io/guides/mozilla-sops/).\n\nGPG key is deployed via [Ansible](ansible/README.md). Its hash must be kept in sync with [.sops.yaml](.sops.yaml).\n\nBased on [Vaskozl](https://github.com/Vaskozl/home-infra) I use a [pre-commit hook](scripts/find-unencrypted-secrets.sh) to ensure that secrets are never pushed unencrypted. The hook is deployed by running `cd scripts; ./install_git_hooks.sh`\n\nTo encrypt files with secrets use:\n\n```\nsops -e -i my-secret.yaml # Initial encrypt\nsops my-secret.yaml # To edit it directly in you $EDITOR\n```\n\n## Useful commands\n\n- Delete stuck objects (PVs, PVCs)\n  ```\n  kubectl patch \u003cobject type\u003e \u003cobject name\u003e -p '{\"metadata\":{\"finalizers\": []}}' --type=merge\n  ```\n\n- Delete stuck NSs\n  ```\n  NAMESPACE=your-rogue-namespace\n  kubectl proxy \u0026\n  kubectl get namespace $NAMESPACE -o json |jq '.spec = {\"finalizers\":[]}' \u003e/tmp/patch.json\n  curl -k -H \"Content-Type: application/json\" -X PUT --data-binary @/tmp/patch.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize\n  ```\n\n\n## :handshake:\u0026nbsp; Community\n\nThis cluster in inspired by the work of others shared at [awesome-home-kubernetes](https://github.com/k8s-at-home/awesome-home-kubernetes). These projects\ncan be [searched in GitHub](https://nanne.dev/k8s-at-home-search/). They include the [k8s-at-home topic](https://github.com/topics/k8s-at-home).\n\nThere is also an active [k8s@home Discord](https://discord.gg/7PbmHRK) for this community.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fangelnu%2Fk8s-gitops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fangelnu%2Fk8s-gitops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fangelnu%2Fk8s-gitops/lists"}