{"id":28450670,"url":"https://github.com/arnarg/cluster","last_synced_at":"2025-06-30T16:30:59.929Z","repository":{"id":237906292,"uuid":"795467312","full_name":"arnarg/cluster","owner":"arnarg","description":"My Kubernetes cluster config in nix using nixidy","archived":false,"fork":false,"pushed_at":"2025-06-28T08:38:59.000Z","size":1180,"stargazers_count":14,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-28T09:37:36.521Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arnarg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-05-03T10:49:22.000Z","updated_at":"2025-06-28T08:39:02.000Z","dependencies_parsed_at":"2024-06-27T15:29:03.159Z","dependency_job_id":"8e53eee6-08f4-448f-bdd5-e9c383f1b04c","html_url":"https://github.com/arnarg/cluster","commit_stats":null,"previous_names":["arnarg/cluster"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/arnarg/cluster","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arnarg%2Fcluster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arnarg%2Fcluster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arnarg%2Fcluster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arnarg%2Fcluster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arnarg","download_url":"https://codeload.github.com/arnarg/cluster/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arnarg%2Fcluster/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262810506,"owners_count":23367914,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-06T15:08:15.472Z","updated_at":"2025-06-30T16:30:59.915Z","avatar_url":"https://github.com/arnarg.png","language":"Nix","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Logo saying \"cluster\" in the style of a pink black metal band logo.](./logo.svg)\n\n---\n\nGitOps for my Kubernetes cluster defined with [nixidy](https://github.com/arnarg/nixidy).\n\n## Folder Structure\n\n- `charts/` - Extra Helm Charts (that are not available in [nixhelm](https://github.com/farcaller/nixhelm)) used in the cluster config.\n- `manifests/` - Plain YAML Kubernetes manifests that are rendered by nixidy. Argo CD will watch these folders for updates.\n- `modules/` - Nixidy modules that define all the different applications for the cluster.\n- `configuration.nix` - Special configuration for the `prod` env (and the only env).\n- `flake.nix` - A nix flake setting up the nixidy configuration.\n\n## Networking\n\nThe cluster runs on k3s and uses Cilium for CNI.\n\n### Exposing services\n\nServices are only accessible inside my tailscale tailnet. Using tailscale-operator 2 services are exposed, traefik and k8s_gateway.\n\n[k8s_gateway](https://github.com/ori-edge/k8s_gateway) is a CoreDNS plugin which will resolve the hostname set in Ingresses to the ip or hostname set in `.status.loadBalancer.ingress` of the same `Ingress` object.\n\n[traefik](https://traefik.io/traefik/) proxies all Ingresses and updates their `.status.loadBalancer.ingress` to its own Service's external IP, which is set by tailscale-operator.\n\nWith this setup I then just have to set up split DNS in tailscale console to resolve my domain by sending those queries to the address of k8s_gateway. All queries will resolve to traefik's address and it will proxy it forward to the service with the specified hostname in its `Ingress` object.\n\n![Proxy setup diagram](./proxy_setup.drawio.svg)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farnarg%2Fcluster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farnarg%2Fcluster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farnarg%2Fcluster/lists"}