{"id":13819849,"url":"https://github.com/budimanjojo/home-cluster","last_synced_at":"2025-10-09T04:15:00.633Z","repository":{"id":37011982,"uuid":"381001331","full_name":"budimanjojo/home-cluster","owner":"budimanjojo","description":"My home Kubernetes cluster managed with flux GitOps tool.","archived":false,"fork":false,"pushed_at":"2025-10-06T03:03:42.000Z","size":7983,"stargazers_count":222,"open_issues_count":16,"forks_count":8,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-10-06T05:28:06.866Z","etag":null,"topics":["fluxcd","gitops","homelab","k8s-at-home","kubernetes","prometheus","talos"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/budimanjojo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"budimanjojo"}},"created_at":"2021-06-28T11:05:41.000Z","updated_at":"2025-10-06T03:02:22.000Z","dependencies_parsed_at":"2023-09-24T05:59:08.019Z","dependency_job_id":"5227f367-1990-4fa7-bfe0-d853653b3b50","html_url":"https://github.com/budimanjojo/home-cluster","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/budimanjojo/home-cluster","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/budimanjojo%2Fhome-cluster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/budimanjojo%2Fhome-cluster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/budimanjojo%2Fhome-cluster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/budimanjojo%2Fhome-cluster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/budimanjojo","download_url":"https://codeload.github.com/budimanjojo/home-cluster/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/budimanjojo%2Fhome-cluster/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000762,"owners_count":26082921,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fluxcd","gitops","homelab","k8s-at-home","kubernetes","prometheus","talos"],"created_at":"2024-08-04T08:00:53.877Z","updated_at":"2025-10-09T04:15:00.628Z","avatar_url":"https://github.com/budimanjojo.png","language":"Go","funding_links":["https://github.com/sponsors/budimanjojo"],"categories":["Go","kubernetes"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n### My home Kubernetes Talos cluster :sailboat:\n\n... managed with Flux :robot:\n\n\u003c/div\u003e\n\n## :book:\u0026nbsp; Overview\n\nThis repository _is_ my home Kubernetes cluster in a declarative state.\n[Flux](https://github.com/fluxcd/flux2) watches my [cluster](./cluster/) directory and makes the changes to my cluster based on the YAML manifests.\n\nFeel free to open a [Github issue](https://github.com/budimanjojo/home-cluster/issues/new/choose) if you have any questions.\n\nThis repository is built off the [k8s-at-home/template-cluster-k3s](https://github.com/k8s-at-home/template-cluster-k3s) repository.\n\n---\n\n## :art:\u0026nbsp; Cluster components\n\n### Cluster management\n\n- [Talos](https://www.talos.dev): Built using [talhelper](https://github.com/budimanjojo/talhelper)\n- [fluxcd](https://fluxcd.io/): Sync kubernetes cluster with this repository.\n- [SOPS](https://toolkit.fluxcd.io/guides/mozilla-sops/): Encrypts secrets which is safe to store - even to a public repository.\n\n### Networking\n\n- [Cilium](https://cilium.io): For internal cluster networking, also as load balancer to expose services.\n- [cert-manager](https://cert-manager.io/docs/): Configured to create TLS certs for all ingress services automatically using LetsEncrypt.\n- [authelia](https://www.authelia.com/): Full featured authentication server.\n\n### Storage\n\n- [rook-ceph](https://rook.io): Cloud native distributed block storage for Kubernetes\n- [nfs-subdir-external-provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner): Provides persistent volumes from NFS server.\n\n### Host devices access\n\n- [Intel GPU plugin](https://github.com/intel/intel-device-plugins-for-kubernetes): Access intel gpu available on nodes.\n- [node-feature-discovery](https://github.com/kubernetes-sigs/node-feature-discovery): Discover features available on nodes.\n\n### Metrics\n\n- [Prometheus](https://prometheus.io/): Scraping metrics from the entire cluster\n- [Grafana](https://grafana.com): Visualization for the metrics from Prometheus\n\n---\n\n## :open_file_folder:\u0026nbsp; Repository structure\n\nThe Git repository contains the following directories under `cluster` and are ordered below by how Flux will apply them.\n\n```\n./cluster\n├── ./base    # entrypoint to Flux\n└── ./apps    # everything is here\n```\n\nInside the [apps](./cluster/apps/) directory, I divided all the apps using their namespaces.\nEvery app will have its own \"Fluxtomization\" file that describe their manifests and dependencies.\n\n---\n\n## :satellite:\u0026nbsp; Network structure\n\nIncoming http and https traffics from outside of my network are forwarded from OPNSense firewall into `envoy-gateway` pod with a LoadBalancer service using MetalLB layer2 implementation.\nSo, basically this is how the http(s) traffic flows:\n```\nInternet -\u003e OPNSense firewall -\u003e envoy-gateway service -\u003e Kubernetes pod\n```\nIngress-nginx service is using `Local` `externalTrafficPolicy` so I can track the real IP of clients trying to access my services.\nFor important backend services like my OPNSense, I use `nginx.ingress.kubernetes.io/whitelist-source-range` annotation to only allow access from my internal networks.\nMy certificates are managed with cert-manager using LetsEncrypt as the CA.\n\n---\n\n## :lock_with_ink_pen:\u0026nbsp; Secret and configmaps management\n\nSecrets are encrypted using [sops](https://github.com/mozilla/sops) before being pushed into this repository.\nThe encrypted secrets are then decrypted by sops using the private key inside the cluster.\nFor encryption/decryption, I use [age](https://github.com/FiloSottile/age).\nThe public key to encrypt the secret is in [.sops.yaml](.sops.yaml).\nSecrets environment variables for the cluster are in [cluster-secret-vars.yaml](./cluster/base/config/cluster-secret-vars.sops.yaml).\nThe non secret variables are in [cluster-vars.yaml](./cluster/base/config/cluster-vars.yaml).\n\n---\n\n## :bar_chart:\u0026nbsp; Metrics and chart management\n\nMetrics scraping for the cluster are done using Prometheus.\n\nDashboards included in my cluster are:\n\n- The provided dashboard from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack)\n- Fluxcd dashboard from [here](https://github.com/fluxcd/flux2-monitoring-example/tree/main/monitoring/configs/dashboards)\n- Rook-ceph dashboards from [here](https://www.rook.io/docs/rook/v1.10/Storage-Configuration/Monitoring/ceph-monitoring/?h=grafana#grafana-dashboards)\n\nTo add your own dashboard, create a configmap with the data include the json file of the dashboard and add label `grafana_dashboard: \"1\"` to the manifest.\nThe sidecar container from this [image](https://github.com/kiwigrid/k8s-sidecar) will mount the dashboard into your grafana pod.\n\n---\n\n## :handshake:\u0026nbsp; Thanks\n\nA lot of inspiration for my cluster came from this [awesome template](https://github.com/onedr0p/flux-cluster-template)\n---\n\n## Todo List\n\n- [ ] Use redis operator\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbudimanjojo%2Fhome-cluster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbudimanjojo%2Fhome-cluster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbudimanjojo%2Fhome-cluster/lists"}