{"id":43738776,"url":"https://github.com/fenio/homelab","last_synced_at":"2026-02-05T11:10:38.397Z","repository":{"id":207959623,"uuid":"720489399","full_name":"fenio/homelab","owner":"fenio","description":"k8s homelab powered by Talos/omni and flux","archived":false,"fork":false,"pushed_at":"2026-01-28T12:09:40.000Z","size":3568,"stargazers_count":30,"open_issues_count":3,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-29T04:35:15.980Z","etag":null,"topics":["cilium","coroot","fluxcd","gitops","homelab","homelab-setup","k8s","k8s-at-home","kubernetes","kyoo","omni","renovate","talos","victorialogs","victoriametrics"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fenio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-11-18T16:38:17.000Z","updated_at":"2026-01-28T12:09:46.000Z","dependencies_parsed_at":"2026-01-28T15:06:52.565Z","dependency_job_id":null,"html_url":"https://github.com/fenio/homelab","commit_stats":null,"previous_names":["fenio/homelab"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fenio/homelab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fenio%2Fhomelab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fenio%2Fhomelab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fenio%2Fhomelab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fenio%2Fhomelab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fenio","download_url":"https://codeload.github.com/fenio/homelab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fenio%2Fhomelab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29120485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T10:47:47.471Z","status":"ssl_error","status_checked_at":"2026-02-05T10:45:08.119Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cilium","coroot","fluxcd","gitops","homelab","homelab-setup","k8s","k8s-at-home","kubernetes","kyoo","omni","renovate","talos","victorialogs","victoriametrics"],"created_at":"2026-02-05T11:10:37.724Z","updated_at":"2026-02-05T11:10:38.385Z","avatar_url":"https://github.com/fenio.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# k0s based homelab powered by flux\n\n\u003cdetails open\u003e\n\u003csummary\u003e\u003ch2 style=\"display: inline-block; margin: 0;\"\u003e📖 Overview\u003c/h2\u003e\u003c/summary\u003e\n\nThis is home to my personal Kubernetes lab cluster. [Flux](https://github.com/fluxcd/flux2) watches this Git repository and makes the changes to my cluster based on the manifests in the [cluster](./cluster/) directory.\n[Renovate](https://github.com/renovatebot/renovate) also watches this Git repository and creates pull requests when it finds updates to Docker images, Helm charts, and other dependencies.\n\nThe whole setup is heavily based on [onedr0p's template](https://github.com/onedr0p/flux-cluster-template) but I didn't really want to use his ansible machinery for HW provisioning and k8s install so I grabbed just some stuff from him and I tackled these parts on my way.\n\nSo for HW provisioning go to [HW section](https://github.com/fenio/homelab#hardware-provisioning)\n\nAnd for k8s install go to [install section](https://github.com/fenio/homelab#kubernetes-installation-using-k0sctl)\n\nAnd if you have working k8s cluster and you just want to start using Flux to deploy workloads on it then simply move to [Flux](https://github.com/fenio/homelab#flux) section.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003ch2 style=\"display: inline-block; margin: 0;\"\u003eHardware provisioning\u003c/h2\u003e\u003c/summary\u003e\n\nFew words about my HW setup. Here's a picture of it:\n\n![lab](https://github.com/fenio/dumb-provisioner/blob/main/IMG_0891.jpeg)\n\nNAS runs TrueNAS Scale and it's installed manually as I don't expect it to be reinstalled too often.\nK8S related stuff like Dell Wyse terminals and master node which is running on NAS as a VM are being reinstalled from time to time so I had to figure out some way to do it easily.\nThat's how [dumb provisioner](https://github.com/fenio/dumb-provisioner/) was born.\n\n## 🔧 Hardware\n\n| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |\n| ---------------------------- | ----- | -------------- | ------------------ | ---- | --------------------- | ---------------------------- |\n| Mikrotik RB4011iGS+5HacQ2HnD | 1 | 512MB | | 1GB | RouterOS 7.13 | router |\n| Dell Wyse 5070 | 3 | 16GB | 128GB | 12GB | Debian 12.4 | node(s) |\n| Odroid H3+ | 1 | 64GB | 8x480GB SSD | 32GB | TrueNAS Scale 23.10.1 | k8s storage / master (in vm) |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003ch2 style=\"display: inline-block; margin: 0;\"\u003eKubernetes installation using k0s(ctl)\u003c/h2\u003e\u003c/summary\u003e\n\nk0sctl allows to **greatly** simplify k8s install. Below is my configuration file which basically allows me to install whole cluster within minutes.\nObviously every host which is later part of the cluster needs to be accessible via SSH.\n\n\n```sh\n❯ ~/homelab cat k0sctl.yaml\napiVersion: k0sctl.k0sproject.io/v1beta1\nkind: Cluster\nmetadata:\n name: lab\nspec:\n hosts:\n - ssh:\n address: 10.10.20.99\n user: root\n port: 22\n keyPath: ~/.ssh/id_rsa\n role: controller\n files:\n - name: Prometheus CRDs\n src: stripped-down-crds.yaml\n dstDir: /var/lib/k0s/manifests/prometheus/\n perm: 0600\n installFlags:\n - --disable-components=metrics-server\n - --enable-metrics-scraper\n - ssh:\n address: 10.10.20.101\n user: root\n port: 22\n keyPath: ~/.ssh/id_rsa\n role: worker\n - ssh:\n address: 10.10.20.102\n user: root\n port: 22\n keyPath: ~/.ssh/id_rsa\n role: worker\n - ssh:\n address: 10.10.20.103\n user: root\n port: 22\n keyPath: ~/.ssh/id_rsa\n role: worker\n k0s:\n version: 1.29.4+k0s.0\n dynamicConfig: false\n config:\n spec:\n network:\n provider: custom\n kubeProxy:\n disabled: true\n extensions:\n helm:\n repositories:\n - name: cilium\n url: https://helm.cilium.io\n charts:\n - name: cilium\n chartname: cilium/cilium\n version: \"1.15.4\"\n namespace: net\n values: |2\n hubble:\n enabled: true\n metrics:\n enabled:\n - dns:query\n - drop\n - tcp\n - flow\n - port-distribution\n - icmp\n - http\n serviceMonitor:\n enabled: true\n relay:\n enabled: true\n rollOutPods: true\n prometheus:\n serviceMonitor:\n enabled: true\n resources:\n requests:\n cpu: 10m\n memory: 100Mi\n ephemeral-storage: 1Gi\n limits:\n cpu: 200m\n memory: 100Mi\n ephemeral-storage: 2Gi\n ui:\n enabled: true\n rollOutPods: true\n backend:\n image:\n pullPolicy: Always\n resources:\n requests:\n cpu: 10m\n memory: 100Mi\n ephemeral-storage: 1Gi\n limits:\n cpu: 500m\n memory: 100Mi\n ephemeral-storage: 2Gi\n securityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n capabilities: {drop: [\"ALL\"]}\n frontend:\n image:\n pullPolicy: Always\n resources:\n requests:\n cpu: 10m\n memory: 100Mi\n ephemeral-storage: 1Gi\n limits:\n cpu: 200m\n memory: 100Mi\n ephemeral-storage: 2Gi\n securityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n capabilities: {drop: [\"ALL\"]}\n image:\n pullPolicy: \"Always\"\n bgpControlPlane:\n enabled: true\n bgp:\n enabled: false\n kubeProxyReplacement: true\n k8sServiceHost: 10.10.20.99\n k8sServicePort: 6443\n encryption:\n enabled: true\n type: wireguard\n nodeEncryption: true\n operator:\n replicas: 1\n prometheus:\n enabled: true\n serviceMonitor:\n enabled: true\n resources:\n requests:\n cpu: 50m\n memory: 100Mi\n ephemeral-storage: 1Gi\n limits:\n cpu: 500m\n memory: 100Mi\n ephemeral-storage: 2Gi\n ipam:\n mode: kubernetes\n operator:\n clusterPoolIPv4PodCIDR: 10.20.0.0/16\n clusterPoolIPv4MaskSize: 24\n bpf:\n masquerade: true\n prometheus:\n enabled: true\n serviceMonitor:\n enabled: true\n resources:\n requests:\n cpu: 100m\n memory: 400Mi\n ephemeral-storage: 1Gi\n limits:\n cpu: 1\n memory: 400Mi\n ephemeral-storage: 2Gi\n cgroup:\n autoMount:\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ephemeral-storage: 1Gi\n limits:\n cpu: 600m\n memory: 100Mi\n ephemeral-storage: 2Gi\n cni:\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ephemeral-storage: 1Gi\n limits:\n cpu: 800m\n memory: 100Mi\n ephemeral-storage: 2Gi\n initResources:\n requests:\n cpu: 100m\n memory: 100Mi\n ephemeral-storage: 1Gi\n limits:\n cpu: 300m\n memory: 100Mi\n ephemeral-storage: 2Gi\n```\n\nOnce you've got such configuration you just have to run the following command:\n\n```sh\n❯ ~/homelab k0sctl apply --config k0sctl.yaml\n\n⠀⣿⣿⡇⠀⠀⢀⣴⣾⣿⠟⠁⢸⣿⣿⣿⣿⣿⣿⣿⡿⠛⠁⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀█████████ █████████ ███\n⠀⣿⣿⡇⣠⣶⣿⡿⠋⠀⠀⠀⢸⣿⡇⠀⠀⠀⣠⠀⠀⢀⣠⡆⢸⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀███ ███ ███\n⠀⣿⣿⣿⣿⣟⠋⠀⠀⠀⠀⠀⢸⣿⡇⠀⢰⣾⣿⠀⠀⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀███ ███ ███\n⠀⣿⣿⡏⠻⣿⣷⣤⡀⠀⠀⠀⠸⠛⠁⠀⠸⠋⠁⠀⠀⣿⣿⡇⠈⠉⠉⠉⠉⠉⠉⠉⠉⢹⣿⣿⠀███ ███ ███\n⠀⣿⣿⡇⠀⠀⠙⢿⣿⣦⣀⠀⠀⠀⣠⣶⣶⣶⣶⣶⣶⣿⣿⡇⢰⣶⣶⣶⣶⣶⣶⣶⣶⣾⣿⣿⠀█████████ ███ ██████████\nk0sctl v0.17.5 Copyright 2023, k0sctl authors.\nAnonymized telemetry of usage will be sent to the authors.\nBy continuing to use k0sctl you agree to these terms:\nhttps://k0sproject.io/licenses/eula\nINFO ==\u003e Running phase: Connect to hosts\nINFO [ssh] 10.10.20.99:22: connected\nINFO [ssh] 10.10.20.101:22: connected\nINFO [ssh] 10.10.20.103:22: connected\nINFO [ssh] 10.10.20.102:22: connected\nINFO ==\u003e Running phase: Detect host operating systems\nINFO [ssh] 10.10.20.101:22: is running Debian GNU/Linux 12 (bookworm)\nINFO [ssh] 10.10.20.99:22: is running Debian GNU/Linux 12 (bookworm)\nINFO [ssh] 10.10.20.103:22: is running Debian GNU/Linux 12 (bookworm)\nINFO [ssh] 10.10.20.102:22: is running Debian GNU/Linux 12 (bookworm)\nINFO ==\u003e Running phase: Acquire exclusive host lock\nINFO ==\u003e Running phase: Prepare hosts\nINFO ==\u003e Running phase: Gather host facts\nINFO [ssh] 10.10.20.102:22: using node2 as hostname\nINFO [ssh] 10.10.20.103:22: using node3 as hostname\nINFO [ssh] 10.10.20.101:22: using node1 as hostname\nINFO [ssh] 10.10.20.99:22: using master as hostname\nINFO [ssh] 10.10.20.102:22: discovered enp1s0 as private interface\nINFO [ssh] 10.10.20.101:22: discovered enp1s0 as private interface\nINFO [ssh] 10.10.20.103:22: discovered enp1s0 as private interface\nINFO [ssh] 10.10.20.99:22: discovered ens3 as private interface\nINFO ==\u003e Running phase: Validate hosts\nINFO ==\u003e Running phase: Validate facts\nINFO ==\u003e Running phase: Download k0s on hosts\nINFO [ssh] 10.10.20.101:22: downloading k0s v1.29.4+k0s.0\nINFO [ssh] 10.10.20.102:22: downloading k0s v1.29.4+k0s.0\nINFO [ssh] 10.10.20.103:22: downloading k0s v1.29.4+k0s.0\nINFO [ssh] 10.10.20.99:22: downloading k0s v1.29.4+k0s.0\nINFO ==\u003e Running phase: Upload files to hosts\nINFO [ssh] 10.10.20.99:22: uploading Prometheus CRDs\nINFO ==\u003e Running phase: Install k0s binaries on hosts\nINFO [ssh] 10.10.20.99:22: validating configuration\nINFO ==\u003e Running phase: Configure k0s\nINFO [ssh] 10.10.20.99:22: installing new configuration\nINFO ==\u003e Running phase: Initialize the k0s cluster\nINFO [ssh] 10.10.20.99:22: installing k0s controller\nINFO [ssh] 10.10.20.99:22: waiting for the k0s service to start\nINFO [ssh] 10.10.20.99:22: waiting for kubernetes api to respond\nINFO ==\u003e Running phase: Install workers\nINFO [ssh] 10.10.20.101:22: validating api connection to https://10.10.20.99:6443\nINFO [ssh] 10.10.20.103:22: validating api connection to https://10.10.20.99:6443\nINFO [ssh] 10.10.20.102:22: validating api connection to https://10.10.20.99:6443\nINFO [ssh] 10.10.20.99:22: generating a join token for worker 1\nINFO [ssh] 10.10.20.99:22: generating a join token for worker 2\nINFO [ssh] 10.10.20.99:22: generating a join token for worker 3\nINFO [ssh] 10.10.20.102:22: writing join token\nINFO [ssh] 10.10.20.103:22: writing join token\nINFO [ssh] 10.10.20.101:22: writing join token\nINFO [ssh] 10.10.20.102:22: installing k0s worker\nINFO [ssh] 10.10.20.103:22: installing k0s worker\nINFO [ssh] 10.10.20.101:22: installing k0s worker\nINFO [ssh] 10.10.20.101:22: starting service\nINFO [ssh] 10.10.20.102:22: starting service\nINFO [ssh] 10.10.20.103:22: starting service\nINFO [ssh] 10.10.20.101:22: waiting for node to become ready\nINFO [ssh] 10.10.20.102:22: waiting for node to become ready\nINFO [ssh] 10.10.20.103:22: waiting for node to become ready\nINFO ==\u003e Running phase: Release exclusive host lock\nINFO ==\u003e Running phase: Disconnect from hosts\nINFO ==\u003e Finished in 1m40s\nINFO k0s cluster version v1.29.4+k0s.0 is now installed\nINFO Tip: To access the cluster you can now fetch the admin kubeconfig using:\nINFO k0sctl kubeconfig\n```\n\nAnd after less than 2 minutes you should end up with working cluster with Cilium as a CNI:\n\n```sh\n❯ ~ k0sctl kubeconfig \u003e ~/.kube/config\n\n[☸ lab:default]\n❯ ~ kubectl get nodes\nNAME STATUS ROLES AGE VERSION\nnode1 Ready \u003cnone\u003e 2m10s v1.29.1+k0s\nnode2 Ready \u003cnone\u003e 2m16s v1.29.1+k0s\nnode3 Ready \u003cnone\u003e 2m16s v1.29.1+k0s\n\n[☸ lab:default]\n❯ ~ cilium status\n /¯¯\\\n /¯¯\\__/¯¯\\ Cilium: OK\n \\__/¯¯\\__/ Operator: OK\n /¯¯\\__/¯¯\\ Envoy DaemonSet: disabled (using embedded mode)\n \\__/¯¯\\__/ Hubble Relay: disabled\n \\__/ ClusterMesh: disabled\n\nDeployment cilium-operator Desired: 1, Ready: 1/1, Available: 1/1\nDaemonSet cilium Desired: 3, Ready: 3/3, Available: 3/3\nContainers: cilium Running: 3\n cilium-operator Running: 1\nCluster Pods: 6/6 managed by Cilium\nHelm chart version: 1.15.0\nImage versions cilium quay.io/cilium/cilium:v1.14.5@sha256:d3b287029755b6a47dee01420e2ea469469f1b174a2089c10af7e5e9289ef05b: 3\n cilium-operator quay.io/cilium/operator-generic:v1.14.5@sha256:303f9076bdc73b3fc32aaedee64a14f6f44c8bb08ee9e3956d443021103ebe7a: 1\n```\n\nWe can get more info about CNI status by running `cilium status` from inside of one of its POD:\n\n```\n[☸ lab:kube-system]\n❯ ~ kubectl exec -it cilium-25r4n -- /bin/sh\nDefaulted container \"cilium-agent\" out of: cilium-agent, config (init), mount-cgroup (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)\n# cilium status\nKVStore: Ok Disabled\nKubernetes: Ok 1.29 (v1.29.1+k0s) [linux/amd64]\nKubernetes APIs: [\"EndpointSliceOrEndpoint\", \"cilium/v2::CiliumClusterwideNetworkPolicy\", \"cilium/v2::CiliumEndpoint\", \"cilium/v2::CiliumNetworkPolicy\", \"cilium/v2::CiliumNode\", \"cilium/v2alpha1::CiliumCIDRGroup\", \"core/v1::Namespace\", \"core/v1::Pods\", \"core/v1::Service\", \"networking.k8s.io/v1::NetworkPolicy\"]\nKubeProxyReplacement: True [enp1s0 10.10.20.101 (Direct Routing), cilium_wg0 ]\nHost firewall: Disabled\nCNI Chaining: none\nCilium: Ok 1.15.0 (v1.15.0-2db45c46)\nNodeMonitor: Listening for events on 4 CPUs with 64x4096 of shared memory\nCilium health daemon: Ok\nIPAM: IPv4: 4/254 allocated from 10.244.1.0/24,\nIPv4 BIG TCP: Disabled\nIPv6 BIG TCP: Disabled\nBandwidthManager: Disabled\nHost Routing: BPF\nMasquerading: BPF [enp1s0, cilium_wg0] 10.244.1.0/24 [IPv4: Enabled, IPv6: Disabled]\nController Status: 30/30 healthy\nProxy Status: OK, ip 10.244.1.49, 0 redirects active on ports 10000-20000, Envoy: embedded\nGlobal Identity Range: min 256, max 65535\nHubble: Ok Current/Max Flows: 2479/4095 (60.54%), Flows/s: 9.27 Metrics: Disabled\nEncryption: Wireguard [NodeEncryption: Enabled, cilium_wg0 (Pubkey: JrpKhZJ//XKclrd+6p8SGfp0GadsW7Ikxu7YWQK0hTk=, Port: 51871, Peers: 2)]\nCluster health: 3/3 reachable (2024-01-12T05:26:31Z)\n```\n\nAs you can see we're in BPF mode with Wireguard enabled.\n\n\u003c/details\u003e\n\n## Flux\n\n### Install Flux\n\n```sh\n[☸ lab:default]\n❯ ~/homelab $ kubectl apply --server-side --kustomize ./cluster/bootstrap/flux\nnamespace/flux-system serverside-applied\nresourcequota/critical-pods serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/alerts.notification.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/buckets.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/gitrepositories.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/helmcharts.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/helmreleases.helm.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/helmrepositories.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/imagepolicies.image.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/imagerepositories.image.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/imageupdateautomations.image.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/kustomizations.kustomize.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/ocirepositories.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/providers.notification.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/receivers.notification.toolkit.fluxcd.io serverside-applied\nserviceaccount/helm-controller serverside-applied\nserviceaccount/image-automation-controller serverside-applied\nserviceaccount/image-reflector-controller serverside-applied\nserviceaccount/kustomize-controller serverside-applied\nserviceaccount/notification-controller serverside-applied\nserviceaccount/source-controller serverside-applied\nclusterrole.rbac.authorization.k8s.io/crd-controller serverside-applied\nclusterrole.rbac.authorization.k8s.io/flux-edit serverside-applied\nclusterrole.rbac.authorization.k8s.io/flux-view serverside-applied\nclusterrolebinding.rbac.authorization.k8s.io/cluster-reconciler serverside-applied\nclusterrolebinding.rbac.authorization.k8s.io/crd-controller serverside-applied\nservice/notification-controller serverside-applied\nservice/source-controller serverside-applied\nservice/webhook-receiver serverside-applied\ndeployment.apps/helm-controller serverside-applied\ndeployment.apps/image-automation-controller serverside-applied\ndeployment.apps/image-reflector-controller serverside-applied\ndeployment.apps/kustomize-controller serverside-applied\ndeployment.apps/notification-controller serverside-applied\ndeployment.apps/source-controller serverside-applied\n```\n\n### Apply Cluster Configuration\n\n_These cannot be applied with `kubectl` in the regular fashion due to be encrypted with sops_\n\n**Make sure you've got SOPS configured so it can easily use your key file or point it to the correct file with something like this:**\n\n```sh\nexport SOPS_AGE_KEY_FILE=~/AGE/sops-key.txt\n```\n\n```sh\n[☸ lab:default]\n❯ ~/homelab $ sops --decrypt cluster/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f -\nsecret/cluster-secrets created\nsecret/dns-credentials created\nsecret/pg-credentials created\nsecret/sops-age created\nsecret/github-deploy-key created\n\n[☸ lab:default]\n❯ ~/homelab $ kubectl apply -f cluster/flux/vars/cluster-settings.yaml\nconfigmap/cluster-settings created\n```\n### Kick off Flux applying this repository\n\n```sh\n[☸ lab:default]\n❯ ~/homelab $ kubectl apply --server-side --kustomize ./cluster/flux/config\nkustomization.kustomize.toolkit.fluxcd.io/cluster serverside-applied\nkustomization.kustomize.toolkit.fluxcd.io/flux serverside-applied\ngitrepository.source.toolkit.fluxcd.io/homelab serverside-applied\nocirepository.source.toolkit.fluxcd.io/flux-manifests serverside-applied\n```\n\nAll of the above in one shot using init.sh:\n\n```sh\n[☸ lab:default] [ main]\n❯ ~/homelab ./init.sh\nnamespace/flux-system serverside-applied\nresourcequota/critical-pods serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/alerts.notification.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/buckets.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/gitrepositories.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/helmcharts.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/helmreleases.helm.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/helmrepositories.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/imagepolicies.image.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/imagerepositories.image.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/imageupdateautomations.image.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/kustomizations.kustomize.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/ocirepositories.source.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/providers.notification.toolkit.fluxcd.io serverside-applied\ncustomresourcedefinition.apiextensions.k8s.io/receivers.notification.toolkit.fluxcd.io serverside-applied\nserviceaccount/helm-controller serverside-applied\nserviceaccount/image-automation-controller serverside-applied\nserviceaccount/image-reflector-controller serverside-applied\nserviceaccount/kustomize-controller serverside-applied\nserviceaccount/notification-controller serverside-applied\nserviceaccount/source-controller serverside-applied\nclusterrole.rbac.authorization.k8s.io/crd-controller serverside-applied\nclusterrole.rbac.authorization.k8s.io/flux-edit serverside-applied\nclusterrole.rbac.authorization.k8s.io/flux-view serverside-applied\nclusterrolebinding.rbac.authorization.k8s.io/cluster-reconciler serverside-applied\nclusterrolebinding.rbac.authorization.k8s.io/crd-controller serverside-applied\nservice/notification-controller serverside-applied\nservice/source-controller serverside-applied\nservice/webhook-receiver serverside-applied\ndeployment.apps/helm-controller serverside-applied\ndeployment.apps/image-automation-controller serverside-applied\ndeployment.apps/image-reflector-controller serverside-applied\ndeployment.apps/kustomize-controller serverside-applied\ndeployment.apps/notification-controller serverside-applied\ndeployment.apps/source-controller serverside-applied\nsecret/cluster-secrets created\nsecret/dns-credentials created\nsecret/pg-credentials created\nsecret/sops-age created\nsecret/github-deploy-key created\nconfigmap/cluster-settings created\nkustomization.kustomize.toolkit.fluxcd.io/cluster serverside-applied\nkustomization.kustomize.toolkit.fluxcd.io/flux serverside-applied\ngitrepository.source.toolkit.fluxcd.io/homelab serverside-applied\nocirepository.source.toolkit.fluxcd.io/flux-manifests serverside-applied\n```\n\n## AGE / SOPS secrets\n\n```\n[☸ lab:default]\n❯ ~ $ age-keygen -o sops-key.txt\nPublic key: age1g8nxh9vntdtkjmsav07ytqetpuh2524a7e98f6a77rulu4rzvgwstyvhru\n\n[☸ lab:default]\n❯ ~ $ kubectl -n flux-system create secret generic sops-age --from-file=age.agekey=sops-key.txt\nsecret/sops-age created\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffenio%2Fhomelab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffenio%2Fhomelab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffenio%2Fhomelab/lists"}