{"id":15693732,"url":"https://github.com/iarekylew00t/k2net","last_synced_at":"2025-05-08T04:55:24.646Z","repository":{"id":190741359,"uuid":"683188802","full_name":"IAreKyleW00t/k2net","owner":"IAreKyleW00t","description":"🧪 My homelab, made with Terraform, Ansible, and k3s!","archived":false,"fork":false,"pushed_at":"2025-05-07T20:12:21.000Z","size":2474,"stargazers_count":19,"open_issues_count":4,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-08T04:55:07.258Z","etag":null,"topics":["ansible","argocd","github-actions","gitops","k3s","k8s","kubernetes","renovate","terraform"],"latest_commit_sha":null,"homepage":"https://github.com/IAreKyleW00t/k2net","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IAreKyleW00t.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-08-25T20:08:46.000Z","updated_at":"2025-05-07T20:12:23.000Z","dependencies_parsed_at":"2023-12-18T21:29:55.526Z","dependency_job_id":"a68ec0ab-9bb6-48fe-a212-dfda355677ea","html_url":"https://github.com/IAreKyleW00t/k2net","commit_stats":null,"previous_names":["iarekylew00t/k2net"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IAreKyleW00t%2Fk2net","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IAreKyleW00t%2Fk2net/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IAreKyleW00t%2Fk2net/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IAreKyleW00t%2Fk2net/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IAreKyleW00t","download_url":"https://codeload.github.com/IAreKyleW00t/k2net/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253002854,"owners_count":21838640,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","argocd","github-actions","gitops","k3s","k8s","kubernetes","renovate","terraform"],"created_at":"2024-10-03T18:48:08.159Z","updated_at":"2025-05-08T04:55:24.598Z","avatar_url":"https://github.com/IAreKyleW00t.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🧪 K2NET [![status](https://img.shields.io/badge/Status-2ea043)](https://status.kyle2.net/)\n\nMy homelab, managed with GitOps using [Terraform](https://www.terraform.io/), [Ansible](https://www.ansible.com/), and [ArgoCD](https://argoproj.github.io/cd/) on my [k3s](https://k3s.io/) cluster.\n\nDependency updates are handled via [Renovate](https://github.com/renovatebot/renovate) with it's respective [configuration](.github/renovate.json).\n\n[![Repobeats](https://repobeats.axiom.co/api/embed/7c6b1531114f03fd7eeb3b3a7d089e9ea7e9949d.svg)](#)\n\n## Preparation\n\n### Local tools\n\nThe following tools are required to be installed locally for all sections to function properly.\n\n- `kubectl`\n- `helm`\n- `ansible`\n- `terraform` (Optional)\n- `jq`\n- `yq`\n\n### Terraform\n\nAll **cloud** resources are configured via [Terraform](https://www.terraform.io/) with their respective states stored in [Terraform Cloud](https://app.terraform.io/session). Changes to the [`terraform/`](terraform/) directory will be detected and deployed automatically via the [Terraform workflow](.github/workflows/terraform.yaml).\n\n### Ansible\n\nSystem configurations are managed via [Ansible](https://www.ansible.com/) and is used for any \"bare metal\" operations (including setting up the k3s cluster itself). There is no form of automatic deployment for files in the [`ansible/`](ansible/) directory; any updates will need to be deployed manually.\n\n```sh\ncd ansible/\nansible-playbook --vault-password-file ansible_vault.key -i inventory all.yaml\n```\n\n### k3s\n\n#### 1Password\n\nSecrets are managed via [1Password](https://1password.com/) using the [1Password Connect Kubernetes Operator](https://github.com/1Password/onepassword-operator). Since other applications make use of this, we must install it manually the first time.\n\nCreate the Namespace for 1Password Connect Operator.\n\n```sh\nkubectl create namespace op-connect\n```\n\nCreate the Secrets containing your `1password-credentials.json` and token (we Base64 encode the file because it's passed to 1Password through environment variables and gets decoded by the Operator)\n\n```sh\nkubectl create -n op-connect secret generic onepassword-token --from-literal=token=\u003cyour token here\u003e\nkubectl create -n op-connect secret generic op-credentials --from-literal=1password-credentials.json=$(base64 -w0 1password-credentials.json)\n```\n\nInstall the 1Password Connect Operator.\n\n```sh\nhelm repo add 1password https://1password.github.io/connect-helm-charts\nhelm repo update\nOP_VERSION=$(cat k8s/deploy/op-connect/Chart.yaml | yq -r '.dependencies[0].version')\nhelm upgrade --install op-connect 1password/connect \\\n    --version \"$OP_VERSION\" \\\n    --set operator.create=true \\\n    --namespace op-connect \\\n    --create-namespace \\\n    --atomic\n```\n\n#### ArgoCD\n\nEverything is deployed through [ArgoCD](https://argoproj.github.io/cd/), including ArgoCD itself. However, we must manually deploy it the first time before it can start to track it's own changes.\nBecause of how the ArgoCD Helm Chart is setup, it is not possible to inject the `admin` password during setup.\n\n```sh\nhelm repo add argo https://argoproj.github.io/argo-helm\nhelm repo update\nARGO_VERSION=$(cat k8s/deploy/argocd/Chart.yaml | yq -r '.dependencies[0].version')\nhelm upgrade --install argocd argo/argo-cd \\\n    --version \"$ARGO_VERSION\" \\\n    --namespace argocd \\\n    --create-namespace \\\n    --atomic\n```\n\nGet the default random `admin` password:\n\n```sh\nkubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=\"{.data.password}\" | base64 -d\n```\n\n#### Applications\n\nThere are a few secrets and data that needs to be configured _before_ deploying any applications. These secrets are included via `OnePasswordItem` CR's in the [`k8s/prep`](k8s/prep/) folder.\n\n```sh\nfor dir in k8s/prep/*; do\n  kubectl apply -f \"$dir\"\ndone\n```\n\n## Deployments\n\nEach application is listed in the [`k8s/apps`](k8s/apps/) folder, including \"system\" apps. Applications are deployed through ArgoCD and will track changes through it once initially configured. The deployments themselves are all stored in the [`k8s/deploy`](k8s/deploy/) folder and future changes are automatically picked up via ArgoCD.\n\n```sh\nkubectl apply -f k8s/apps/\u003capp\u003e.yaml\n```\n\nWhen initially setting up the Cluster, the order of how each component is deployed will matter since some componentes depend on one another.\n\n```sh\n# Core components\nkubectl apply -f k8s/apps/op-connect.yaml\nkubectl apply -f k8s/apps/metallb.yaml\nkubectl apply -f k8s/apps/cert-manager.yaml\nkubectl apply -f k8s/apps/external-dns.yaml\nkubectl apply -f k8s/apps/ingress-nginx.yaml\nkubectl apply -f k8s/apps/linkerd.yaml\n\n# Storage\nkubectl apply -f k8s/apps/snapshot-controller.yaml\nkubectl apply -f k8s/apps/synology-csi.yaml\nkubectl apply -f k8s/apps/longhorn.yaml\nkubectl apply -f k8s/apps/nfs-subdir-external-provisioner.yaml\n\n# System applications\nkubectl apply -f k8s/apps/grafana.yaml\nkubectl apply -f k8s/apps/loki.yaml\nkubectl apply -f k8s/apps/promtail.yaml\nkubectl apply -f k8s/apps/policy-controller.yaml\nkubectl apply -f k8s/apps/node-problem-detector.yaml\nkubectl apply -f k8s/apps/metrics-server.yaml\nkubectl apply -f k8s/apps/descheduler.yaml\nkubectl apply -f k8s/apps/argocd.yaml\n\n# User applications\nkubectl apply -f k8s/apps/bitwarden.yaml\nkubectl apply -f k8s/apps/heimdall.yaml\nkubectl apply -f k8s/apps/home-assistant.yaml\nkubectl apply -f k8s/apps/mqtt.yaml\nkubectl apply -f k8s/apps/starr-system.yaml\nkubectl apply -f k8s/apps/thelounge.yaml\nkubectl apply -f k8s/apps/unifi.yaml\nkubectl apply -f k8s/apps/uptime-kuma.yaml\n```\n\n## Contributing\n\nFeel free to contribute and make things better by opening an [Issue](https://github.com/IAreKyleW00t/k2net/issues) or [Pull Request](https://github.com/IAreKyleW00t/k2net/pulls).\n\n## License\n\nSee [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiarekylew00t%2Fk2net","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiarekylew00t%2Fk2net","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiarekylew00t%2Fk2net/lists"}