{"id":13820338,"url":"https://github.com/larivierec/home-cluster","last_synced_at":"2025-10-08T00:27:13.042Z","repository":{"id":36960736,"uuid":"407327597","full_name":"larivierec/home-cluster","owner":"larivierec","description":"Talos cluster using gitops and renovate automation","archived":false,"fork":false,"pushed_at":"2025-04-09T16:26:32.000Z","size":10833,"stargazers_count":109,"open_issues_count":3,"forks_count":8,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-09T17:14:20.149Z","etag":null,"topics":["bitwarden","flux","gitops","iac","k8s-at-home","kubernetes","renovate","tailscale","talos"],"latest_commit_sha":null,"homepage":"https://garb.dev","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/larivierec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-16T22:07:07.000Z","updated_at":"2025-04-09T13:04:08.000Z","dependencies_parsed_at":"2024-01-29T19:39:36.215Z","dependency_job_id":"0e95ba2a-e38a-46e2-b88c-3e04340b145f","html_url":"https://github.com/larivierec/home-cluster","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larivierec%2Fhome-cluster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larivierec%2Fhome-cluster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larivierec%2Fhome-cluster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/larivierec%2Fhome-cluster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/larivierec","download_url":"https://codeload.github.com/larivierec/home-cluster/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248074925,"owners_count":21043490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitwarden","flux","gitops","iac","k8s-at-home","kubernetes","renovate","tailscale","talos"],"created_at":"2024-08-04T08:01:01.644Z","updated_at":"2025-10-08T00:27:13.034Z","avatar_url":"https://github.com/larivierec.png","language":"HCL","funding_links":[],"categories":["HCL"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"https://avatars.githubusercontent.com/u/61287648?s=200\u0026v=4\" align=\"center\" width=\"144px\" height=\"144px\" alt=\"kubernetes\"/\u003e\n\n## Home Kubernetes cluster\n\n\u003c/div\u003e\n\n\u003cbr/\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Talos](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fraw.githubusercontent.com%2Flarivierec%2Fhome-cluster%2Fmain%2Fbootstrap%2Ftalos%2Ftalconfig.yaml\u0026query=talosVersion\u0026style=for-the-badge\u0026logo=talos\u0026logoColor=white\u0026color=blue\u0026label=%20)](https://www.talos.dev/)\u0026nbsp;\u0026nbsp;\n[![Kubernetes](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fraw.githubusercontent.com%2Flarivierec%2Fhome-cluster%2Fmain%2Fbootstrap%2Ftalos%2Ftalconfig.yaml\u0026query=kubernetesVersion\u0026style=for-the-badge\u0026logo=kubernetes\u0026logoColor=white\u0026color=blue\u0026label=%20)](https://www.talos.dev/)\u0026nbsp;\u0026nbsp;\n\n[![Discord](https://img.shields.io/discord/673534664354430999?color=7289da\u0026label=DISCORD\u0026style=for-the-badge)](https://discord.gg/home-operations)\u0026nbsp;\u0026nbsp;\n[![renovate](https://img.shields.io/badge/renovate-enabled-brightgreen?style=for-the-badge\u0026logo=renovatebot\u0026logoColor=white)](https://github.com/renovatebot/renovate)\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Age-Days](https://kromgo.garb.dev/cluster_age_days?format=badge\u0026style=flat-square)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Uptime-Days](https://kromgo.garb.dev/cluster_uptime_days?format=badge\u0026style=flat-square)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Node-Count](https://kromgo.garb.dev/cluster_node_count?format=badge\u0026style=flat-square)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Pod-Count](https://kromgo.garb.dev/cluster_pod_count?format=badge\u0026style=flat-square)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![CPU-Usage](https://kromgo.garb.dev/cluster_cpu_usage?format=badge\u0026style=flat-square)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Memory-Usage](https://kromgo.garb.dev/cluster_memory_usage?format=badge\u0026style=flat-square)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Power-Usage](https://kromgo.garb.dev/cluster_power_usage?format=badge\u0026style=flat-square)](https://github.com/kashalls/kromgo/)\n\n\u003c/div\u003e\n\n---\n\n# Kubernetes with Talos\n\n# Networking\n\n### Notes\n\n#### Cilium CNI\n\nBe sure to set the Pod CIDR to the one you have chosen if you aren't using the Talos default. `10.42.0.0/16`\nOtherwise, you will more than likely have issues.\n\n#### Gateway API\n\nIngress and Gateway API can co-exist.\nKeep in mind, the DNS must simply be unique.\n\nYou'll notice in my repo most of my external/internal services have both route and ingress.\nI've noticed after using Gateway-API extensively with Cilium that it is not stable enough, and therefore, opted to use envoy's implementation.\n\nSo far, it's probably one of the best Gateway API implementation that i've used.\n\n#### Ingress\n\nFor ingress controller we need to add this in order to get proper ip address from Cloudflare LB @ L7.\n\n```yaml\ndata:\n  use-forwarded-headers: \"true\"\n  forwarded-for-header: \"CF-Connecting-IP\"\n```\n\nSOPS is only used to create the helm-release required for bitwarden and external-secrets.\nPreviously, it was used throughout the repository however, with external-secrets, bitwarden-sdk, we're able to remove this dependency slightly.\n\nExternal-Secrets uses bitwarden container to retrieve my bitwarden secrets and creates kubernetes secrets with them.\n\nAlso keep in mind, that since the bitwarden container exposes your bitwarden vault, it's good practice to limit who can communicate with it. See the network policy at `kubernetes/main/apps/kube-system/external-secrets/app/network-policy.yaml`\n\n# Nodes/Hardware\n\n| Device                    | Count | OS Disk Size            | Data Disk Size              | Ram  | Operating System | Purpose              |\n| --------------------------|-------|-------------------------|-----------------------------|------|------------------|--------------------- |\n| MS-01                     | 3     | 250Gi NVMe              | 1Ti U.2 NVMe                | 64Gi | Talos            | Kubernetes           |\n| Synology RS1221+          | 1     | 36Ti  HDD / 2Ti NVMe    | -                           | 4Gi  | DSM 7            | NAS                  |\n| UDM Pro Max               | 1     |                         | -                           |  -   |                  | Router / Gateway     |\n| Unifi Core Switch XG-16   | 1     |            -            | -                           |  -   |                  | Switch               |\n| Unifi Enterprise 24 PoE   | 1     |            -            | -                           |  -   |                  | Switch               |\n| Unifi Flex 2.5G PoE       | 1     |            -            | -                           |  -   |                  | Switch               |\n| Unifi Flex 2.5G Mini      | 1     |            -            | -                           |  -   |                  | Switch               |\n| Unifi PDU Pro             | 1     |            -            | -                           |  -   |                  | Power Delivery       ||\n\n---\n\n#### Extra Documentation\n\n1. [frigate](kubernetes/main/apps/home/frigate/README.md)\n2. [scrypted](kubernetes/main/apps/home/scrypted/README.md)\n\n## ⭐ Stargazers\n\n[![Star History Chart](https://api.star-history.com/svg?repos=larivierec/home-cluster\u0026type=Date)](https://www.star-history.com/#larivierec/home-cluster\u0026Date)\n\n## 🤝 Gratitude and Thanks\n\nThanks to all the people who donate their time to the [Home Operations](https://discord.gg/home-operations) Discord community. Be sure to check out [kubesearch.dev](https://kubesearch.dev/) for ideas on how to deploy applications or get ideas on what you may deploy.\n\n- onedr0p\n- bernd-schorgers / bjw-s\n- buroa\n- joryirving\n- [home-operations](https://github.com/home-operations) \n\nFor all their hard work and dedication\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flarivierec%2Fhome-cluster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flarivierec%2Fhome-cluster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flarivierec%2Fhome-cluster/lists"}