{"id":20382141,"url":"https://github.com/nilsherzig/kubernetes-homelab","last_synced_at":"2026-04-20T06:31:33.337Z","repository":{"id":195864967,"uuid":"693789258","full_name":"nilsherzig/kubernetes-homelab","owner":"nilsherzig","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-06T20:04:18.000Z","size":599,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-15T07:53:57.552Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nilsherzig.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-19T18:03:21.000Z","updated_at":"2024-09-06T20:04:21.000Z","dependencies_parsed_at":"2024-01-24T13:29:15.625Z","dependency_job_id":"f32312a9-d554-4362-b44b-16da00c56677","html_url":"https://github.com/nilsherzig/kubernetes-homelab","commit_stats":null,"previous_names":["nilsherzig/kubernetes-homelab"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilsherzig%2Fkubernetes-homelab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilsherzig%2Fkubernetes-homelab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilsherzig%2Fkubernetes-homelab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilsherzig%2Fkubernetes-homelab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nilsherzig","download_url":"https://codeload.github.com/nilsherzig/kubernetes-homelab/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241935279,"owners_count":20044826,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T02:16:41.454Z","updated_at":"2026-04-20T06:31:28.317Z","avatar_url":"https://github.com/nilsherzig.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubernetes Homelab\n\nWelcome to the Kubernetes Homelab repository! Here, my friend and I plan to document our journey of self-hosting a couple of services using Kubernetes. We will be writing tutorials and blog posts about everything we do, and we aim to make it accessible to everyone, regardless of their existing knowledge of Kubernetes.\n\nWe strive to follow industry standards for a Kubernetes environment, but please note that this is not a recommended way to run a simple container in your home network.\n\n## Work in Progress\n\nPlease keep in mind that this repository is currently a work in progress. We will be adding colors (๐ŸŽ๐Ÿงก๐Ÿ’š) next to sections to indicate their status (only ๐Ÿ’š sections are trustworthy). We also plan to add a static site generator at some point in the future.\n\nTo maintain stability, we aim to keep the `main` branch stable. Any work in progress or incomplete changes will be committed to the `unstable` branch.\n\n## Table of contents\n\nโฎฌ If you're reading this on GitHub you can use the ๐Ÿ” menu on the top left.\n\n## Setup\n\n### Tools / Software we will use\n\n- `ArgoCD`: ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes.\n- `Cert Manager`: Cert-manager is a native Kubernetes certificate management controller. It can help with issuing certificates from a variety of sources, such as Letโ€™s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair, or self-signed.\n- `K3s`: Lightweight Kubernetes distribution, K3s is a lightweight Kubernetes distribution that is easy to install and requires minimal resources, making it ideal for running Kubernetes on edge devices or low-powered hardware.\n- `k9s`: k9s is a terminal UI to interact with your Kubernetes clusters. The aim of this project is to make it easier to navigate, observe and manage your applications in the wild. K9s continually watches Kubernetes for changes and offers subsequent commands to interact with observed Kubernetes resources.\n- `kubectl`: The Kubernetes command-line tool, kubectl, allows you to run commands against Kubernetes clusters. You can use kubectl to deploy applications, inspect and manage cluster resources, and view logs.\n- `Sealed Secrets`: Sealed Secrets is a Kubernetes controller and tool for one-way encrypted Secrets. It works by encrypting a Secret into a SealedSecret, which is safe to store - even to a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original Secret from the SealedSecret.\n\n## Setup on bare metal server running CentOS (or Fedora, or RHEL)\n```bash\nsudo dnf update # update packages\n\nsudo dnf copr enable varlad/helix # add helix editor repo\nsudo dnf install helix # install helix editor\n\nsudo dnf install cockpit # install a webinterface on 9090\nsudo systemctl enable --now cockpit\nsed -i 's/root/#root/' /etc/cockpit/disallowed-users\n\nsudo dnf install dnf-automatic # install a script which will update dnf for you\nsed -i 's/apply_updates = no/apply_updates = yes/' \\\n/etc/dnf/automatic.conf # activate auto apply (not just downloads)\nsudo systemctl enable --now dnf-automatic.timer # start script\n\ncurl -sfL https://get.k3s.io | sh -i # install k3s\n\nREMOTE=\"176.9.10.144\" # set remote host ip / fqdn\nscp root@$REMOTE:/etc/rancher/k3s/k3s.yaml . # copy k3s kubeconfig to local host\nsudo chown $UID:$GID ./k3s.yaml # change kubeconfig ownership to your user\nsed -i \"s/127.0.0.1/$REMOTE/\" ./k3s.yaml # change the clusterapi ip / domain to your remote host\nKUBECONFIG=./k3s.yaml kubectl get nodes # test if everything is working (should return your node)\n\nexport KUBECONFIG=~/.kube/config:./k3s.yaml\nkubectl config view --flatten \u003e /tmp/config\ncp ~/.kube/config ~/.kube/config.bak\ncp /tmp/config ~/.kube/config\nexport KUBECONFIG=~/.kube/config\n```\n\n### Install k3s\n\n#### If you're using NixOS:\n\n```nix\nservice.k3s.enable = true;\n```\n\n#### Every other Linux distribution:\n\nhttps://docs.k3s.io/quick-start\n\n### Install ArgoCD\n\nhttps://argo-cd.readthedocs.io/en/stable/getting_started/\n\n```bash\nkubectl create namespace argocd\nkubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml\n```\n\nhttps://docs.cilium.io/en/latest/configuration/argocd-issues/\n\n### Use Sealed Secrets to provide a Cloudflare DNS Token to your Cluster\n\nCert manager will use this token to automatically request TLS certificates from let's encrypt.\n\nYou don't have to use Cloudflare, but you will have to change the `issuer` in the `./tutorial/certmanger/cm-cert.yml` file.\n\n\nIf you choose to use Cloudflare, you can get your token at https://dash.cloudflare.com/profile/api-tokens.\n\nInstall sealed secrets:\n\n```bash\nkubectl apply -f ./apps/sealed_secrets.yaml\n```\n\nAnd install the local kubeseal cli.\n\nCreate the Cloudflare token secret:\n\n```bash\nkubectl create secret generic secret-name --dry-run=client --from-literal=api-token=[your-cloudflare-token] -n cert-manager -o yaml | \\\n kubeseal \\\n --controller-name=sealed-secrets-controller \\\n --controller-namespace=kubeseal \\\n --format yaml \u003e ./deployments/base/cloudflare-dns-api.yaml\n```\n\nThis command will create a new encrypted secret and save it to `cloudflare-dns-api.yaml`. It will automatically deployed in the argocd step.\n\n### Configure Cert Manager\n\nChange all email addresses and domains in `./deployments/base/cert-manager/` to your own.\n\n### Use ArgoCD to bootstrap a basic cluster\n\nRun `gitleaks detect` to check if you have any secrets in your repository:\n\nPush your changes to a git repository and change the `repoURL` in `./argo/base.yaml` to your repository.\n\nOpen the ArgoCD web interface by port forwarding the service to your local machine (we will create a proper ingress later):\n\n```bash\nkubectl port-forward svc/argocd-server -n argocd 9090:443\n```\n\nApply your Argo application:\n\n```bash\nkubectl apply -f argo # this will apply all files in the argo directory\n```\n\nOpen the ArgoCD web interface at https://localhost:9090 and login using the default credentials:\n\nusername: admin\npassword: `kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=\"{.data.password}\" | base64 -d`\n\nYou should now see your application in the ArgoCD web interface. Click on it and press `SYNC` to deploy your application.\n\n### Adding a private repo to argo\n\n./argo/media.yaml is a private repo. To add it to argo you need to create a secret with your git credentials, or add them in the argocd webui. Otherwise argo wont be able to pull commits from the repo.\n\n# Install nginx ingress controller\n\n```bash\nhelm upgrade --install ingress-nginx ingress-nginx \\\n --repo https://kubernetes.github.io/ingress-nginx \\\n --namespace ingress-nginx --create-namespace\n```\n\n## argocd configmap mods \n\n```bash\nkubectl edit configmap argocd-cm -n argocd\n```\n\n```yaml\ndata:\n resource.customizations: |\n extensions/Ingress:\n health.lua: |\n hs = {}\n hs.status = \"Healthy\"\n return hs\n networking.k8s.io/Ingress:\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n hs.status = \"Healthy\"\n end\n return hs\n resource.exclusions: |\n - apiGroups:\n - cilium.io\n kinds:\n - CiliumIdentity\n clusters:\n - \"*\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnilsherzig%2Fkubernetes-homelab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnilsherzig%2Fkubernetes-homelab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnilsherzig%2Fkubernetes-homelab/lists"}