{"id":13631964,"url":"https://github.com/ricsanfre/pi-cluster","last_synced_at":"2025-05-15T18:08:22.441Z","repository":{"id":37586507,"uuid":"379987976","full_name":"ricsanfre/pi-cluster","owner":"ricsanfre","description":"Pi Kubernetes Cluster. Homelab kubernetes cluster automated with Ansible and FluxCD","archived":false,"fork":false,"pushed_at":"2025-05-15T12:21:45.000Z","size":33562,"stargazers_count":480,"open_issues_count":34,"forks_count":77,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-05-15T13:32:04.370Z","etag":null,"topics":["ansible","arm64","cluster","fluxcd","gitops","homelab","k3s","kubernetes","raspberry-pi","x86-64"],"latest_commit_sha":null,"homepage":"https://picluster.ricsanfre.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ricsanfre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-24T16:28:48.000Z","updated_at":"2025-05-14T18:49:46.000Z","dependencies_parsed_at":"2023-10-16T11:00:53.151Z","dependency_job_id":"2ce3dbce-d480-44bb-abe8-fcda6b1cea58","html_url":"https://github.com/ricsanfre/pi-cluster","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fpi-cluster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fpi-cluster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fpi-cluster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fpi-cluster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ricsanfre","download_url":"https://codeload.github.com/ricsanfre/pi-cluster/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254394722,"owners_count":22063984,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","arm64","cluster","fluxcd","gitops","homelab","k3s","kubernetes","raspberry-pi","x86-64"],"created_at":"2024-08-01T22:02:46.444Z","updated_at":"2025-05-15T18:08:22.419Z","avatar_url":"https://github.com/ricsanfre.png","language":"Shell","funding_links":[],"categories":["Shell","raspberry-pi"],"sub_categories":[],"readme":"# Pi Kubernetes Cluster\n\n\u003cimg src=\"docs/assets/img/picluster-logo.png\" width=\"200\" /\u003e\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003cimg src=\"docs/assets/img/pi-cluster.png\" width=\"400\" alt=\"pi-cluster-1.0\"/\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003cimg src=\"docs/assets/img/pi-cluster-2.0.png\" width=\"360\" /\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n    \u003ctd\u003e\u003cimg src=\"docs/assets/img/pi-cluster-3.0.png\" width=\"600\" /\u003e\u003c/td\u003e\n\u003c/table\u003e\n\n**K3S Kubernetes Cluster at home automated with Ansible and FluxCD**\n\n\nThis is an educational project to build a hybrid x86/ARM Kubernetes cluster at home, using Raspberry Pi and refurbished x86 mini PCs, learn to deploy basic kubernetes services and automate its deployment and configuration applying IaC (infrastructure as a code) and GitOps methodologies.\n\n\nThe entire process for creating this cluster at home, from cluster design and architecture to step-by-step manual configuration guides, has been documented and it is published in the project website: https://picluster.ricsanfre.com.\n\nThis repository contains all source code used to automate all manual tasks described in the documentation: Cloud-init's configuration files, Ansible's source code (playbooks/roles), and packaged Kubernetes applications (helm and kustomize) to be deployed using FluxCD. \n\nSince its deployment is completely automated, the cluster can be re-deployed in minutes as many times as needed for testing new cluster configurations, new software versions or just take you out of any mesh you could cause playing with the cluster.\n\n## Scope\n\nThe scope of this project is to build a hybrid x86/ARM kubernetes cluster at home, using low cost Raspeberry PIs and old refurbished mini PCs, and automate its deployment and configuration applying **IaC (infrastructure as a code)** and **GitOps** methodologies with tools like [Ansible](https://docs.ansible.com/), [cloud-init](https://cloudinit.readthedocs.io/en/latest/) and [Flux CD](https://fluxcd.io/).\n\nAs part of the project, the goal is to use a lightweight Kubernetes flavor based on [K3S](https://k3s.io/) and deploy cluster basic services such as:\n- Distributed block storage for POD's persistent volumes, [LongHorn](https://longhorn.io/).\n- S3 Object storage, [Minio](https://min.io/).\n- Backup/restore solution for the cluster, [Velero](https://velero.io/) and [Restic](https://restic.net/).\n- Certificate management, [Cert-Manager](https://cert-manager.io).\n- Secrets Management solution with [Vault](https://www.vaultproject.io/) and [External Secrets](https://external-secrets.io/)\n- Identity Access Management(IAM) providing Single-sign On, [Keycloak](https://www.keycloak.org/)\n- Observability platform based on:\n   - Metrics monitoring solution, [Prometheus](https://prometheus.io/)\n   - Logging and analytics solution, combined EFK+LG stacks ([Elasticsearch](https://www.elastic.co/elasticsearch/)-[Fluentd](https://www.fluentd.org/)/[Fluentbit](https://fluentbit.io/)-[Kibana](https://www.elastic.co/kibana/) + [Loki](https://grafana.com/oss/loki/)-[Grafana](https://grafana.com/oss/grafana/))\n   - Distributed tracing solution, [Tempo](https://grafana.com/oss/tempo/).\n\nAlso deployment of services for building a cloud-native microservices architecture are include as part of the scope:\n\n- Service mesh architecture, [Istio](https://istio.io/)\n- API security with Oauth2.0 and OpenId Connect, using IAM solution, [Keycloak](https://www.keycloak.org/)\n- Streaming platform, [Kafka](https://kafka.apache.org/)\n\n## Technology Stack\n\nThe following picture shows the set of opensource solutions used so far in the cluster, which installation process has been documented and its deployment has been automated with Ansible/FluxCD:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/img/pi-cluster-tech-stack.png\" width=\"500\"/\u003e\n\u003c/p\u003e\n\n\u003cdiv class=\"d-flex\"\u003e\n\u003ctable class=\"table table-white table-borderer border-dark w-auto align-middle\"\u003e\n    \u003ctr\u003e\n        \u003cth\u003e\u003c/th\u003e\n        \u003cth\u003eName\u003c/th\u003e\n        \u003cth\u003eDescription\u003c/th\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/ansible.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://www.ansible.com\"\u003eAnsible\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eAutomate OS configuration, external services installation and k3s installation and bootstrapping\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/flux-cd.png\" alt=\"fluxcd logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://fluxcd.io/\"\u003eFluxCD\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eGitOps tool for deploying applications to Kubernetes\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/cloud-init.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://cloudinit.readthedocs.io/en/latest/\"\u003eCloud-init\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eAutomate OS initial installation\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/ubuntu.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://ubuntu.com/\"\u003eUbuntu\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eCluster nodes OS\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/openwrt-icon.png\" alt=\"openwrt logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://openwrt.org/\"\u003eOpenWRT\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eRouter/Firewall OS\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/k3s.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://k3s.io/\"\u003eK3S\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eLightweight distribution of Kubernetes\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/containerd.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://containerd.io/\"\u003econtainerd\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eContainer runtime integrated with K3S\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"60\" src=\"docs/assets/img/logos/cilium.svg\" alt=\"cilium logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://cilium.io\"\u003eCilium\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes Networking (CNI) and Load Balancer\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/coredns.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://coredns.io/\"\u003eCoreDNS\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes DNS\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/external-dns.png\" alt=\"external-dns logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://kubernetes-sigs.github.io/external-dns/\"\u003eExternalDNS\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eExternal DNS synchronization\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/haproxy.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://www.haproxy.org/\"\u003eHA Proxy\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes API Load-balancer\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/nginx.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://kubernetes.github.io/ingress-nginx/\"\u003eIngress NGINX\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes Ingress Controller\u003c/td\u003e\n    \u003c/tr\u003e \n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/longhorn.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://longhorn.io/\"\u003eLonghorn\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes distributed block storage\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"20\" src=\"docs/assets/img/logos/minio.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://min.io/\"\u003eMinio\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eS3 Object Storage solution\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/cert-manager.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://cert-manager.io\"\u003eCert-manager\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eTLS Certificates management\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/vault.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://www.vaultproject.io/\"\u003eHashicorp Vault\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eSecrets Management solution\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/external-secrets.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://external-secrets.io/\"\u003eExternal Secrets Operator\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eSync Kubernetes Secrets from Hashicorp Vault\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/keycloak.svg\" alt=\"keycloak logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://www.keycloak.org/\"\u003eKeycloak\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eIdentity Access Management\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/OAuth2-proxy.svg\" alt=\"oauth2-proxy logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/\"\u003eOAuth2.0 Proxy\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eOAuth2.0 Proxy\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/velero.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://velero.io/\"\u003eVelero\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes Backup and Restore solution\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/restic.png\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://restic.net/\"\u003eRestic\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eOS Backup and Restore solution\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/prometheus.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://prometheus.io/\"\u003ePrometheus\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eMetrics monitoring and alerting\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/fluentd.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://www.fluentd.org/\"\u003eFluentd\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eLogs forwarding and distribution\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"60\" src=\"docs/assets/img/logos/fluentbit.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://fluentbit.io/\"\u003eFluentbit\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eLogs collection\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/loki.png\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://grafana.com/oss/loki/\"\u003eLoki\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eLogs aggregation\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/elastic.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/\"\u003eElasticsearch\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eLogs analytics\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/kibana.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://www.elastic.co/kibana/\"\u003eKibana\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eLogs analytics Dashboards\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/tempo.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://grafana.com/oss/tempo/\"\u003eTempo\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eDistributed tracing monitoring\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/grafana.svg\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://grafana.com/oss/grafana/\"\u003eGrafana\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eMonitoring Dashboards\u003c/td\u003e\n    \u003c/tr\u003e\n        \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/istio-icon-color.svg\" alt=\"istio logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://istio.io/\"\u003eIstio\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes Service Mesh\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/apache_kafka.svg\" alt=\"kafka logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://strimzi.io/\"\u003eStrimzi Kafka\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes Operator for running Kafka streaming platform\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/cloudnative-pg.png\" alt=\"cnpg logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://cloudnative-pg.io/\"\u003eCloudNative PosgreSQL\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes Operator for running PosgreSQL \u003c/td\u003e\n    \u003c/tr\u003e\n        \u003ctr\u003e\n        \u003ctd\u003e\u003cimg width=\"32\" src=\"docs/assets/img/logos/mongodb.svg\" alt=\"mongodb logo\"\u003e\u003c/td\u003e\n        \u003ctd\u003e\u003ca href=\"https://github.com/mongodb/mongodb-kubernetes-operator\"\u003eMongoDB Kubernetes Operator\u003c/a\u003e\u003c/td\u003e\n        \u003ctd\u003eKubernetes Operator for running MongoDB \u003c/td\u003e\n    \u003c/tr\u003e\n\u003c/table\u003e\n\u003c/div\u003e\n\n## Deprecated Technology\n\nThe following technologies have been used in previous releases of PiCluster but they have been deprecated and not longer maintained\n\n\n|                      | Name         | Description                                                                                                             |\n| -------------------- | ------------ |:----------------------------------------------------------------------------------------------------------------------- |\n| \u003cimg width=\"60\" src=\"docs/assets/img/logos/metallb.svg\" \u003e | [Metal-LB](https://metallb.universe.tf) | Load-balancer implementation for bare metal Kubernetes clusters. Replaced by Cilium CNI load balancing capabilities |\n| \u003cimg width=\"32\" src=\"docs/assets/img/logos/traefik.svg\" \u003e | [Traefik](https://traefik.io/traefik/)  | Kubernetes Ingress Controller. Replaced by NGINX Ingress Controller  |\n| \u003cimg width=\"32\" src=\"docs/assets/img/logos/argocd.svg\" \u003e  | [ArgoCD](https://argo-cd.readthedocs.io/en/stable/)  | GitOps tool. Replaced by FluxCD |\n| \u003cimg width=\"20\" src=\"docs/assets/img/logos/flannel.svg\" \u003e | [Flannel](https://github.com/flannel-io/flannel/) | Kubernetes CNI plugin. Embedded into K3s. Replaced by Cilium CNI |\n\n\n## External Resources and Services\n\nEven whe the premise is to deploy all services in the kubernetes cluster, there is still a need for a few external services/resources. Below is a list of external resources/services and why we need them.\n\n### Cloud external services\n\n\n|  |Provider | Resource | Purpose |\n| --- | --- | --- | --- |\n| \u003cimg width=\"60\" src=\"docs/assets/img/logos/letsencrypt.svg\" \u003e| [Letsencrypt](https://letsencrypt.org/) | TLS CA Authority | Signed valid TLS certificates |\n| \u003cimg width=\"60\" src=\"docs/assets/img/logos/ionos.png\"\u003e |[IONOS](https://www.ionos.es/) | DNS | DNS and [DNS-01 challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) for certificates |\n\n\u003e **NOTE:** These resources are optional, the homelab still works without them but it won't have trusted certificates\n\n**Alternatives:**\n\n1. Use a private PKI (custom CA to sign certificates).\n\n   Currently supported. Only minor changes are required. See details in [Doc: Quick Start instructions](https://picluster.ricsanfre.com/docs/ansible).\n\n2. Use other DNS provider.\n\n   Cert-manager / Certbot, which are the tools that automatically obtain certificates from Let's Encrypt, can be configured to use other DNS providers. It will need further modifications in the way cert-manager application is deployed (new providers and/or webhooks/plugins might be required).\n\n   Currently only acme issuer (letsencytp) using IONOS as dns-01 challenge provider is configured. Check list of [supported dns01 providers](https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers).\n\n### Self-hosted external services \n\nThere is another list of services that I have decided to run outside the kuberentes cluster selfhosting them.\n\n|  |External Service | Resource | Purpose |\n| --- | --- | --- | --- |\n| \u003cimg width=\"60\" src=\"docs/assets/img/logos/minio.svg\"\u003e |[Minio](https://min.io) | S3 Object Store | Cluster Backup  |\n| \u003cimg width=\"32\" src=\"docs/assets/img/logos/vault.svg\"\u003e |[Hashicorp Vault](https://www.vaultproject.io/) | Secrets Management | Cluster secrets management |\n\nMinio backup servive is hosted in a VM running in Public Cloud, using [Oracle Cloud Infrastructure (OCI) free tier](https://www.oracle.com/es/cloud/free/).\n\nVault service is running in `gateway` node, since Vault kubernetes authentication method need access to Kuberentes API, I won't host Vault service in Public Cloud.\n\n## Cluster architecture and hardware\n\nHome lab architecture, showed in the picture below, consist of a Kubernetes cluster of ARM (Rasbperry PI) and x86 (HP elitedesk 800 G3 mini PCs) nodes and a firewall, built with another Raspberry PI, to isolate cluster network from your home network.\n\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/assets/img/pi-cluster-architecture.png\" width=\"500\"/\u003e\n\u003c/p\u003e\n\n\nSee further details about the architecture and hardware in the [documentation](https://picluster.ricsanfre.com/docs/home/)\n\n## Official Site\n\nYou can browse more information about Pi Cluster Project on https://picluster.ricsanfre.com/. \n\nThe content of this website and the source code to build it (Jekyll static based website) are also stored in this repo: `/docs` folder.\n\n## Usage \n\nCheck out the documentation [Quick Start guide](http://picluster.ricsanfre.com/docs/ansible/) to know how to use and tweak cloud-init files (`/cloud-init` folder), Ansible playbooks (`/ansible` folder) and packaged Kubernetes applications ( `/kubernetes` folder) contained in this repository, so you can use in for your own homelab.\n\n## About the Project\n\nThis project was started in June 2021 by Ricardo Sanchez\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fricsanfre%2Fpi-cluster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fricsanfre%2Fpi-cluster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fricsanfre%2Fpi-cluster/lists"}