https://github.com/Jdavid77/home-cluster

Home-Ops using Talos, Flux and Renovate
https://github.com/Jdavid77/home-cluster

fluxcd gitops home-ops k8s k8s-at-home renovate selfhosted

Last synced: 7 months ago
JSON representation

Home-Ops using Talos, Flux and Renovate

Host: GitHub
URL: https://github.com/Jdavid77/home-cluster
Owner: Jdavid77
License: mit
Created: 2022-11-05T19:54:35.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-10-29T17:52:31.000Z (about 1 year ago)
Last Synced: 2024-10-29T19:03:41.415Z (about 1 year ago)
Topics: fluxcd, gitops, home-ops, k8s, k8s-at-home, renovate, selfhosted
Language: HCL
Homepage:
Size: 2.7 MB
Stars: 4
Watchers: 1
Forks: 1
Open Issues: 20
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

### Kubernetes cluster

... managed using Talos, Flux and Renovate

---

## 📖 Overview

This repository houses the code responsible for managing my home infrastructure.

The setup is based on Talos OS. I used [Talhelper](https://budimanjojo.github.io/talhelper/latest/) to generate the initial configs. Following the cluster deployment, Flux continuously monitors this repository for changes, and Renovate is used to handle automated dependency updates.

---

## Repository Structure

```
📁 infrastructure
└── 📁 talos
├── 📁 clusterconfig # holds the talos configuration for each node
├── 📁 integrations # helmfile for initial deployments
├── 📁 patches # talos patches
└── talconfig.yaml
└── talsecret.sops.yaml
📁 k8s
├── 📁 apps # applications
├── 📁 bootstrap # bootstrap procedures
└── 📁 flux # core flux configuration
📁 terraform
├── 📁 authentik
├── 📁 akeyless
├── 📁 cloudflare
└── 📁 minio

```
---

## :wrench: External Third-Party Components

These tools complement the Kubernetes infrastructure by providing essential functionality for **security**, **automation** and **infrastructure** management

Logo
Tool
Purpose

Sops logo
Sops
A flexible tool for managing repository secrets securely.

Pre-commit
Ensures consistency and quality of YAML and shell scripts in the repository.

Renovate logo
Renovate
Automates the detection of new releases and creates pull requests accordingly.

Akeyless
A centralized platform for managing and securing certificates, credentials, and keys.

Cloudflare logo
Cloudflare
DNS management service for handling domain name resolutions.

GMX logo
GMX
SMTP service provider for managing email communications.

Terraform
IAC tool for automating the provisioning and management of outside dependencies (Akeyless, Cloudflare, etc...).

## 🔧 Hardware

Hardware is a combination of mini PC's and desktop computers. Worker nodes have been upgraded to have more RAM.

Devices
Count
OS Disk Size
RAM
Operating System
Purpose
Links

Bmax1-master
1
128GB
8GB
Talos v1.9.3
Kubernetes Control
Amazon Link

Soyo1-master
1
128GB
6GB
Talos v1.9.3
Kubernetes Control
AliExpress Link

Soyo2-master
1
128GB
6GB
Talos v1.9.3
Kubernetes Control
AliExpress Link

Hp-worker1
1
240GB
20GB
Talos v1.9.3
Kubernetes Worker
Amazon Link

Hp-worker2
1
240GB
28GB
Talos v1.9.3
Kubernetes Worker
Amazon Link

Hp-worker3
1
240GB
32GB
Talos v1.9.3
Kubernetes Worker
Amazon Link

Raspberry PI 4
1
3TB (2 + 1)
8GB
Pi OS
NAS - OpenMediaVault

TP-Link LS108G
1
-
-
-
Switch

---

### Applications

#### Infrastruture Related

Logo
Name
Description

Cert Manager
Let's Encrypt Certificates for SSL/TLS

Cilium
CNI

Longhorn
Distributed block storage for POD's persistent volumes

Minio
S3 Object storage

External DNS
Synchronizes exposed Kubernetes Services and Ingresses with DNS providers.

External Secrets Operator
Used with Akeyless Platform to retrieve and push secrets

Traefik
Reverse proxy and Ingress controller

Tailscale Operator
Secure access to Kubernetes

Cloudflared
Cloudflare Tunnel client

CSI Driver NFS
Allows Kubernetes to access NFS server

Dragonfly
Modern in-memory datastore, fully compatible with Redis and Memcached APIs

Volsync
PVC backups using Restic

Authentik
Open source identity provider

Flux CD
GitOps tool of choice

---

### NAS

The backbone of my home storage infrastructure is built on a Raspberry Pi 4 running [OpenMediaVault](https://www.openmediavault.org/), a dedicated network-attached storage solution. The system utilizes two SSDs (2TB + 1TB) configured to store:

- Media content (books, audiobooks)
- Longhorn volume backups
- System configurations
- Docker Containers Data

The NAS hosts several essential containers:

Service
Description

Postgres
Reliable relational database for persistent data storage

PI-Hole
Network-wide ad blocking and local DNS management

TailNord
Tailscale exit node egressing over NordVPN

---

## Gratitude and Thanks

Thanks to all the people who donate their time to the [Home Operations](https://discord.gg/home-operations) Discord
community. Be sure to check out [kubesearch.dev](https://kubesearch.dev/) for ideas on how to deploy applications or get
ideas on what you may deploy.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/Jdavid77/home-cluster

Awesome Lists containing this project

README

### Kubernetes cluster

... managed using Talos, Flux and Renovate

https://github.com/Jdavid77/home-cluster

Awesome Lists containing this project

README

### Kubernetes cluster ... managed using Talos, Flux and Renovate

### Kubernetes cluster

... managed using Talos, Flux and Renovate