Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/axeII/home-ops
A repository for HomeOps where I perform Infrastructure as Code (IaC) and GitOps practices.
https://github.com/axeII/home-ops
ansible cert-manager docker flux k3s k8s-at-home kube-vip kubernetes metalb sops terraform traefik
Last synced: about 2 months ago
JSON representation
A repository for HomeOps where I perform Infrastructure as Code (IaC) and GitOps practices.
- Host: GitHub
- URL: https://github.com/axeII/home-ops
- Owner: axeII
- License: wtfpl
- Created: 2021-07-06T17:45:25.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-05-22T07:11:56.000Z (4 months ago)
- Last Synced: 2024-05-22T12:25:48.718Z (4 months ago)
- Topics: ansible, cert-manager, docker, flux, k3s, k8s-at-home, kube-vip, kubernetes, metalb, sops, terraform, traefik
- Language: HCL
- Homepage:
- Size: 3.01 MB
- Stars: 36
- Watchers: 2
- Forks: 1
- Open Issues: 50
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Home Operations
### HomeOps repo managed by k8s :wheel_of_dharma:
_... automated via [Flux](https://github.com/fluxcd/flux2), [Renovate](https://github.com/renovatebot/renovate) and [GitHub Actions](https://github.com/features/actions)_ :robot:
[](https://discord.gg/home-operations)
[](https://k3s.io/)
[](https://github.com/axeII/home-ops/actions/workflows/renovate.yaml)
[](https://github.com/axeII/home-ops/blob/main/README.md#file_cabinet-hardware)
[](https://github.com/pre-commit/pre-commit)
[](https://github.com/axeII/home-ops/blob/main/README.md)
## 📖 Overview
Here, I perform DevOps best practices but at home. Check out the hardware section where I describe what sort of hardware I am using. Thanks to Ansible, it's very easy for me to manage my home infrastructure and the cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using tools like [Terraform](https://github.com/hashicorp/terraform), [Kubernetes](https://github.com/kubernetes/kubernetes), [Flux](https://github.com/fluxcd/flux2), [Renovate](https://github.com/renovatebot/renovate) and [GitHub Actions](https://github.com/features/actions).
## ⛵ Kubernetes
There is a template over at [onedr0p/cluster-template](https://github.com/onedr0p/cluster-template) if you wanted to try and follow along with some of the practices I use here.
### Installation
For my cluster, I decided to use the PostgreSQL database instead of high IO load using etcd. I store critical data for my cluster in the PostgreSQL database and maintain it in High Availability mode. I use k3s deployed on ubuntu machines. For that I use ansible to prepare the machines and then install k3s and deploy my cluster configuration.
### Core Components
- [cert-manager](https://cert-manager.io/) - SSL certificates - with Cloudflare DNS challenge
- [cillium](https://github.com/cilium/cilium) - CNI for k8s
- [cloudflared](https://github.com/cloudflare/cloudflared): Enables Cloudflare secure access to my ingresses.
- [external-dns](https://github.com/kubernetes-sigs/external-dns): Automatically syncs ingress DNS records to a DNS provider.
- [external-secrets](https://github.com/external-secrets/external-secrets): Managed Kubernetes secrets using [1Password Connect](https://github.com/1Password/connect).
- [flux](https://toolkit.fluxcd.io/) - GitOps tool for deploying manifests from the `cluster` directory
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx): Kubernetes ingress controller using NGINX as a reverse proxy and load balancer.
- [k8s_gateway](https://github.com/ori-edge/k8s_gateway) - DNS resolver for all types of external Kubernetes resources
- [kube-vip](https://kube-vip.io) - layer 2 load balancer for the Kubernetes control plane
- [longhorn](https://longhorn.com) - storage class provider for data persistence (yeah I'm giving longhorn second chance)
- [reflector](https://github.com/emberstack/kubernetes-reflector) - mirror configmaps or secrets to other Kubernetes namespaces
- [reloader](https://github.com/stakater/Reloader) - restart pods when Kubernetes `configmap` or `secret` changes
- [sops](https://github.com/getsops/sops): Managed secrets for Kubernetes which are commited to Git.
- [spegel](https://github.com/spegel-org/spegel): Stateless cluster local OCI registry mirror.
- [system-upgrade-controller](https://github.com/rancher/system-upgrade-controller) - upgrade k3s
### ☸ GitOps
[Flux](https://github.com/fluxcd/flux2) watches my [kubernetes](./kubernetes) folder (see Directories below) and makes the changes to my cluster based on the YAML manifests.
The way Flux works for me here is it will recursively search the [kubernetes/apps](./kubernetes/apps) folder until it finds the most top level `kustomization.yaml` per directory and then apply all the resources listed in it. That aforementioned `kustomization.yaml` will generally only have a namespace resource and one or many Flux kustomizations. Those Flux kustomizations will generally have a `HelmRelease` or other resources related to the application underneath it which will be applied.
[Renovate](https://github.com/renovatebot/renovate) watches my **entire** repository looking for dependency updates, when they are found a PR is automatically created. When some PRs are merged [Flux](https://github.com/fluxcd/flux2) applies the changes to my cluster.
### Directories
This Git repository contains the following directories under [kubernetes](./kubernetes).
```sh
📁 kubernetes # Kubernetes cluster defined as code
├─📁 bootstrap # Flux installation
├─📁 flux # Main Flux configuration of repository
└─📁 apps # Apps deployed into my cluster grouped by namespace (see below)
```
### :file_cabinet: Hardware
My homelab runs on the following hardware (all k8s nodes are running on ubuntu 20.04):
| Device | OS Disk Size | Data Disk Size | Ram | Purpose |
|------------------------|------------------|----------------|------|---------------------------------|
| Udoo Bolt V8 AMD Ryzen | 250GB NVMe | N/A | 32GB | k3s node |
| Intel NUC | 250GB NVMe | 1TB HDD | 32GB | k3s node |
| AMD GPU Server | 250GB NVMe | 1TB SSD | 32GB | k3s node with Nvidia GPU |
| TRUENAS | ZFS raidz 1 40TB | 4x10TB HDD | 32GB | Storage |
| Unifi UDM Pro | SSD 14GB | HDD 1TB | 4GB | Router and security Gateway |
| Unifi Switch 16 PoE | N/A | N/A | N/A | Switch with 802.3at PoE+ ports |
| Database Server| 20GB |N/A | 2GB | Database for k3s cluster instead of etcd |
| Offsite Machine | 60 GB | 8TB | 8GB | for backups and offsite storage |
### 📰 Blog post
Feel free to checkout my blog [axell.dev](https://axell.dev) which is also [open source](https://github.com/axeII/my-blog)!
I also have made a blog post about HW, what were my choices... which ones were good and which ones were bad. [Click here](https://axell.dev/favorite/my-home-lab/).
## 🤝 Gratitude and Thanks
I am proud to be a member of the home operations (previously k8s-at-home) community! I received a lot of help and inspiration for my Kubernetes cluster from this community which helped a lot. Thanks! :heart:
If you are interested in running your own k8s cluster at home, I highly recommend you to check out the [k8s-at-home](https://k8s-at-home.com) website.
Be sure to check out [kubesearch.dev](https://kubesearch.dev) for ideas on how to deploy applications or get ideas on what you may deploy.
## 🔏 License
See [LICENSE](./LICENSE).