Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dc-tec/k8s-gitops

Kubernetes GitOps repository for my homelab
https://github.com/dc-tec/k8s-gitops

argocd gitops kubernetes packer talos terraform

Last synced: about 1 hour ago
JSON representation

Kubernetes GitOps repository for my homelab

Host: GitHub
URL: https://github.com/dc-tec/k8s-gitops
Owner: dc-tec
Created: 2024-03-07T21:06:58.000Z (11 months ago)
Default Branch: main
Last Pushed: 2025-01-15T14:41:55.000Z (8 days ago)
Last Synced: 2025-01-15T15:36:30.403Z (8 days ago)
Topics: argocd, gitops, kubernetes, packer, talos, terraform
Language: YAML
Homepage:
Size: 504 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 6
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # k8s-gitops

## Configuration

| cluster | platform     | OS    | control nodes | worker nodes |

| ------- | ------------ | ----- | ------------- | ------------ |

| prod    | libvirt/qemu | Talos | 3             | 3            |

The "prod" cluster is deployed using Terraform, see [cluster config](./clusters/prd/terraform/) and makes use of the Talos Kubernetes distribution. A base image is created using packer, see [packer config](./configs/packer).

For testing purposes, the "tst" cluster can be deployed using Terraform, see [cluster config](./clusters/tst/terraform/).

## Hardware

The "prod" cluster runs on a single host with the following specs:

| Component | Specification    |

| --------- | ---------------- |

| CPU       | AMD Ryzen 5 2600 |

| Memory    | 64GB DDR4        |

| Video     | RTX 2060 Super   |

| OS        | NixOS 24.11      |

## Bootstrap

The cluster is bootstrapped using a script that sets up the core components:

- Gateway API for ingress

- Sealed Secrets for secret management

- ArgoCD for GitOps deployment

See [bootstrap documentation](infra/bootstrap/README.md) for detailed setup instructions.

## Core Components

### ArgoCD

ArgoCD is configured with:

- OIDC authentication using EntraID

- Gateway API ingress

- [Custom RBAC configuration](infra/bootstrap/argocd/overlays/argocd-rbac-cm.yaml)

- Project structure for applications and infrastructure

### Secret Management

Two-tier approach to secret management:

1. Sealed Secrets

   - Used for bootstrap and initial secrets

   - Enables encrypted secrets in git

   - See [sealed-secrets configuration](infra/bootstrap/sealed-secrets/kustomization.yaml)

2. External Secrets (post-bootstrap) and HashiCorp Vault

   - Integration with Azure Key Vault

   - Used for application secrets

   - Managed by ArgoCD

## How to deploy

See [justfile](./justfile) for deployment instructions.