https://github.com/pando85/homelab

Small and energy-efficient self-hosting infrastructure.
https://github.com/pando85/homelab

argocd gitops home-cloud home-cluster homelab k3d k3s k8s-at-home kanidm zfs

Last synced: about 2 months ago
JSON representation

Small and energy-efficient self-hosting infrastructure.

• Host: GitHub
• URL: https://github.com/pando85/homelab
• Owner: pando85
• License: gpl-3.0
• Created: 2022-06-18T11:01:48.000Z (almost 3 years ago)
• Default Branch: master
• Last Pushed: 2024-04-13T09:33:21.000Z (about 1 year ago)
• Last Synced: 2024-04-14T01:06:32.521Z (about 1 year ago)
• Topics: argocd, gitops, home-cloud, home-cluster, homelab, k3d, k3s, k8s-at-home, kanidm, zfs
• Language: Python
• Homepage: https://pando85.github.io/homelab/
• Size: 6.14 MB
• Stars: 19
• Watchers: 2
• Forks: 5
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

        
# Pando85's Homelab

[![document](https://img.shields.io/website?label=document&logo=gitbook&logoColor=white&style=flat-square&url=https%3A%2F%2Fpando85.github.io%2Fhomelab%2F)](https://pando85.github.io/homelab/)

[![license](https://img.shields.io/github/license/pando85/homelab?style=flat-square&logo=gnu&logoColor=white)](https://www.gnu.org/licenses/gpl-3.0.html)

This project utilizes [Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_code)

and [GitOps](https://www.weave.works/technologies/gitops) to automate provisioning, operating, and

updating self-hosted services in my homelab. Based in [K3s](https://k3s.io/),

[ArgoCD](https://argo-cd.readthedocs.io/en/stable/),

[Renovate](https://github.com/renovatebot/renovate) and ZFS. It can be used as a highly customizable

framework to build your own homelab.

> **What is a homelab?**

>

> Homelab is a laboratory at home where you can self-host, experiment with new technologies,

> practice for certifications, and so on. For more information about homelab in general, see the

> [r/homelab introduction](https://www.reddit.com/r/homelab/wiki/introduction).

## 📖 Overview

This section provides a high level overview of the project. For further information, please see the

[documentation](https://pando85.github.io/homelab/).

## ⛵ Kubernetes

This repo is focused in maintain in a GitOps practical way my home infrastructure.

[Ansible](https://www.ansible.com/) is used to deploy a simple [K3s](https://k3s.io/) cluster.

Managed by [ArgoCD](https://argo-cd.readthedocs.io/en/stable/).

### Installation

The cluster is running on [Debian](https://www.debian.org/) based distributions, deployed on

bare-metal. We use custom Ansible playbooks and roles to setup the Kubernetes cluster.

### Core components

- [external-secrets](https://github.com/external-secrets/external-secrets): External Secrets

  Operator reads information from a Vault and automatically injects the values as Kubernetes

  Secrets.

- [hashicorp/vault](https://www.vaultproject.io): A tool for secrets management, encryption as a

  service, and privileged access management.

- [kubernetes-sigs/external-dns](https://github.com/kubernetes-sigs/external-dns): Automatically

  manages DNS records from my cluster in a cloud DNS provider.

- [jetstack/cert-manager](https://cert-manager.io/docs/): Creates SSL certificates for services in

  my Kubernetes cluster.

- [kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx/): Ingress controller to

  expose HTTP traffic to pods over DNS.

- [openebs/zfs-localpv](https://github.com/openebs/zfs-localpv): CSI Driver for dynamic

  provisioning of Persistent Local Volumes for Kubernetes using ZFS.

- [kanidm](https://kanidm.com/): A simple, secure and fast identity management platform.

- [velero](https://velero.io/): Tool to safely backup and restore, perform disaster recovery,

  and migrate Kubernetes cluster resources and persistent volumes.

## 🔧 Hardware

| Hostname         | Device                              | Count | OS Disk Size | Data Disk Size                      | Ram  | Operating System | Purpose    |

| ---------------- | ----------------------------------- | ----- | ------------ | ----------------------------------- | ---- | ---------------- | ---------- |

| grigri           | Supermicro Atom C2758 (A1SRi-2758F) | 1     | 250GB SSD    | 3\*4TB + 500GB (NVMe) RAIDZ + cache | 32GB | Ubuntu 22.04     | K3s server |

| prusik\*         | Ryzen 9 7950X (ASUS PRIME X670-P)   | 1     | 512GB        | 4\*12TB + 2TB (NVMe) RAIDZ + cache  | 64GB | Ubuntu 24.04     | k3s agent  |

| k8s-odroid-hc4-3 | Odroid-hc4                          | 1     | N/A          | N/A                                 | 4GB  | Armbian          | K3s agent  |

| prusik-ipmi      | Raspberry Pi 4 Model B Rev 1.5      | 1     | 16GB         | N/A                                 | 4GB  | PiKVM            | ipmi       |

| pfsense          | PC Engines APU2e4                   | 1     | 60GB         | N/A                                 | 4GB  | pfSense/FreeBSD  | Router     |

| gs724t           | Netgear gs724t                      | 1     | N/A          | N/A                                 | N/A  | N/A              | Switch     |

| cerezo           | Unifi UAP                           | 1     | N/A          | N/A                                 | N/A  | N/A              | AP         |

| manzano          | Unifi UAP                           | 1     | N/A          | N/A                                 | N/A  | N/A              | AP         |

\* with Nvidia GeForce GTX 1060 3GB

### Images



## ⭐ Features

- [x] Common applications: Jellyfin, Gitea, arr, Nextcloud...

- [x] Automated Kubernetes installation and management

- [x] Installing and managing applications using GitOps

- [x] Automatic rolling upgrade for OS and Kubernetes

- [x] Automatically update apps (with approval if needed)

- [x] Modular architecture, easy to add or remove features/components

- [x] Automated certificate management

- [x] Automatically update DNS records for exposed services

- [x] Monitoring and alerting

- [x] Single sign-on

- [x] Automated backups

## 🌐 DNS

[ExternalDNS](https://github.com/kubernetes-sigs/external-dns) is deployed in the cluster and

configured to sync DNS records to [Cloudflare](https://www.cloudflare.com/).

All connections outside the cluster are handled with TLS using

[cert-manager](https://cert-manager.io/) with [Let's Encrypt](https://letsencrypt.org/).

### Load Balancer

[Cilium](https://cilium.io/) is configured with BGP control plane, both on my router and within the

Kubernetes cluster.

### Ingress Controllers

For external access, port forwarding is configured for ports `80` and `443`, directing traffic to

the load balancer IP of the Kubernetes ingress controller.

There are also another ingress controller for internal use.

### Internal DNS

`internal.grigri.cloud` domain is used. Configured as:

```yaml

annotations:

  cert-manager.io/cluster-issuer: letsencrypt-prod-dns

  external-dns.alpha.kubernetes.io/enabled: "true"

```

### External DNS

`grigri.cloud` domain is used. Configured as:

```yaml

annotations:

  cert-manager.io/cluster-issuer: letsencrypt-prod-dns

  external-dns.alpha.kubernetes.io/enabled: "true"

  external-dns.alpha.kubernetes.io/target: grigri.cloud

```

## 🤝 Thanks

Thanks to all folks who donate their time to the [Kubernetes @Home](https://github.com/k8s-at-home/)

community. A lot of inspiration for my cluster came from those that have shared their clusters over

at [awesome-home-kubernetes](https://github.com/k8s-at-home/awesome-home-kubernetes).