Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/thaum-xyz/ankhmorpork
@paulfantom's GitOps managed kube cluster running in a cupboard. Built with fancy tools :sparkles:
https://github.com/thaum-xyz/ankhmorpork
ansible cluster fluxcd jsonnet k3s-cluster kubernetes prometheus prometheus-operator
Last synced: 3 months ago
JSON representation
@paulfantom's GitOps managed kube cluster running in a cupboard. Built with fancy tools :sparkles:
- Host: GitHub
- URL: https://github.com/thaum-xyz/ankhmorpork
- Owner: thaum-xyz
- License: mit
- Created: 2020-06-02T10:54:48.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-10-23T16:41:46.000Z (3 months ago)
- Last Synced: 2024-10-23T23:23:18.662Z (3 months ago)
- Topics: ansible, cluster, fluxcd, jsonnet, k3s-cluster, kubernetes, prometheus, prometheus-operator
- Language: Jsonnet
- Homepage: https://ankhmorpork.thaum.xyz
- Size: 8.07 MB
- Stars: 77
- Watchers: 5
- Forks: 10
- Open Issues: 300
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Ankhmorpork
[](https://github.com/thaum-xyz/ankhmorpork/blob/master/LICENSE)
[](https://github.com/thaum-xyz/ankhmorpork/actions/workflows/kubescape.yml)
## 📖 Overview
This is a mono repository for [@paulfantom](https://github.com/paulfantom) home infrastructure and Kubernetes cluster.
Project utilizes [Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_code) to automate provisioning, operating, and updating self-hosted services.
## ⛵ Kubernetes
### Installation
Cluster is [k3s](https://k3s.io/) provisioned on bare-metal hosts with latest LTS Ubuntu OS using a modified version of [Ansible](https://www.ansible.com/) role [provided by k3s project](https://github.com/k3s-io/k3s-ansible).
🔸 _[Click here](./metal/) to see my Ansible playbooks and roles._
### Components
Logo
Name
Description
Jsonnet
Data templating language
GitHub Actions
CI system
Ansible
Automate bare metal provisioning and configuration
Ubuntu
Base OS for Kubernetes nodes
K3s
Lightweight distribution of Kubernetes
Kubernetes
Container-orchestration system, the backbone of this project
kured
Kubernetes Reboot Daemon
TopoLVM
Local storage based on LVM
Longhorn
Distributed block storage
Minio
S3 storage
Flux
GitOps tool built to deploy applications to Kubernetes
ExternalSecrets
Secrets and encryption management system
MetalLB
Bare metal load-balancer for Kubernetes
cert-manager
Cloud native certificate management
Cloudflare
DNS
Traefik
Kubernetes Ingress Controller
oauth2-proxy
Authentication proxy
Prometheus
Systems monitoring and alerting toolkit
Thanos
Metrics datalake
Grafana
Operational dashboards
Cloudnative-pg
Postgres Controller
Homer
Portal Site
HomeAssistant
Home Automation System
ESPhome
Microcontrollers Management
Tandoor
Cookbook
Photoprism
Photo Management
Paperless-ngx
Document Management
AND
MANY
OTHERS
### GitOps
[Flux](https://github.com/fluxcd/flux2) watches `manifests/` subdirectories in `base` and `apps` top-level directories and makes changes based on YAML manifests. Where possible YAML manifests are generated from [jsonnet](https://jsonnet.org/) code.
## 🌐 DNS
### Ingress Controller
Over WAN, I have port-forwarded ports `80` and `443` to the load balancer IP of my ingress controller that's running in my Kubernetes cluster.
### Internal DNS
[CoreDNS](https://github.com/coredns/coredns) is deployed in a cluster and provides an internal resolution of ingress addresses as well as a proxy to [NextDNS](https://nextdns.io/) used for AdBlocking.
### Dynamic DNS
My home IP can change at any given time and in order to keep my WAN IP address up to date on Cloudflare I have configured DDNS on Unifi Dream Machine Pro.
## 💽 Network Attached Storage
QNAP NAS TS-431DeU is used to manage NFS shares and backup them to B2 cloud using HBS.
## 🔧 Hardware
| Device | Count | RAM | Storage | Connectivity | Purpose |
|--------------------------|-------|-------|----------------------------------|--------------------|----------------|
| Unifi Dream Machine Pro | 1 | N/A | N/A | 8x GbE + 2xSFP+ | Router |
| Unifi US-16-PoE switch | 1 | N/A | N/A | 16x GbE + 2xSFP | Main Switch |
| QNAP TS-431DeU | 1 | 16GB | 2x240GB NVMe RAID1 + 4x3TB RAID5 | 2x 2.5GbE LACP | NAS |
| HP EliteDesk G2 800 mini | 2 | 32GB | 240GB M2 SSD + 500GB SSD | 1x GbE | K3S Node |
| DELL E5440 Laptop | 1 | 12GB | 240 SSD + 2x 120GB SSD | 1x GbE | K3S Node |
| Custom-built Server | 1 | 64GB | 240GB NVMe + 1TB SSD | 2x GbE LACP + 1GbE | K3S Node w/GPU |
## ✨ Features
Project status: **Alpha**
- [x] Common applications: Plex, Nextcloud, HomeAssistant, Ghost...
- [x] Automated Kubernetes installation and management
- [x] Monitoring and alerting
- [x] Modular architecture, easy to add or remove features/components
- [x] Automated certificate management
- [x] Installing and managing applications using GitOps
- [x] CI/CD platform
- [x] Distributed storage
- [ ] Automatically update DNS records for exposed services 🚧
- [ ] Automated bare metal provisioning with PXE boot 🚧
- [ ] Support multiple environments (dev, stag, prod) 🚧
- [ ] Automated in-cluster offsite backups 🚧
- [ ] Single sign-on 🚧
## 🤝 Contributing
Any contributions you make, either big or small, are greatly appreciated.
## 🔏 Security
If you find any security issue please ping me using one of following contact mediums:
- twitter DM (@paulfantom)
- kubernetes slack (@paulfantom)
- freenode IRC (@paulfantom)
- email ([email protected])
## 🏛️ License
Distributed under the MIT License. See [`LICENSE`](LICENSE) for more information.