GitOps state for my cluster using flux v2
Home infrastructure running: 3x Master Raspberry Pi 4GB + 3x Worker 8GB + 1x 11th Gen Intel Nuc:
- Apps:
- authelia - SSO server
- baikal - {Cal,Card}Dav server
- blocky - DNS proxy and ad-blocker
- calibre and calibre-web - Lovely E-Book library management
- maddy - Completel and modern mailserver
- flood - Pretty and mobile friendly *torrent frontend
- gitlab - Git + Everything possibly related
- home-assistant - Home Automation
- homer - Application Dashboard
- immich - Self-hosted photo and video management with state-of-the-art ML
- inspircd - IRC Server
- jellyfin - Media System
- my blog - Built with via Gitlab Runners + Buildkitd
- ntfy - Push notifications made easy
- omada-controller - TP-Link Omada Network Controller
- thelounge - IRC client
- System:
- buildkitd - Super efficient container build daemon
- flannel - Because flannel + metallb is the lightest CNI
- minilb - Ultralight DNS based load balancer
- cert-manager - Automated letsencrypt broker
- flux2 - Keep cluster in sync with this repo
- haproxytech ingress - Haproxy.org Ingress controller
- varnish - Caching reverse proxy
- vector - Log collection and aggregation
- victoria-metrics - Lighter prometheus alternative
- kube-network-policies - Official and small netpol enforcement
I use mozilla SOPS for secret encryption as it supported out of the box in Flux2. After adding a passwordless secret key to your cluster, add it to your flux-system/gotk-sync.yaml if you want to be able do decrypt secrets in the main flux-system kustomization.
I use a pre-commit hook to ensure that secrets are never pushed unencrypted. Assuming you have a .sosp.yaml the only thing you need to do is:
sops -e -i my-secret.yaml # That's it
sops my-secret.yaml # To edit it directly in your $EDITOR