osnabrugge / home-ops

My home operations repository

... managed with Flux, Renovate and GitHub Actions 🤖

This repo is the sources of truth for a semi-hyperconverged k3s cluster that I maintain at home. To best of my ability, I've tried to document the cluster's configuration and the tools I use to manage it. I hope that it can serve as a reference for others who are interested in building their own cluster.

• Authentication
  • authelia provides single-sign-on and multifactor authentication
  • cert-manager requests and manages SSL certificates, both self-signed and from let's encrypt
  • external-secrets provides secret management using:
    • azure workload identity delegates token issuance to this cluster
    • azure keyvault is the storage backend for secrets
• Networking
  • cilium CNI providing networking between pods, services and provides L2 loadbalancing
  • ingress-nginx for reverse proxy ingress and loadbalancing
  • multus enables pods to access seperate VLANs & physical networks using:
    • sr-iov plugin attach pods to sr-iov capable interfaces & applicable VFs
    • whereabouts to ensure consistent IP addressing across physical nodes
• Storage
  • local-path-provisioner provides ephemeral storage for pods
  • rook-ceph manages a ceph cluster that provides replicated persistent storage
  • azure blob storage cold storage for backups and volume snapshots
• Cluster Management
  • actions-runner-controller runs GitHub Actions as self-hosted runners on this cluster
  • flux GitOps operator that keeps this cluster in sync with this repository
• DNS Management
  • external-dns publishes DNS records and automates split-horizon DNS between:
    • cloudflare for explicitly annotated ingress objects
    • pi-hole for all servies and ingress objects
• Backup
  • volsync and snapscheduler enable restic backup and recovery of persistent volume claims to

A lot of inspiration for my cluster came from the members of the Home Operations Discord community. They are responsible for these great resources:

• Flux Cluster Template is a community driven template that provides a great starting point for anyone who has limited knowledge of Kubernetes and GitOps
• Kubsearch.dev is a search engine for apps deployed across the community's clusters. It's a great way to find inspiration or solve challenges for your own cluster

Specifc thanks to the following members for their contributions and where I drew inspiration from:

• angelnu/k8s-gitops
• billimek/k8s-gitops
• bjw-s/k8s-gitops
• carpenike/k8s-gitops
• onedr0p/home-ops