👋 Welcome to my Home Operations repository. This is a mono repository for my home infrastructure and Kubernetes cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using tools like Ansible, Terraform, Kubernetes, Flux, Renovate and GitHub Actions.
If you like this project, please consider supporting the work of onedr0p and bjw-s.
My Kubernetes cluster is deployed with Talos. This is a semi-hyper-converged cluster, workloads and block storage are sharing the same available resources on my nodes while I have a separate server with for NFS shares, bulk file storage and backups.
- actions-runner-controller: Self-hosted Github runners using Renovate.
- cert-manager: Creates SSL certificates for services in my cluster.
- cilium: Kubernetes CNI.
- cloudflared: Enables Cloudflare secure access to my routes.
- external-dns: Automatically syncs ingress DNS records to a DNS provider.
- external-secrets: Managed Kubernetes secrets using aKeyless.
- k8s-gateway: CoreDNS plugin to support internal ingress records.
- nginx: Ingress controller and reverse proxy.
- openebs: CNI for ephemeral local storage.
- rook: Distributed block storage for peristent storage.
- sops: Managed secrets for Kubernetes which are commited to Git.
- spegel: Stateless cluster local OCI registry mirror.
- system-upgrade-controller: Automatic Kubernetes and Talos upgrades.
- volsync: Backup and recovery of persistent volume claims.
- alertmanager: Handles processing and sending alerts.
- blackbox-exporter: Probe external endpoint ports for success/failure.
- fluent-bit: Log processor.
- gatus: High level status dashboard.
- grafana: Data visualization platform.
- karma: Alertmanager dashboard, based on Cloudflare's unsee.
- keda: Autoscales containers on events (i.e. blackbox reports NFS share is down).
- kromgo: Expose prometheus metrics "safely" to GitHub.
- silence-operator: Manages Alertmanager silences via custom resources.
- VictoriaLogs: Database for logs.
- VictoriaMetrics: Time series database, drop-in replacement for Prometheus.
- aKeyless: Managing secrets via external-secrets.
- Cloudflare: Tunnels for exposing services and DNS provider.
- Cloudinary: Image hosting for plex newsletter posters.
- Backblaze B2: Daily backups from volsync and cnpg.
- Amazon SES: Sending system emails.
- Pushover: Sending push notifications to mobile.
This cluster comes from the people who have shared their clusters using the k8s-at-home GitHub topic. Be sure to check out the awesome Kubesearch tool for ideas on how to deploy applications or get ideas on what you can deploy.
There is a template over at onedr0p/cluster-template if you want to try and follow along with some of the practices I use here.
See LICENSE