- Lots of self-hosted services
- Flux GitOps with this repository (kubernetes directory)
- Ansible node provisioning and K3s setup (Ansible roles and playbooks)
- SOPS secrets stored in Git
- Renovate bot dependency updates
- Cloudflared HTTP tunnel
- K8s gateway for local DNS resolution to the cluster and NGINX ingress controller
- Both internal & external services with a service gateway
- OIDC authentication with LDAP
- Automatic Cloudflare DNS updates with external-dns
- Cilium container networking interface (CNI) and layer 4 loadbalancing
- CloudNative-PG with automatic failover
- kube-prometheus-stack with various Grafana dashboards
- go-task shorthand for useful commands (Taskfile and taskfiles)
I'm using Raspberry Pi 4 (x 5) but the 4 GB RAM models are hungry for more memory. Micro SD cards are insufficient for etcd's demanding read/writes, so I recommend SATA over USB 3.0. Check out this guide for compatible interfaces. I use a PicoCluster case.
Setup and usage is inspired heavily by this homelab gitops template and the k8s-at-home community. You can find similar setups with the k8s at home search. See my other homelab setups.
Looking for a simpler devops experience? Checkout my docker deployment at brettinternet/homelab.
Install dependencies and setup environment:
task initThen, provision your infrastructure:
task ansible:{init,list,ping,setup,install,status}Setup a Cloudflare Tunnel.
cloudflared tunnel login
cloudflared tunnel create clusterAdd the tunnel's credentials.json to the value in cloudflared-secret and tunnel ID to cluster-secrets.sops.yaml.
Add a Cloudflare API token with these permissions to the value in external-dns-secret.
Zone - DNS - EditAccount - Cloudflare Tunnel - Read
Verify flux can be installed. Then, push changes to remote repo and install.
task flux:{verify,install}Push latest to repo - you can use the wip.sh script for that with task wip.
task flux:reconciletask kubernetes:resourcesMost deployments in this repo use an app-template chart with these configuration options.