Skip to content

@paulfantom's GitOps managed kube cluster running in a cupboard. Built with fancy tools ✨

License

Notifications You must be signed in to change notification settings

thaum-xyz/ankhmorpork

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Ankhmorpork

license kubescape

πŸ“– Overview

This is a mono repository for @paulfantom home infrastructure and Kubernetes cluster. Project utilizes Infrastructure as Code to automate provisioning, operating, and updating self-hosted services.

β›΅ Kubernetes

Installation

Cluster is k3s provisioned on bare-metal hosts with latest LTS Ubuntu OS using a modified version of Ansible role provided by k3s project.

πŸ”Έ Click here to see my Ansible playbooks and roles.

Components

Logo Name Description
Jsonnet Data templating language
GitHub Actions CI system
Ansible Automate bare metal provisioning and configuration
Ubuntu Base OS for Kubernetes nodes
K3s Lightweight distribution of Kubernetes
Kubernetes Container-orchestration system, the backbone of this project
kured Kubernetes Reboot Daemon
TopoLVM Local storage based on LVM
Longhorn Distributed block storage
Minio S3 storage
Flux GitOps tool built to deploy applications to Kubernetes
ExternalSecrets Secrets and encryption management system
MetalLB Bare metal load-balancer for Kubernetes
cert-manager Cloud native certificate management
Cloudflare DNS
Traefik Kubernetes Ingress Controller
oauth2-proxy Authentication proxy
Prometheus Systems monitoring and alerting toolkit
Thanos Metrics datalake
Grafana Operational dashboards
Cloudnative-pg Postgres Controller
Homer Portal Site
HomeAssistant Home Automation System
ESPhome Microcontrollers Management
Tandoor Cookbook
Photoprism Photo Management
Paperless-ngx Document Management
AND MANY OTHERS

GitOps

Flux watches manifests/ subdirectories in base and apps top-level directories and makes changes based on YAML manifests. Where possible YAML manifests are generated from jsonnet code.

🌐 DNS

Ingress Controller

Over WAN, I have port-forwarded ports 80 and 443 to the load balancer IP of my ingress controller that's running in my Kubernetes cluster.

Internal DNS

CoreDNS is deployed in a cluster and provides an internal resolution of ingress addresses as well as a proxy to NextDNS used for AdBlocking.

Dynamic DNS

My home IP can change at any given time and in order to keep my WAN IP address up to date on Cloudflare I have configured DDNS on Unifi Dream Machine Pro.

πŸ’½ Network Attached Storage

QNAP NAS TS-431DeU is used to manage NFS shares and backup them to B2 cloud using HBS.

πŸ”§ Hardware

Device Count RAM Storage Connectivity Purpose
Unifi Dream Machine Pro 1 N/A N/A 8x GbE + 2xSFP+ Router
Unifi US-16-PoE switch 1 N/A N/A 16x GbE + 2xSFP Main Switch
QNAP TS-431DeU 1 16GB 2x240GB NVMe RAID1 + 4x3TB RAID5 2x 2.5GbE LACP NAS
HP EliteDesk G2 800 mini 2 32GB 240GB M2 SSD + 500GB SSD 1x GbE K3S Node
DELL E5440 Laptop 1 12GB 240 SSD + 2x 120GB SSD 1x GbE K3S Node
Custom-built Server 1 64GB 240GB NVMe + 1TB SSD 2x GbE LACP + 1GbE K3S Node w/GPU

✨ Features

Project status: Alpha

  • Common applications: Plex, Nextcloud, HomeAssistant, Ghost...
  • Automated Kubernetes installation and management
  • Monitoring and alerting
  • Modular architecture, easy to add or remove features/components
  • Automated certificate management
  • Installing and managing applications using GitOps
  • CI/CD platform
  • Distributed storage
  • Automatically update DNS records for exposed services 🚧
  • Automated bare metal provisioning with PXE boot 🚧
  • Support multiple environments (dev, stag, prod) 🚧
  • Automated in-cluster offsite backups 🚧
  • Single sign-on 🚧

🀝 Contributing

Any contributions you make, either big or small, are greatly appreciated.

πŸ” Security

If you find any security issue please ping me using one of following contact mediums:

  • twitter DM (@paulfantom)
  • kubernetes slack (@paulfantom)
  • freenode IRC (@paulfantom)
  • email ([email protected])

πŸ›οΈ License

Distributed under the MIT License. See LICENSE for more information.