My Personal Kubernetes GitOps Repository
... managed with Flux, Renovate and GitHub Actions
This educational project is designed to provide a hands-on learning experience for mastering Kubernetes cluster configurations and best practices. The repository showcases a declarative implementation of a Kubernetes cluster, following GitOps principles that can be utilized with a variety of tools and workflows.
The main goal of this project is to demonstrate best practices for implementing enterprise-grade security, observability, and comprehensive cluster configuration management using GitOps in a Kubernetes environment, while fostering learning and growth in the Kubernetes community.
This repository leverages a range of cutting-edge open-source tools and platforms, forming a comprehensive technology stack that demonstrates the power of the CNCF ecosystem.
In order to effectively utilize this repository, it is important to have the following tools set up in your environment.
- Kubernetes cluster
- Flux installed
- Kustomize installed
- Taskfile installed
- Set up the necessary environment variables:
export GITHUB_TOKEN=<your-token>
export GITHUB_USER=<your-username>
export GITHUB_REPO=<your-repo>
export CLUSTER=<target-cluster>- Verify that your cluster satisfies the prerequisites:
flux check --pre- Run the bootstrap command to install Flux and deploy into the cluster:
task cluster CLUSTER_NAME=cluster-1Note: Many variables in the cluster depend on your specific configuration and should be modified accordingly. Be sure to review and adjust these variables as needed to match your environment and requirements.
| Device | Description | Quantity | CPU | RAM | Architecture | Operating System | Notes |
|---|---|---|---|---|---|---|---|
| Protectli FW6E | Router | 1 | 4 Cores | 16GB RAM | AMD64 | VyOs | |
| Protectli VP2410 | Kubernetes Control Plane | 3 | 4 Cores | 8GB RAM | AMD64 | Talos Linux | |
| Protectli FW2B | Kubernetes Node(s) | 3 | 2 Cores | 8GB RAM | AMD64 | Talos Linux | |
| Raspberry Pi 4 Model B | Kubernetes Node(s) | 4 | 4 Cores | 8GB RAM | ARM64 | Talos Linux | |
| Rock Pi 4 Model C | Kubernetes Node(s) | 6 | 4 Cores | 4GB RAM | ARM64 | Talos Linux |
Although I manage most of my infrastructure and workloads on my own, there are specific components of my setup that rely on cloud services.
| Service | Description | Cost (AUD) |
|---|---|---|
| Cloudflare | I use Cloudflare in my home network for DNS management and to secure my domain with Cloudflare's services. | ~$69/yr |
| GCP | I use Google Cloud Platform (GCP) to manage backups using Google Cloud Storage (GCS) and employ GCP's OAuth for authentication. | ~20/mo |
| GitHub | I use GitHub for code management and version control, enabling seamless collaboration in addition to OAuth for authentication | Free |
| NextDNS | I use NextDNS for malware protection and ad-blocking for a safer browsing experience. | ~$30/yr |
| UptimeRobot | I use UptimeRobot to monitor my home services for uninterrupted performance. | ~$84/yr |
| Lets Encrypt | I use Let's Encrypt to generate certificates for secure communication within my network. | Free |
| Total: ~$35/mo |
The below showcases the collection of open-source solutions currently implemented in the cluster. Each of these components has been meticulously documented, and their deployment is managed using FluxCD, which adheres to GitOps principles.
The Cloud Native Computing Foundation (CNCF) has played a crucial role in the development and popularization of many of these tools, driving the adoption of cloud-native technologies and enabling projects like this one to thrive.
| Name | Description | |
|---|---|---|
 |
Kubernetes | An open-source system for automating deployment, scaling, and management of containerized applications |
 |
FluxCD | GitOps tool for deploying applications to Kubernetes |
 |
Talos Linux | Talos Linux is Linux designed for Kubernetes |
 |
Cilium | GitOps tool for deploying applications to Kubernetes |
 |
Istio | Istio extends Kubernetes to establish a programmable, application-aware network using the powerful Envoy service proxy. |
 |
containerd | Container runtime integrated with Talos Linux |
 |
CoreDNS | A DNS server that operates via chained plugins |
 |
MetalLB | Load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols. |
 |
Prometheus | Monitoring system and time series database |
 |
Jaeger | Open-source, end-to-end distributed tracing for monitoring and troubleshooting transactions in complex distributed systems |
 |
Helm | The Kubernetes package manager |
 |
Falco | Container-native runtime security |
 |
Flagger | Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments) |
 |
Open Policy Agent | An open-source, general-purpose policy engine |
 |
Kyverno | Kubernetes Native Policy Management |
 |
Dex | An identity service that uses OpenID Connect to drive authentication for other apps |
 |
Crossplane | Manage any infrastructure your application needs directly from Kubernetes |
 |
Litmus | Chaos engineering for your Kubernetes |
 |
OpenEBS | Container-attached storage |
 |
OpenTelemetry | Making robust, portable telemetry a built in feature of cloud-native software. |
 |
Thanos | Highly available Prometheus setup with long-term storage capabilities |
 |
Cert Manager | X.509 certificate management for Kubernetes |
 |
Grafana | Analytics & monitoring solution for every database. |
 |
Loki | Horizontally-scalable, highly-available, multi-tenant log aggregation system |
 |
Velero | Backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes. |
This repository is automatically managed by Renovate. Renovate will keep all of the container images within this repository up to date automatically. It can also be configured to keep Helm chart dependencies up to date as well.
A special thank you to everyone in the Kubernetes @Home Discord community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic.
Also I extend heartfelt thanks to all CNCF contributors for their dedication and expertise, as their collective efforts have been vital in driving innovation and success within the cloud-native ecosystem.
For more ideas on deploying applications or discovering new possibilities, be sure to explore the Kubernetes @Home search search.
Our project welcomes contributions from any member of our community. To get started contributing, please see our Contributor Guide.
By participating in this project, you are expected to uphold the project's Code of Conduct. Please report any unacceptable behavior to the repository maintainer.
If you encounter any issues or would like to request new features, please create an issue on the repository's issue tracker. When reporting issues, include as much information as possible, such as error messages, logs, and steps to reproduce the issue.
Thank you for your interest in contributing to this project! Your contributions help make it better for everyone.
This repository is Apache 2.0 licensed
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot]")
![jarvis-plus-bot[bot] avatar](https://avatars.githubusercontent.com/in/235116?v=4 "jarvis-plus-bot[bot]")
![renovate-self-hosted[bot] avatar](https://avatars.githubusercontent.com/u/20387402?v=4 "renovate-self-hosted[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent