This educational project is designed to provide a hands-on learning experience for mastering Kubernetes cluster configurations and best practices. The repository showcases a declarative implementation of a Kubernetes cluster, following GitOps principles that can be utilized with a variety of tools and workflows.
The main goal of this project is to demonstrate best practices for implementing enterprise-grade security, observability, and comprehensive cluster configuration management using GitOps in a Kubernetes environment, while fostering learning and growth in the Kubernetes community.
This repository leverages a range of cutting-edge open-source tools and platforms, forming a comprehensive technology stack that demonstrates the power of the CNCF ecosystem.
| Device | Description | Quantity | CPU | RAM | Storage | Architecture | Operating System |
|---|---|---|---|---|---|---|---|
| Ubiquiti UDM-Pro-Max | Router/Gateway | 1 | - | - | 8TB | - | UniFi OS |
| Ubiquiti USW-Pro-Max-48-PoE | Network Switch | 1 | - | - | - | - | UniFi OS |
| Asus NUC 14 Pro | Kubernetes Nodes | 3 | 14 cores | 48GB | 1TB NVMe + 1TB SSD | AMD64 | Talos Linux |
| NAS | Storage | 1 | 8 cores | 16GB | 48TB | AMD64 | TrueNAS |
| JetKVM | Remote KVM | 3 | - | - | - | - | - |
Decommissioned Hardware
| Device | Description | Quantity | CPU | RAM | Storage | Architecture | Operating System |
|---|---|---|---|---|---|---|---|
| Protectli FW6E | Router | 1 | 4 Cores | 16GB | - | AMD64 | VyOs |
| Protectli VP2410 | Kubernetes Node(s) | 3 | 4 Cores | 8GB | - | AMD64 | Talos Linux |
| Protectli FW2B | Kubernetes Node(s) | 3 | 2 Cores | 8GB | - | AMD64 | Talos Linux |
| Raspberry Pi 4 Model B | Kubernetes Node(s) | 4 | 4 Cores | 8GB | - | ARM64 | Talos Linux |
| Rock Pi 4 Model C | Kubernetes Node(s) | 6 | 4 Cores | 4GB | - | ARM64 | Talos Linux |
Although I manage most of my infrastructure and workloads on my own, there are specific components of my setup that rely on cloud services.
| Service | Description | Cost (AUD) |
|---|---|---|
| Cloudflare | I use Cloudflare in my home network for DNS management and to secure my domain with Cloudflare's services. | ~$69/yr |
| GCP | I use Google Cloud Platform (GCP) to manage backups using Google Cloud Storage (GCS) and employ GCP's OAuth for authentication. | ~20/yr |
| GitHub | I use GitHub for code management and version control, enabling seamless collaboration in addition to OAuth for authentication | Free |
| Lets Encrypt | I use Let's Encrypt to generate certificates for secure communication within my network. | Free |
| Total: ~$35/mo |
The below showcases the collection of open-source solutions currently implemented in the cluster. Each of these components has been meticulously documented, and their deployment is managed using FluxCD, which adheres to GitOps principles.
The Cloud Native Computing Foundation (CNCF) has played a crucial role in the development and popularization of many of these tools, driving the adoption of cloud-native technologies and enabling projects like this one to thrive.
| Name | Description | |
|---|---|---|
 |
Kubernetes | An open-source system for automating deployment, scaling, and management of containerized applications |
 |
Talos Linux | Minimal, immutable Linux OS designed for Kubernetes |
 |
FluxCD | GitOps continuous delivery for Kubernetes |
 |
Helm | The Kubernetes package manager |
 |
Cilium | eBPF-based CNI providing networking, security, and observability |
 |
Envoy Gateway | Kubernetes Gateway API implementation built on Envoy proxy |
 |
containerd | Industry-standard container runtime integrated with Talos Linux |
 |
CoreDNS | Flexible, plugin-based DNS server for Kubernetes service discovery |
 |
Rook-Ceph | Cloud-native storage orchestration for Kubernetes using Ceph |
 |
Volsync | Asynchronous data replication for Kubernetes persistent volumes |
 |
Spegel | Stateless cluster-local OCI registry mirror |
 |
Prometheus | Monitoring system and time series database |
 |
Grafana | Analytics and monitoring dashboards |
 |
cert-manager | X.509 certificate management for Kubernetes |
 |
External Secrets | Synchronize secrets from external APIs (1Password) into Kubernetes |
 |
ExternalDNS | Automatically manage DNS records from Kubernetes resources |
 |
Dex | OpenID Connect identity provider for authentication |
 |
oauth2-proxy | Reverse proxy providing authentication with external OAuth2 providers |
 |
Cloudflare Tunnel | Secure outbound-only tunnel for exposing services without public IPs |
This repository is automatically managed by Renovate. Renovate will keep all of the container images within this repository up to date automatically. It can also be configured to keep Helm chart dependencies up to date as well.
A special thank you to everyone in the Home Operation Discord community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic.
Also I extend heartfelt thanks to all CNCF contributors for their dedication and expertise, as their collective efforts have been vital in driving innovation and success within the cloud-native ecosystem.
For more ideas on deploying applications or discovering new possibilities, be sure to explore the kubesearch.dev search.
Our project welcomes contributions from any member of our community. To get started contributing, please see our Contributor Guide.
By participating in this project, you are expected to uphold the project's Code of Conduct. Please report any unacceptable behavior to the repository maintainer.
If you encounter any issues or would like to request new features, please create an issue on the repository's issue tracker. When reporting issues, include as much information as possible, such as error messages, logs, and steps to reproduce the issue.
Thank you for your interest in contributing to this project! Your contributions help make it better for everyone.
This repository is Apache 2.0 licensed