🍼 Overview

This educational project is designed to provide a hands-on learning experience for mastering Kubernetes cluster configurations and best practices. The repository showcases a declarative implementation of a Kubernetes cluster, following GitOps principles that can be utilized with a variety of tools and workflows.

The main goal of this project is to demonstrate best practices for implementing enterprise-grade security, observability, and comprehensive cluster configuration management using GitOps in a Kubernetes environment, while fostering learning and growth in the Kubernetes community.

This repository leverages a range of cutting-edge open-source tools and platforms, forming a comprehensive technology stack that demonstrates the power of the CNCF ecosystem.

📖 Table of contents

• 🍼 Overview
  • 📖 Table of contents
  • 🔧 Hardware
  • ☁️ Cloud Services
  • 🖥️ Technology Stack
  • 🤖 Automation
  • 🤝 Acknowledgments
  • 👥 Contributing
    • 🚫 Code of Conduct
    • 💡 Reporting Issues and Requesting Features
  • 📄 License

🔧 Hardware

Device	Description	Quantity	CPU	RAM	Storage	Architecture	Operating System
Ubiquiti UDM-Pro-Max	Router/Gateway	1	-	-	8TB	-	UniFi OS
Ubiquiti USW-Pro-Max-48-PoE	Network Switch	1	-	-	-	-	UniFi OS
Asus NUC 14 Pro	Kubernetes Nodes	3	14 cores	48GB	1TB NVMe + 1TB SSD	AMD64	Talos Linux
NAS	Storage	1	8 cores	16GB	48TB	AMD64	TrueNAS
JetKVM	Remote KVM	3	-	-	-	-	-

Decommissioned Hardware

Device	Description	Quantity	CPU	RAM	Storage	Architecture	Operating System
Protectli FW6E	Router	1	4 Cores	16GB	-	AMD64	VyOs
Protectli VP2410	Kubernetes Node(s)	3	4 Cores	8GB	-	AMD64	Talos Linux
Protectli FW2B	Kubernetes Node(s)	3	2 Cores	8GB	-	AMD64	Talos Linux
Raspberry Pi 4 Model B	Kubernetes Node(s)	4	4 Cores	8GB	-	ARM64	Talos Linux
Rock Pi 4 Model C	Kubernetes Node(s)	6	4 Cores	4GB	-	ARM64	Talos Linux

☁️ Cloud Services

Although I manage most of my infrastructure and workloads on my own, there are specific components of my setup that rely on cloud services.

Service	Description	Cost (AUD)
Cloudflare	I use Cloudflare in my home network for DNS management and to secure my domain with Cloudflare's services.	~$69/yr
GCP	I use Google Cloud Platform (GCP) to manage backups using Google Cloud Storage (GCS) and employ GCP's OAuth for authentication.	~20/yr
GitHub	I use GitHub for code management and version control, enabling seamless collaboration in addition to OAuth for authentication	Free
Lets Encrypt	I use Let's Encrypt to generate certificates for secure communication within my network.	Free
		Total: ~$35/mo

🖥️ Technology Stack

The below showcases the collection of open-source solutions currently implemented in the cluster. Each of these components has been meticulously documented, and their deployment is managed using FluxCD, which adheres to GitOps principles.

The Cloud Native Computing Foundation (CNCF) has played a crucial role in the development and popularization of many of these tools, driving the adoption of cloud-native technologies and enabling projects like this one to thrive.

	Name	Description
	Kubernetes	An open-source system for automating deployment, scaling, and management of containerized applications
	Talos Linux	Minimal, immutable Linux OS designed for Kubernetes
	FluxCD	GitOps continuous delivery for Kubernetes
	Helm	The Kubernetes package manager
	Cilium	eBPF-based CNI providing networking, security, and observability
	Envoy Gateway	Kubernetes Gateway API implementation built on Envoy proxy
	containerd	Industry-standard container runtime integrated with Talos Linux
	CoreDNS	Flexible, plugin-based DNS server for Kubernetes service discovery
	Rook-Ceph	Cloud-native storage orchestration for Kubernetes using Ceph
	Volsync	Asynchronous data replication for Kubernetes persistent volumes
	Spegel	Stateless cluster-local OCI registry mirror
	Prometheus	Monitoring system and time series database
	Grafana	Analytics and monitoring dashboards
	cert-manager	X.509 certificate management for Kubernetes
	External Secrets	Synchronize secrets from external APIs (1Password) into Kubernetes
	ExternalDNS	Automatically manage DNS records from Kubernetes resources
	Dex	OpenID Connect identity provider for authentication
	oauth2-proxy	Reverse proxy providing authentication with external OAuth2 providers
	Cloudflare Tunnel	Secure outbound-only tunnel for exposing services without public IPs

🤖 Automation

This repository is automatically managed by Renovate. Renovate will keep all of the container images within this repository up to date automatically. It can also be configured to keep Helm chart dependencies up to date as well.

🤝 Acknowledgments

A special thank you to everyone in the Home Operation Discord community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic.

Also I extend heartfelt thanks to all CNCF contributors for their dedication and expertise, as their collective efforts have been vital in driving innovation and success within the cloud-native ecosystem.

For more ideas on deploying applications or discovering new possibilities, be sure to explore the kubesearch.dev search.

👥 Contributing

Our project welcomes contributions from any member of our community. To get started contributing, please see our Contributor Guide.

🚫 Code of Conduct

By participating in this project, you are expected to uphold the project's Code of Conduct. Please report any unacceptable behavior to the repository maintainer.

💡 Reporting Issues and Requesting Features

If you encounter any issues or would like to request new features, please create an issue on the repository's issue tracker. When reporting issues, include as much information as possible, such as error messages, logs, and steps to reproduce the issue.

Thank you for your interest in contributing to this project! Your contributions help make it better for everyone.

📄 License

This repository is Apache 2.0 licensed