Homelab GitOps Repository

Video Tutorial

Watch the complete homelab setup walkthrough on YouTube.

GitOps Kubernetes cluster with ArgoCD and External Secrets Operator (ESO) using Bitwarden Secrets Manager. Bootstrap installs core services, ArgoCD handles everything else.

Architecture

This repo follows a 2-layer ApplicationSet pattern. K8s manifests and Helm values live in gitops/apps/. ApplicationSets in gitops/appsets/ generate ArgoCD Applications from those manifests. A single appsets-loader bootstraps everything. No Helm values are inlined in ArgoCD resources - all config stays in Git.

gitops/
  apps/        <- K8s manifests + values.yaml per app
  appsets/     <- ApplicationSets (apps-helm, apps-raw)
  clusters/    <- appsets-loader bootstrap

Setup

Clone the repository and ensure you have access to your Kubernetes cluster.

git clone https://github.com/decodersam/homelab && cd homelab
# Ensure kubeconfig is available (either in ~/.kube/config or ./kubeconfig)
export KUBECONFIG=./kubeconfig  # if using local kubeconfig

Bootstrap

Deploy the core infrastructure components using Terraform or OpenTofu. This sets up ArgoCD and essential operators.

Fresh install

terraform init && terraform apply

Required files

kubeconfig - Required
Bitwarden Secrets Manager credentials (configured after bootstrap)

Access

HTTPRoutes auto-generate from Service annotations. Access services at https://<service>.homelab.local.

kubectl get httproute -A  # List all routes

Operations

Common commands for managing and monitoring your GitOps deployment.

just --list              # Show all commands
just launch_argo         # Open ArgoCD UI
kubectl get app -n argocd  # Check app status

Image Updates

ArgoCD Image Updater automatically tracks and updates container images using semantic versioning.

Requirements

Application must use Kustomize or Helm source type (not Directory)
Current image tag must be semver-compliant (e.g., 1.0.0, not latest)
Tags must match the configured regex pattern

Secrets

External Secrets Operator with Bitwarden provider.

Bitwarden setup

After deployment, configure Bitwarden Secrets Manager credentials from environment:

export BITWARDEN_ORG_ID=your-org-id
export BITWARDEN_PROJECT_ID=your-project-id
export BITWARDEN_MACHINE_ACCOUNT_TOKEN=your-token
just patch-bitwarden

Troubleshooting

Quick fixes for common issues you might encounter.

Jobs disappear quickly: kube-cleanup-operator deletes after 15min
ESO not syncing: Check Bitwarden credentials and secret paths in ExternalSecrets

Name		Name	Last commit message	Last commit date
Latest commit History 654 Commits
.git-crypt		.git-crypt
.github/workflows		.github/workflows
.k8s-templates		.k8s-templates
cluster-bootstrap		cluster-bootstrap
docs		docs
gitops		gitops
k8s-node-automation		k8s-node-automation
kubespray @ e22ce15		kubespray @ e22ce15
manual-yaml		manual-yaml
scripts		scripts
.envrc.example		.envrc.example
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitmodules		.gitmodules
devbox.json		devbox.json
devbox.lock		devbox.lock
justfile		justfile
k8s-dashboard.yml		k8s-dashboard.yml
main.tf		main.tf
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Homelab GitOps Repository

Video Tutorial

Architecture

Setup

Bootstrap

Fresh install

Required files

Access

Operations

Image Updates

Requirements

Secrets

Bitwarden setup

Troubleshooting

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 5

Uh oh!

Languages

Piotr1215/homelab

Folders and files

Latest commit

History

Repository files navigation

Homelab GitOps Repository

Video Tutorial

Architecture

Setup

Bootstrap

Fresh install

Required files

Access

Operations

Image Updates

Requirements

Secrets

Bitwarden setup

Troubleshooting

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 5

Uh oh!

Languages

Packages