... managed with Flux and Renovate, and GitHub Actions π€
Β Β
Β Β
Β Β
Β Β
This is a mono repository for my home infrastructure and Kubernetes cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using tools like Terraform, Kubernetes, FluxCD, Renovate, and GitHub Actions.
There is a template over at onedr0p/flux-cluster-template if you want to try and follow along with some of the practices I use here.
My cluster is k3s provisioned overtop bare-metal Ubuntu. This is a semi-hyper-converged cluster, workloads and block storage are sharing the same available resources on my nodes while I have a separate server with BTRFS for NFS/SMB shares, bulk file storage and backups.
- cilium: internal Kubernetes networking plugin
- cert-manager: creates SSL certificates for services in my cluster
- external-dns: automatically syncs DNS records from my cluster ingresses to a DNS provider
- ingress-nginx: ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
- sops: managed secrets for Kubernetes, Ansible, and Terraform which are committed to Git
FluxCD watches the clusters in my kubernetes folder (see Directories below) and makes the changes to my clusters based on the state of my Git repository.
The way Flux works for me here is it will recursively search the kubernetes/${cluster}/apps folder until it finds the most top level kustomization.yaml per directory and then apply all the resources listed in it. That aforementioned kustomization.yaml will generally only have a namespace resource and one or many Flux kustomizations (ks.yaml). Under the control of those Flux kustomizations there will be a HelmRelease or other resources related to the application which will be applied.
Renovate watches my entire repository looking for dependency updates, when they are found a PR is automatically created. When some PRs are merged Flux applies the changes to my cluster.
This Git repository contains the following directories under Kubernetes.
π kubernetes
βββ π apps # applications
βββ π bootstrap # bootstrap procedures
βββ π flux # core flux configuration
βββ π templates # re-useable components| Namespace | Kind | Name | Supporting Services |
|---|---|---|---|
| adguard-home | HelmRelease |
adguard-home | restic |
HelmRelease |
adguard-home-external-dns | ||
| ambient-weather-fusion | HelmRelease |
ambient-weather-fusion | |
| ascii-movie | HelmRelease |
ascii-movie | |
| authentik | HelmRelease |
authentik | postgresql, restic |
HelmRelease |
webfinger | ||
| bookstack | HelmRelease |
bookstack | mariadb, restic |
| browserless | HelmRelease |
browserless | |
| change-detection | HelmRelease |
change-detection | |
| cloudflare-ddns | HelmRelease |
cloudflare-ddns | |
| cnpg-system | HelmRelease |
cnpg | |
| domain-watch | HelmRelease |
domain-watch | |
| envoy-gateway-system | HelmRelease |
envoy-gateway | |
| esphome | HelmRelease |
esphome | restic |
| external-dns | HelmRelease |
external-dns | |
| flux-system | GitRepository |
home-ops | |
GitRepository |
home-ops-private | ||
| generic-device-plugin | HelmRelease |
generic-device-plugin | |
| geoip | HelmRelease |
geoip | valkey |
| gitea | HelmRelease |
gitea | postgresql, restic, valkey |
| hammond | HelmRelease |
hammond | |
| headscale | HelmRelease |
headplane | postgresql, restic |
HelmRelease |
headscale | ||
| healthchecks | HelmRelease |
healthchecks | postgresql, restic |
| home-assistant | HelmRelease |
home-assistant | postgresql, restic |
HelmRelease |
piper | ||
| homepage | HelmRelease |
homepage | |
| immich | HelmRelease |
immich | postgresql, restic, valkey |
| intel-gpu-plugin | GitRepository |
intel-gpu-plugin | |
| karakeep | HelmRelease |
karakeep | meilisearch, restic |
| kromgo | HelmRelease |
kromgo | |
| kube-system | HelmRelease |
cilium | |
HelmRelease |
kube-vip | ||
HelmRelease |
metrics-server | ||
GitRepository |
multus | ||
| lidarr | HelmRelease |
lidarr | |
| linx | HelmRelease |
linx | |
| longhorn-system | HelmRelease |
longhorn | |
| matrimony | HelmRelease |
matrimony | restic |
| mattermost | HelmRelease |
mattermost | postgresql, restic |
| memos | HelmRelease |
memos | postgresql, restic |
| metallb-system | HelmRelease |
metallb | |
| minecraft | HelmRelease |
minecraft | restic |
| miniflux | HelmRelease |
miniflux | postgresql, restic |
| minio | HelmRelease |
minio | restic |
| monica | HelmRelease |
monica | mariadb, restic |
| mosquitto | HelmRelease |
mosquitto | |
| nfs-provisioner | HelmRelease |
nfs-subdir-external-provisioner | |
| nightscout | HelmRelease |
nightscout | mongodb, restic |
HelmRelease |
trmnl | ||
| node-feature-discovery | HelmRelease |
node-feature-discovery | |
| nvidia-device-plugin | HelmRelease |
nvidia-device-plugin | |
| obico | HelmRelease |
obico | restic, valkey |
| open-webui | HelmRelease |
open-webui | postgresql, restic |
| paperless-ngx | HelmRelease |
paperless-ngx | postgresql, restic, valkey |
| plausible | HelmRelease |
plausible | clickhouse, postgresql |
| plex | HelmRelease |
plex | restic |
| prometheus | HelmRelease |
kube-prometheus-stack | restic |
HelmRelease |
nut-exporter | ||
HelmRelease |
wiim-exporter | ||
| prowlarr | HelmRelease |
prowlarr | restic |
| qbittorrent | HelmRelease |
qbittorrent | restic |
| radarr | HelmRelease |
radarr | restic |
| relax-sounds | HelmRelease |
relax-sounds | restic, valkey |
| renovate | HelmRelease |
renovate | postgresql, valkey |
HelmRelease |
renovate-exporter | ||
| scanservjs | HelmRelease |
scanservjs | |
| searxng | HelmRelease |
searxng | |
| seerr | HelmRelease |
seerr | restic |
| shlink | HelmRelease |
shlink | postgresql, restic |
| sonarr | HelmRelease |
sonarr | restic |
| stable-diffusion | HelmRelease |
stable-diffusion-webui | |
| system-upgrade | GitRepository |
system-upgrade-controller | |
| tailscale | HelmRelease |
tailscale-operator | |
| tandoor | HelmRelease |
tandoor | postgresql, restic |
| tautulli | HelmRelease |
tautulli | restic |
| tools | HelmRelease |
cyberchef | |
HelmRelease |
it-tools | ||
| transsmute | HelmRelease |
transsmute | |
| tronbyt | HelmRelease |
ics-calendar-tidbyt | postgresql, restic, valkey |
HelmRelease |
tronbyt | ||
| uptime-kuma | HelmRelease |
uptime-kuma | mariadb, restic |
| vaultwarden | HelmRelease |
vaultwarden | postgresql, restic |
| vikunja | HelmRelease |
vikunja | postgresql, restic, valkey |
| watch-your-lan | HelmRelease |
watch-your-lan | postgresql |
| webos-dev-mode | HelmRelease |
extend | |
| your-spotify | HelmRelease |
your-spotify | mongodb, restic |
| youtube | HelmRelease |
castsponsorskip | |
HelmRelease |
isponsorblocktv | ||
| zigbee2mqtt | HelmRelease |
zigbee2mqtt | restic |
| zwave-js-ui | HelmRelease |
zwave-js-ui | restic |
| Namespace | Kind | Name | Supporting Services |
|---|---|---|---|
| cert-manager | HelmRelease |
cert-manager | |
| reflector | HelmRelease |
reflector | |
| reloader | HelmRelease |
reloader |
| Namespace | Kind | Name | Supporting Services |
|---|---|---|---|
| ascii-movie | HelmRelease |
ascii-movie | |
| external-dns | HelmRelease |
external-dns | |
| flux-system | GitRepository |
home-ops | |
GitRepository |
home-ops-private | ||
| ingress-nginx | HelmRelease |
ingress-nginx | |
| portfolio | HelmRelease |
portfolio | restic |
| prometheus | HelmRelease |
kube-prometheus-stack |
![@gabe565-renovate[bot]](https://avatars.githubusercontent.com/in/797042?s=64&v=4){kind=small}
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}