Introduction

The Artemis Cluster! :octocat:

... where YAML is law, Renovate never sleeps, and 2am is just debugging hours.

📖 Overview

This repository manages my homelab Kubernetes cluster built on TalosOS, following Infrastructure as Code (IaC) and GitOps practices. The setup consists of three bare-metal control plane nodes and three VM workers (including one GPU worker), with all configurations version-controlled and automatically deployed via FluxCD.

I didn't start from a cluster template — this was built from the ground up, learning as I went. Over time I've gradually aligned the structure and conventions with what the Home Operations community has collectively settled on, borrowing ideas and patterns from repos I admire rather than forking from any single starting point.

⛵ Kubernetes

Components Explained

The cluster is organized into logical namespaces for maintainability and separation of concerns:

kube-system: The foundation layer — cluster networking (Cilium), core DNS (CoreDNS), multi-network (Multus), GPU support (intel-gpu-resource-driver), and cluster utilities (reloader, reflector, descheduler, spegel).
network: Ingress via Envoy Gateway, DNS automation via ExternalDNS (Cloudflare + UniFi), and Cloudflare Tunnel.
cert-manager: Automated TLS certificates via Let's Encrypt.
observability: Full monitoring stack — Prometheus, Grafana, Victoria Logs, Fluent Bit, Gatus, Kromgo, KEDA, and UniFi Poller.
rook-ceph / openebs-system / volsync-system: Block storage, local storage, and PVC backup/restore.
home-automation: Home Assistant, Frigate, ESPHome, Zigbee2MQTT, Mosquitto, Matter Server, Homebridge, Node-RED.
media: Full arr stack, Jellyfin, download clients, and supporting tooling.
external-secrets: Secrets from 1Password Connect, plus age-encrypted bootstrap secrets.

Directories

This Git repository contains the following directories under Kubernetes.

📁 kubernetes
├── 📁 apps
│   ├── 📁 actions-runner-system  # Self-hosted GitHub runners
│   ├── 📁 cert-manager           # TLS certificate management
│   ├── 📁 external-endpoints     # ExternalName services for off-cluster resources
│   ├── 📁 external-secrets       # 1Password Connect secrets provider
│   ├── 📁 flux-system            # Flux Operator + FluxInstance
│   ├── 📁 home-automation        # Home Assistant, Frigate, ESPHome, Zigbee, etc.
│   ├── 📁 kube-system            # Cilium, CoreDNS, Multus, GPU driver, utilities
│   ├── 📁 media                  # Arr stack, Jellyfin, download clients
│   ├── 📁 network                # Envoy Gateway, ExternalDNS, Cloudflare Tunnel
│   ├── 📁 observability          # Prometheus, Grafana, Victoria Logs, Gatus, Kromgo
│   ├── 📁 openebs-system         # Local storage provisioner
│   ├── 📁 rook-ceph              # Distributed block storage
│   ├── 📁 system-upgrade         # Tuppr (Talos/K8s automated upgrades)
│   └── 📁 volsync-system         # PVC backup/restore (Kopia)
├── 📁 components     # Reusable Kustomize components
└── 📁 flux           # Flux sync entrypoint → kubernetes/apps

🔧 Hardware

Device	Count	Disk	RAM	OS	Purpose
Lenovo M710q (`talos-cp-01/02/03`)	3	256GB NVMe (boot) + 256GB SATA SSD (Ceph OSD)	16GB	Talos Linux	Kubernetes Control Plane
Proxmox VM on `pantheon` (`talos-w-01/02`)	2	Virtualized	32GB	Talos Linux	Kubernetes Worker
Proxmox VM on `pantheon` (`talos-gpu-01`)	1	Virtualized	32GB	Talos Linux	Kubernetes GPU Worker (ASRock Arc A380 6GB passthrough)
HPE ML150 G9 (`pantheon`)	1	T-FORCE 1TB SSD	192GB	Proxmox	Virtualization Host
Supermicro (`atlas`)	1	3× RAIDZ2 6-wide (~41TB usable)	94.3GB ECC	TrueNAS SCALE	NAS / Media Storage

🌐 Networking

Device	Role
UniFi Cloud Gateway Max	WAN/NAT, L3 gateway, DHCP, BGP (FRR), DNS, UniFi controller
Mikrotik CRS309-1G-8S+	L2 switch only — downstream of UCG-Max on VLAN 1099 (LAB)
UniFi US-48 PoE 500W	L2 switch (upstream: UCG-Max)
UniFi US-16 PoE 150W	L2 switch (upstream: US-48)

Kubernetes nodes run on VLAN 1099 (LAB, 10.10.99.0/24). Home-automation pods attach a secondary interface to VLAN 1152 (IOT, 10.10.152.0/24) via Multus for direct device access (Frigate, Home Assistant, Zigbee2MQTT).

BGP peers between UCG-Max (AS 64533) and all six Talos nodes distribute LoadBalancer service IPs into the LAB routing table.

🤝 Acknowledgments

A huge thanks to the following people whose work has been an invaluable reference:

onedr0p/home-ops
bjw-s-labs/home-ops
joryirving/home-ops
Christian Lempa — whose YouTube content helped demystify a lot of the early infrastructure concepts
TechnoTim — for countless practical homelab guides that made the learning curve far less steep

And to the broader Home Operations Discord community — thanks to everyone openly sharing their setups and knowledge.

📝 License

This repository is available under the WTFPL License. See LICENSE for details.

Artemis Cluster Docs