Introduction

The Artemis Cluster! :octocat:

... managed with Flux, Renovate, and GitHub Actions 🤖

📖 Overview

This repository manages my homelab Kubernetes cluster built on TalosOS, following Infrastructure as Code (IaC) and GitOps practices. The setup consists of three bare-metal control plane nodes and two VM workers, with all configurations version-controlled and automatically deployed via FluxCD.

⛵ Kubernetes

Layers Explained

The cluster is organized into three distinct layers for maintainability and clear separation of concerns:

• Infrastructure: The foundation layer that handles cluster networking (Cilium), core DNS (CoreDNS), and persistent storage (democratic-csi with TrueNAS). This ensures the cluster itself stays healthy and reachable.

• Platform: The middle layer with shared services that support workloads, including cert-manager for SSL certificates, external-dns for DNS automation, and external-secrets for syncing secrets from Bitwarden Secrets Manager. These tools make running applications smoother and more secure.

• Apps: The actual workloads—media servers, home automation, developer tools, databases, and more. Each application lives in its own directory, typically managed with HelmReleases or Kustomizations.

Core Components

• actions-runner-controller: Self-hosted Github runners for CI/CD.
• cert-manager: Automated SSL certificate management.
• cilium: eBPF-based container networking (CNI).
• democratic-csi: TrueNAS iSCSI integration for persistent storage.
• external-dns: Automatic DNS record synchronization.
• external-secrets: Kubernetes secrets managed via Bitwarden Secrets Manager.
• sops: Encrypted secrets stored in Git.

Directories

This Git repository contains the following directories under Kubernetes.

📁 kubernetes
├── 📁 main
│   ├── 📁 apps           # applications
│   ├── 📁 bootstrap      # bootstrap procedures
│   ├── 📁 flux           # core flux configuration
│   ├── 📁 infrastructure # infrastructure layer (networking, storage)
│   └── 📁 platform       # platform layer (certs, secrets, dns)
└── 📁 templates          # reusable templates

How It Works

1. Make changes to manifests in this repository—no manual edits on nodes.
2. FluxCD automatically syncs the cluster state with Git.
3. Infrastructure deploys first, then platform services, then applications.
4. If a rebuild is needed, redeploy TalosOS and point Flux at this repo—everything returns as configured.

🤝 Acknowledgments

This project is heavily inspired by the onedr0p/home-ops repository and the amazing Home Operations Discord community. Thanks to everyone sharing their setups and knowledge!

📝 License

This repository is available under the MIT License. See LICENSE for details.