Introduction
📖 Overview
This repository manages my homelab Kubernetes cluster built on TalosOS, following Infrastructure as Code (IaC) and GitOps practices. The setup consists of three bare-metal control plane nodes and two VM workers, with all configurations version-controlled and automatically deployed via FluxCD.
⛵ Kubernetes
Components Explained
The cluster is organized into logical directories for maintainability and separation of concerns:
- System: The foundation layer that handles cluster networking (Cilium), core DNS (CoreDNS), and storage drivers (Rook-Ceph, NFS).
- Network: Handles ingress traffic using Envoy Gateway, DNS automation via ExternalDNS, and certificates with cert-manager.
- Observability: A complete monitoring stack including Prometheus, Grafana, and Loki to ensure the cluster stays healthy.
- Apps: The actual workloads—media servers, home automation, developer tools, and databases.
Core Stack
- actions-runner-controller: Self-hosted Github runners for CI/CD.
- cert-manager: Automated SSL certificate management.
- cilium: eBPF-based container networking (CNI).
- envoy-gateway: Next-gen Gateway API implementation.
- external-secrets: Kubernetes secrets managed via Bitwarden Secrets Manager.
- rook-ceph: Cloud-native storage orchestrator for distributed block storage.
- sops: Encrypted secrets stored in Git.
Directories
This Git repository contains the following directories under Kubernetes.
📁 kubernetes
├── 📁 apps # Applications (Home Assistant, Plex, etc.)
├── 📁 components # Reusable Kustomize overlays
├── 📁 flux # Flux system configuration
├── 📁 kube-system # Core system components (Cilium, CoreDNS)
├── 📁 network # Ingress, Gateway API, Cloudflare
├── 📁 observability # Monitoring stack (Prometheus, Grafana)
└── 📁 storage-system # Rook-Ceph, VolSync
How It Works
- Make changes to manifests in this repository—no manual edits on nodes.
- FluxCD automatically syncs the cluster state with Git.
- If a rebuild is needed, redeploy TalosOS and point Flux at this repo—everything returns as configured.
🔧 Hardware
| Device | Count | Disk Configuration | Ram | Operating System | Purpose |
|---|---|---|---|---|---|
| Lenovo M720q | 3 | 256GB SSD + 1TB NVMe | 16GB | Talos Linux | Control Plane |
| Proxmox VM (HPE ML150 G8) | 2 | Virtualized Storage | 8GB | Talos Linux | Workers |
| HPE ML150 G8 | 1 | - | 192GB | Proxmox | Virtualization Host |
| Supermicro Storage Server | 1 | 41TB Raw Capacity | - | TrueNAS | NAS / Backup Target |
🤝 Acknowledgments
This project is heavily inspired by the onedr0p/home-ops repository and the amazing Home Operations Discord community. Thanks to everyone sharing their setups and knowledge!
📝 License
This repository is available under the WTFPL License. See LICENSE for details.