This is the source repository for my homelab Kubernetes infrastructure built from repurposed HP ProDesk 600 G3 Desktop Mini PCs. The cluster runs Talos Linux, a minimal and immutable operating system designed exclusively for Kubernetes. The purpose of this project is to both gain useful experience with Kubernetes, but also to build a platform for providing legitimate production-quality applications and services in my home.
The project is organized into different "stacks" of components based on their function in the cluster.
System stack components are fundamental to the cluster delivering core functionality including networking and persistent storage to applications.
infrastructure/crds- Various CRDs used by controllers in the clusterinfrastructure/controllers/argocd- Continuous delivery of this repository using Argo CDinfrastructure/controllers/cert-manager- Manages PKI certificate issuance in the cluster with the cert-manager controllerinfrastructure/controllers/cilium- Cilium Container Network Interface (CNI) plugin handling all networking including access from outside the cluster using BGP.infrastructure/controllers/cloudflare-gateway- Cloudflare Gateway for Cloudflare tunnels via cloudflared and the Gateway API.infrastructure/controllers/cnpg- CloudNativePG operator for PostgreSQL databasesinfrastructure/controllers/crossplane- Crossplane control plane for managing non-Kubernetes resourcesinfrastructure/controllers/csi-snapshotter- CSI Snapshotter component to implement volume snapshots.infrastructure/controllers/envoy-gateway- Envoy Gateway for handling ingress connections into the cluster via the Gateway API.infrastructure/controllers/external-secrets- External Secrets Operator for secrets managementinfrastructure/controllers/kyverno- Kyverno Kubernetes policy engineinfrastructure/controllers/local-path-provisioner- Local Path Provisioner for simplePersistentVolumeClaimsupport in developmentinfrastructure/controllers/mariadb-operator- MariaDB Operator for MariaDB databases.infrastructure/controllers/piraeus-operator- Container Storage Interface (CSI) plugin and operator for LINSTORinfrastructure/controllers/sealed-secrets- Sealed Secrets controller to safely encrypt and store secrets in source controlinfrastructure/controllers/trust-manager- Provides ability to create CA bundles for trusting local authorities with the trust-manager controllerinfrastructure/controllers/velero- Velero for Kubernetes resource and persistent volume backupsinfrastructure/configs- Configuration of controllers specific to the cluster
Platform stack components are services which are used by applications or provide some global utility to the services providing them.
platform/idp- Keycloak for identity and access management (IAM)platform/monitoring- Kubernetes monitoring platform with the Prometheus operator
Application stack components provide usable functionality to end users and rely on components in the platform and system stacks.
apps/actual- Actual Budget personal finance application practicing the envelope budgeting method.apps/ezxss- ezXSS platform for testing for XSS vulnerabilities, particularly useful for blind XSS injections.apps/paperless-ngx- Paperless-ngx document management system
Secrets in this repository not managed by Sealed Secrets are encrypted with SOPS and applied via Kustomize with the SOPS KRM function. These secrets are only used for bootstrapping.