- MikroTik hAP ax³
- DNS via containerized AdGuard Home (yes, MikroTik routers are based af, they can run containers)
- WireGuard for secure external access
- IKEv2 IPSec tunnels to my Azure subscription
- Unifi Switch Lite 8 PoE
- Unifi AP U6 Pro PoE
- Synology DS720+
- Storage: 4x 1TB SATA SSD
- Cache: 2x 256GB NVMe M.2 SD
- RAM: 16GB
- Network: 2x 1GbE ports using LAG (link aggregation)
Talos Linux bare-metal Kubernetes cluster running on mini-desktop PCs. Cheap and simple, unlike my ex.
- 3 control plane nodes
- Dell 9020 Optiplex Micro
- CPU: Intel i7-4785T 4-core 3.2GHz 8M Cache
- RAM: Crucial 8GB DDR3 1600 CL11
- Storage
- 256GB M.2 SSD
- Crucial MX500 2TB SATA SSD
- 1 worker node
- Intel NUC10I5FNKN1
- CPU: Intel i5-10210U 4-core 4.2GHz 6M Cache
- RAM: Samsung 64GB DDR4 2666 CL19
- Storage: 256GB M.2 NVMe SSD
- Automated detailed PRs for version upgrades of Flux
HelmReleases, container image tags, & K8s.yamlresources - Configured as a GitHub app (migrate to GitHub Action cause it looks cooler?)
- automatically manage Kubernetes resources as code
- whenever
mainis updated, this GitHub Action remotely reconciles my cluster by connecting to the K8s API via Tailscale
- encrypts K8s secrets on the client with
age.key, using the age protocol, before commiting them to Git - Flux decrypts the secrets within the cluster before applying, using a Secret containing
age.key - configured via .sops.yaml & gotk-sync.yaml
- Automated HTTPS cert lifecycle using
cert-manager's ACME DNS01 Challenge Provider via Let's Encrypt with my domain emerconnelly.com
- Secured external access by exposing ingress, egress, & the K8s API to my tailnet
- Controlled via
tailscale-operator
- Cloud-based secrets manager
- Controlled via
vault-secrets-operator
- K8s web UI & resource explorer
- K8s web UI & resource explorer
- Full-stack observability (logs, traces, metrics), ~71:1 compression ratio, & a web UI for queries & dashboards
- Time-series database for collecting & alterting on application & infrastructure metrics
- Deployed via
kube-prometheus-stack
- Visualize metrics, logs, & traces from multiple sources
- Deployed via
kube-prometheus-stack
- K8s eBPF-based CNI &
kube-proxyreplacement - K8s Ingress & Gateway API controller
- K8s LoadBalancer backend via L2 Advertisments using gratuitous ARP
- Visual map & event log of the Cilium CNI
- K8s Ingress & Gateway API controller
- all
*.homelab.emerconnelly.comlinks are directed, via AdGuard Home DNS config, to the LoadBalancer service for this IngressClass- this includes both intra- & inter-cluster resources
- Deploy highly-available & fully API-compliant S3 storage tenants
- Controlled via
minio-operator
- deployed with this GitHub Action using Rust mdBook