Skip to content

A mono repository for my home infrastructure and Kubernetes cluster which adheres to Infrastructure as Code (IaC) and GitOps practices where possible

Notifications You must be signed in to change notification settings

rszamszur/home-ops

Repository files navigation

Home Lab Repository

... managed with Terraform, Bazel, ArgoCD, Renovate and GitHub Actions 🤖

homelab

📖 Overview

This is a mono repository for my home infrastructure and Kubernetes cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using the tools like Terraform, Kubernetes, Bazel, ArgoCD, Renovate and GitHub Actions.


🔧 Hardware

⛵ Kubernetes

My Kubernetes cluster is deployed with Talos on the Proxmox using the following Terraform modules:

Core Components:

GitOps Structure

Below is an explanation on how this repo is laid out. You'll notice that I use Kustomize heavily. I do this since I follow the DRY principal when it comes to YAML files.

cluster-XXX/ #1
├── bootstrap #2
│   ├── base
│   │   ├── argocd-ns.yaml
│   │   ├── kustomization.yaml
│   │   └── secrets
│   │       └── ...
│   └── overlays
│       └── default
│           └── kustomization.yaml
├── components #3
│   ├── applications
│   │   ├── ...
│   │   └── kustomization.yaml
│   ├── applicationsets
│   │   ├── core-components-appset.yaml
│   │   ├── kustomization.yaml
│   │   └── tenants-appset.yaml
│   └── argocdproj
│       ├── ...
│       └── kustomization.yaml
├── core #4
│   ├── gitops-controller
│   │   └── kustomization.yaml
│   ├── monitoring
│   │   ├── airgradient-dashboard-configmap.yaml
│   │   ├── airgradient-dashboard.json
│   │   ├── alert-manager-tls.yaml
│   │   ├── grafana-tls.yaml
│   │   ├── kube-prometheus-stack-app.yaml
│   │   ├── kustomization.yaml
│   │   ├── namespace.yaml
│   │   └── prometheus-tls.yaml
│   └── ...
└── tenants #5
    └── ...
# Directory Name Description
1. cluster-XXX This is the cluster name. This name should be unique to the specific cluster you're targeting. If you're using CAPI, this should be the name of your cluster, the output of kubectl get cluster
2. bootstrap This is where bootstrapping specifc configurations are stored. These are items that get the cluster/automation started. They are usually install manifests.

base is where are the "common" YAML would live and overlays are configurations specific to the cluster.

The kustomization.yaml file in default has cluster-XXX/components/applicationsets/ and cluster-XXX/components/argocdproj/ as a part of it's bases config.
3. components This is where specific components for the GitOps Controller lives (in this case Argo CD).

applicationsets is where all the ApplicationSets YAMLs live, aplications is where all the Application YAML's live and lastly argocdproj is where the ArgoAppProject YAMLs live.

Other things that can live here are RBAC, Git repo, and other Argo CD specific configurations (each in their repsective directories).
4. core This is where YAML for the core functionality of the cluster live. Here is where the Kubernetes administrator will put things that is necissary for the functionality of the cluster (like cluster configs or cluster workloads).

Under gitops-controller is where you are using Argo CD to manage itself. The kustomization.yaml file uses cluster-XXX/bootstrap/overlays/default in it's bases configuration. This core directory gets deployed as an applicationset which can be found under cluster-XXX/components/applicationsets/core-components-appset.yaml.

To add a new "core functionality" workoad, one needs to add a directory with some yaml in the core directory. See the monitoring directory as an example.
5. tenants This is where the workloads for this cluster live.

Similar to core, the tenants directory gets loaded as part of an ApplicationSet that is under cluster-XXX/components/applicationsets/tenants-appset.yaml.

This is where Devlopers/Release Engineers do the work. They just need to commit a directory with some YAML and the applicationset takes care of creating the workload.

Bootstrapping

To see this in action, first get yourself a cluster (using minikube as an example)

minikube start --driver=docker

First apply secrets: These cannot be applied with kubectl in the regular fashion due to be encrypted with age

age -d -i ~/.config/age/key.txt cluster-home/bootstrap/base/secrets/argocd-ghcr-repo-secret.yaml.age | kubectl apply -f -
age -d -i ~/.config/age/key.txt cluster-home/bootstrap/base/secrets/coder-db-postgresql-secret.yaml.age | kubectl apply -f -
age -d -i ~/.config/age/key.txt cluster-home/bootstrap/base/secrets/coder-db-url-secret.yaml.age | kubectl apply -f -
age -d -i ~/.config/age/key.txt cluster-home/bootstrap/base/secrets/democratic-csi-iscsi-driver-config-secret.yaml.age | kubectl apply -f -
age -d -i ~/.config/age/key.txt cluster-home/bootstrap/base/secrets/gha-runner-home-ops-secret.yaml.age | kubectl apply -f -
age -d -i ~/.config/age/key.txt cluster-home/bootstrap/base/secrets/ovh-credentials-secret.yaml.age | kubectl apply -f -

Then, just apply this repo:

until kubectl apply -k https://github.com/rszamszur/home-k8s/cluster-home/bootstrap/overlays/default; do sleep 3; done

This should give you the following applications:

$ kubectl get applications -n argocd
NAME                       SYNC STATUS   HEALTH STATUS
argocd-ingress             Synced        Healthy
buildbarn                  Synced        Healthy
cert-manager               Synced        Healthy
cert-manager-webhook-ovh   Synced        Healthy
certificates               Synced        Healthy
coder                      Synced        Healthy
coder-db                   Synced        Healthy
coder-v2                   Synced        Healthy
democratic-csi-iscsi       Synced        Healthy
fastapi-mvc-example        Synced        Healthy
gha-runner                 Synced        Healthy
gha-runner-controller      Synced        Healthy
gitops-controller          Synced        Healthy
ingress-controller         Synced        Healthy
kube-prometheus-stack      Synced        Healthy
monitoring                 Synced        Healthy
storage                    Synced        Healthy

Backed by 2 applicationsets:

$ kubectl get appsets -n argocd
NAME      AGE
cluster   19m
tenants   19m

To see the Argo CD UI, you'll first need the password:

kubectl get secret/argocd-initial-admin-secret -n argocd -o jsonpath='{.data.password}' | base64 -d ; echo

Then port-forward to see it in your browser (using admin as the username):

kubectl -n argocd port-forward service/argocd-server 8080:443

Resources

About

A mono repository for my home infrastructure and Kubernetes cluster which adheres to Infrastructure as Code (IaC) and GitOps practices where possible

Topics

Resources

Stars

Watchers

Forks

Packages

 
 
 

Contributors 4

  •  
  •  
  •  
  •