Skip to content

rwlove/home-ops

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date
Mar 9, 2024
Jul 8, 2024
Jan 18, 2024
Jun 30, 2024
Mar 9, 2024
Jul 8, 2024
May 2, 2024
Mar 27, 2024
Oct 13, 2023
Feb 14, 2022
Mar 9, 2024
Apr 6, 2024
Jan 18, 2024
Jun 15, 2024
Jan 18, 2024
Mar 9, 2024
Jan 18, 2024
Mar 14, 2024
Mar 12, 2021
Mar 10, 2021

Repository files navigation

Lovenet Home Operations Repository

Managed by Flux, Renovate and GitHub Actions 🤖

Renovate

Kubernetes Cluster Information:

Age-Days  Node-Count  Pod-Count  CPU-Usage  Memory-Usage 



Overview

This is the configuration for my GitOps homelab Kubernetes cluster. This cluster runs home software services for my residence. It is quite complex and there are a lot of interdependencies but the declarative nature of GitOps allows me to manage this mesh of code. The software services fall into a few primary categories:

Core Components

Infrastructure

Networking

  • cilium: Kubernetes Container Network Interface (CNI).
  • cert-manager: Creates SSL certificates for services in my Kubernetes cluster.
  • external-dns: Automatically manages DNS records from my cluster in a cloud DNS provider.
  • ingress-nginx: Ingress controller to expose HTTP traffic to pods over DNS.
  • Cloudflared: Cloudflare tunnel client.

Storage

  • Rook-Ceph: Distributed block storage for peristent storage..
  • Minio: S3 Compatible Storage Interface.
  • Longhorn: Cloud native distributed block storage for Kubernetes.
  • NFS: NFS storage.

GitOps


⚙️  Configuration


⚙️  Hardware

Hostname Device CPU RAM OS Role Storage IOT Network
master1 Intel NUC7PJYH 4 8 GB CentOS 9 k8s Master
master2 VM on beast 3 8 GB CentOS 9 k8s Master
master3 VM on beast 3 8 GB CentOS 9 k8s Master
worker1 ThinkCentre M910x 8 32 GB CentOS 9 k8s Worker longhorn NVMe Coral USB iot/sec-vlan
worker2 ThinkCentre M910x 8 32 GB CentOS 9 k8s Worker longhorn NVMe zstick-7 iot/sec-vlan
worker3 ThinkCentre M910x 8 32 GB CentOS 9 k8s Worker longhorn NVMe, ceph osd sonoff iot/sec-vlan
worker4 ThinkCentre M910x 8 32 GB CentOS 9 k8s Worker longhorn NVMe iot/sec-vlan
worker5 VM on beast 10 24 GB CentOS 9 k8s Worker longhorn NVMe, ceph osd iot/sec-vlan
worker6 VM on beast 10 24 GB CentOS 9 k8s Worker longhorn NVMe, ceph osd skyconnect iot/sec-vlan
worker7 VM on beast 10 24 GB CentOS 9 k8s Worker longhorn NVMe, ceph osd iot/sec-vlan
worker8 VM on beast 10 48 GB CentOS 9 k8s Worker longhorn NVMe, ceph osd nVIDIA P40 iot/sec-vlan

Network

Click to see a high level physical network diagram dns
Name CIDR VLAN Notes
Management VLAN TBD
Default 192.168.0.0/16 0
IOT VLAN 10.10.20.1/24 20
Guest VLAN 10.10.30.1/24 30
Security VLAN 10.10.40.1/24 40
Kubernetes Pod Subnet (Cilium) 10.42.0.0/16 N/A
Kubernetes Services Subnet (Cilium) 10.43.0.0/16 N/A
Kubernetes LB Range (CiliumLoadBalancerIPPool) 10.45.0.1/24 N/A

☁️ Cloud Dependencies

Service Use Cost
1Password Secrets with External Secrets ~$65/yr
Cloudflare Domain Free
GitHub Hosting this repository and continuous integration/deployments Free
Mailgun Email hosting Free (Flex Plan)
Pushover Kubernetes Alerts and application notifications $10 (One Time)
Total: ~$5.50/mo

Initialization

./init/create-cluster.sh (on master)

./init/prepare-cluster.sh (on laptop)

./init/initialize-cluster.sh (on laptop)

ssh root@master1 rm /etc/kubernetes/manifests/kube-vip.yaml (on laptop)

Teardown

./init/destroy-cluster.sh (on laptop)

Debugging

Github Webhook

kubectl -n flux-system get receivers.notification.toolkit.fluxcd.io generates token URL to be put into github.com -> Settings -> Webhooks -> Payload URL

  • Content Type: application/json
  • Secret: <token from kubectl -n flux-system describe secrets github-webhook-token>
  • SSL: Enable SSL verification
  • Which events would you like to trigger this webhook?: Just the push event.
  • Active:

Notes

To get metrics-server to work with kubeadm, you need to do the following if it isn't setup with the clusterconfig provided to kubeadm https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs

  • Need to pull the kubeadm configuration into this repository

Resources: Limits and Requests Philosophy

In short, do set CPU requests, but don't set CPU limits and set the Memory limit to be the same as the Memory requests.

@whazor created this website as a creative way to search Helm Releases across GitHub. You may use it as a means to get ideas on how to configure an applications' Helm values.