Introduction
Lovenet Home Operations Repository
Managed by Flux, Renovate and GitHub Actions 🤖
Kubernetes Cluster Information
Infrastructure Information
Overview
This is the configuration for my GitOps homelab Kubernetes cluster. This cluster runs home software services for my residence. It is quite complex and there are a lot of interdependencies but the declarative nature of GitOps allows me to manage this mesh of code. The software services fall into a few primary categories:
- Home Automation (Home Assistant, ESPHome, Node-Red, EMQX, ZWave JS UI, Zigbee2MQTT)
- Home Metering and Monitoring (Weather Station, Power Monitoring, Sensors)
- Home Security (Frigate, Double Take)
- IOT Devices (WLED, Ratgdo)
Core Components
Infrastructure
- CentOS 9 Stream: Kubernetes Node Operating System.
- crun: Container Runtime implemented in C.
- nVIDIA Container Toolkit: Container Runtime for nVIDIA GPUs.
Networking
- cilium: Kubernetes Container Network Interface (CNI).
- cert-manager: Creates SSL certificates for services in my Kubernetes cluster.
- external-dns: Automatically manages DNS records from my cluster in a cloud DNS provider.
- ingress-nginx: Ingress controller to expose HTTP traffic to pods over DNS.
- Cloudflared: Cloudflare tunnel client.
Storage
- Rook-Ceph: Distributed block storage for peristent storage..
- Minio: S3 Compatible Storage Interface.
- Longhorn: Cloud native distributed block storage for Kubernetes.
- NFS: NFS storage.
GitOps
- Flux2: Declarative Cluster GitOps
- actions-runner-controller: Self-hosted Github runners.
- sops: Managed secrets for Kubernetes which are commited to Git.
- Rennovate: Automated Cluster Management.
⚙️ Configuration
⚙️ Hardware
Hostname | Device | CPU | RAM | OS | Role | Storage | IOT | Network |
---|---|---|---|---|---|---|---|---|
master1 | Intel NUC7PJYH | 4 | 8 GB | CentOS 9 | k8s Master | |||
master2 | VM on beast | 3 | 8 GB | CentOS 9 | k8s Master | |||
master3 | VM on beast | 3 | 8 GB | CentOS 9 | k8s Master | |||
worker1 | ThinkCentre M910x | 8 | 32 GB | CentOS 9 | k8s Worker | longhorn NVMe | Z-Stick 7 | iot/sec-vlan |
worker2 | ThinkCentre M910x | 8 | 32 GB | CentOS 9 | k8s Worker | longhorn NVMe | iot/sec-vlan | |
worker3 | ThinkCentre M910x | 8 | 32 GB | CentOS 9 | k8s Worker | longhorn NVMe, ceph osd | Sonoff | iot/sec-vlan |
worker4 | ThinkCentre M910x | 8 | 32 GB | CentOS 9 | k8s Worker | longhorn NVMe | Coral USB | iot/sec-vlan |
worker5 | VM on beast | 10 | 24 GB | CentOS 9 | k8s Worker | longhorn NVMe, ceph osd | iot/sec-vlan | |
worker6 | VM on beast | 10 | 24 GB | CentOS 9 | k8s Worker | longhorn NVMe, ceph osd | skyconnect | iot/sec-vlan |
worker7 | VM on beast | 10 | 24 GB | CentOS 9 | k8s Worker | longhorn NVMe, ceph osd | iot/sec-vlan | |
worker8 | VM on beast | 10 | 58 GB | CentOS 9 | k8s Worker | longhorn NVMe, ceph osd | nVIDIA P40 | iot/sec-vlan |
Network
Click to see a high level physical network diagram
Name | CIDR | VLAN | Notes |
---|---|---|---|
Management VLAN | TBD | ||
Default | 192.168.0.0/16 | 0 | |
IOT VLAN | 10.10.20.1/24 | 20 | |
Guest VLAN | 10.10.30.1/24 | 30 | |
Security VLAN | 10.10.40.1/24 | 40 | |
Kubernetes Pod Subnet (Cilium) | 10.42.0.0/16 | N/A | |
Kubernetes Services Subnet (Cilium) | 10.43.0.0/16 | N/A | |
Kubernetes LB Range (CiliumLoadBalancerIPPool) | 10.45.0.1/24 | N/A |
☁️ Cloud Dependencies
Service | Use | Cost |
---|---|---|
1Password | Secrets with External Secrets | ~$65 (1 Year) |
Cloudflare | Domain | Free |
GitHub | Hosting this repository and continuous integration/deployments | Free |
Mailgun | Email hosting | Free (Flex Plan) |
Pushover | Kubernetes Alerts and application notifications | $10 (One Time) |
Frigate Plus | Model training services for Frigate NVR | $50 (1 Year) |
Total: ~$9.60/mo |
Noteworthy Documentation
Cluster Rebuild Actions Initialization and Teardown Github Webhook Limits and Requests Philosophy Debugging Immich restore to new CNPG database nVIDIA P40 GPU
Home-Ops Search
@whazor created this website as a creative way to search Helm Releases across GitHub. You may use it as a means to get ideas on how to configure an applications' Helm values.