Introduction

Warning

These docs contain information that relates to my setup. They may or may not work for you.

Lovenet Home Operations Repository

Managed by Flux, Renovate and GitHub Actions 🤖

Kubernetes Cluster Information

Infrastructure Information

Overview

This is the configuration for my GitOps homelab Kubernetes cluster. This cluster runs home software services for my residence. It is quite complex and there are a lot of interdependencies but the declarative nature of GitOps allows me to manage this mesh of code. The software services fall into a few primary categories:

Home Automation (Home Assistant, ESPHome, Node-Red, EMQX, ZWave JS UI, Zigbee2MQTT)
Home Metering and Monitoring (Weather Station, Droplet, Power Monitoring, Sensors)
Home Security (Frigate)
IOT Devices (WLED, Ratgdo)

Core Components

Infrastructure

CentOS 9 Stream: Kubernetes Node Operating System.
crun: Container Runtime implemented in C.
nVIDIA Container Toolkit: Container Runtime for nVIDIA GPUs.

Networking

cilium: Kubernetes Container Network Interface (CNI).
cert-manager: Creates SSL certificates for services in my Kubernetes cluster.
external-dns: Automatically manages DNS records from my cluster in a cloud DNS provider.
Cloudflared: Cloudflare tunnel client.
Envoy Gateway: Networking gateways into cluster.

Storage

Rook-Ceph: Distributed block storage for peristent storage..
Minio: S3 Compatible Storage Interface.
Longhorn: Cloud native distributed block storage for Kubernetes.
NFS: NFS storage.

GitOps

Flux2: Declarative Cluster GitOps
actions-runner-controller: Self-hosted Github runners.
sops: Managed secrets for Kubernetes which are commited to Git.
Rennovate: Automated Cluster Management.

⚙️ Hardware

Hostname	Device	CPU	RAM	OS	Role	Storage	IOT	VLANs (multus)
master1	Intel NUC7PJYH	4	8 GB	CentOS 9	k8s Master
master2	VM on beast	3	8 GB	CentOS 9	k8s Master
master3	VM on beast	3	8 GB	CentOS 9	k8s Master
worker1	ThinkCentre M910x	8	32 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd	ZWA-2	iot, sec
worker2	ThinkCentre M910x	8	32 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd		iot, sec
worker3	ThinkCentre M910x	8	64 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd	Sonoff	iot, sec
worker4	ThinkCentre M910x	8	32 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd	Coral USB	iot, sec
worker5	VM on beast	10	24 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd		iot, sec
worker6	VM on beast	10	24 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd		iot, sec
worker7	VM on beast	10	24 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd		iot, sec
worker8	VM on beast	10	58 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd	nVIDIA P40	iot, sec

Network

Click to see a high level physical network diagram

Name	CIDR	VLAN	Notes
Management VLAN			TBD
Default	`192.168.0.0/16`	0
IOT VLAN	`10.10.20.1/24`	20
Guest VLAN	`10.10.30.1/24`	30
Security VLAN	`10.10.40.1/24`	40
Kubernetes Pod Subnet (Cilium)	`10.42.0.0/16`	N/A
Kubernetes Services Subnet (Cilium)	`10.43.0.0/16`	N/A
Kubernetes LB Range (CiliumLoadBalancerIPPool)	`10.45.0.1/24`	N/A

☁️ Cloud Dependencies

Service	Use	Cost
1Password	Secrets with External Secrets	~$65 (1 Year)
Cloudflare	Domain	Free
GitHub	Hosting this repository and continuous integration/deployments	Free
Mailgun	Email hosting	Free (Flex Plan)
Pushover	Kubernetes Alerts and application notifications	$10 (One Time)
Frigate Plus	Model training services for Frigate NVR	$50 (1 Year)
		Total: ~$9.60/mo

Noteworthy Documentation

Cluster Rebuild Actions Initialization and Teardown Github Webhook Limits and Requests Philosophy Debugging Immich restore to new CNPG database nVIDIA P40 GPU

Home-Ops Search

@whazor created this website as a creative way to search Helm Releases across GitHub. You may use it as a means to get ideas on how to configure an applications' Helm values.