State of the art multi-cluster GitOps repository for homelab use. Currently used with my bare metal Kubernetes clusters at home to host a bunch of useful open-source apps.
| Apps | Description |
|---|---|
 |
Immutable Linux distro for Kubernetes, allowing to deploy clusters with Omni |
 |
Full network stack, replaces Flannel as the CNI and kube-proxy from Talos. Also used as the Load Balancer with Gateway API support |
 |
Fully managed Kubernetes deployment using GitOps practices |
 |
Manage secrets remotely & securely from a large list of providers |
 |
Automatic x.509 certificates management with Gateway API support |
 |
Manage automatically the DNS records of domains listed in the Gateway API's routes |
 |
Custom DNS server with blocking capabilities to route internal traffic |
 |
Operator for running PostgreSQL databases |
 |
Identity provider to allow Single-Sign-On for all deployed apps |
| Apps | Description |
|---|---|
 |
Recursive DNS server used with Pi-hole to provide more privacy |
 |
Dashboard with a bunch of features that I use as my browser starting page |
 |
Git server to host personal stuff likes notes etc. |
 |
Home automation that puts local control and privacy first |
 |
3D printing slicer based on Bambu Studio and PrusaSlicer with enhanced features |
 |
Prowlarr is an indexer manager/proxy that supports management of both torrent trackers and usenet indexers |
 |
Torrent client to download legal stuff :) |
 |
Readarr is an eBook and audiobook collection manager |
| Apps | Description |
|---|---|
 |
Open-source analytics and interactive visualization web application |
 |
Monitoring system with a dimensional data model, flexible query language & more |
 |
Automatically inform and updates deployed apps in the clusters |
I'm using Sidero Omni to manage and deploy my Kubernetes clusters.
You'll need the following:
- A static public IP address with a router able to forward ports
- A domain name with a DNS provider usable with ExternalDNS
- An API token of the DNS provider that will allow challenges to create certificates. This repository uses a
Cloudflaretoken with the permissions: Zone - DNS - Edit, Zone - Zone - Read & Include - All Zones - Another API token of the same provider to manage DNS records. Using
Cloudflare, the token should have the same permissions as above - A GitHub PAT to be used by
FluxCD, with Read-Write permissions for Admnistration & Contents - Any secret provider supported by External Secrets Operator. This repository uses
GitLab
Here is the following list of secrets you need to add in your external secrets provider of choice before starting the cluster:
| Name | Description |
|---|---|
dns_provider_challenge_token |
API token of your DNS management provider of your domain, used to generate the x.509 certificates |
dns_provider_management_token |
API token of your DNS management provider of your domain, used to manage your DNS records |
authentik_key |
Random string of atleast 50 caracters long (ex: openssl rand -base64 50) |
renovate_token |
Git token for the Renovate account |