This repository is no longer maintained! My Clusters found a new home at Pumba98/flux2-gitops
Kubernetes cluster using the GitOps tool Flux.
The Git repository is the driving the state of the Kubernetes cluster.
The awesome Flux SOPS integration is used to encrypt secrets with gpg.
The following components are installed on the k3s cluster.
| Software | Purpose |
|---|---|
| Flux | GitOps Tool managing the cluster |
| Longhorn | Persistent Block Storage Provisioner |
| NGINX Ingress Controller | Cluster Ingress controller |
| MetalLB | Bare metal LoadBalancer |
| Cert-Manager | Letsencrypt certificates with Cloudflare DNS |
| ExternalDNS | Configure Cloudflare DNS Servers |
| kube-vip | Virtual IP Load-Balancer for Control Plane High Availability |
| Kube-Prometheus Stack | Prometheus & Exporters to monitor the cluster |
| Grafana | Monitoring & Logging Dashboard |
| Alertmanager | Monitoring Alerts |
| Grafana Loki | Log aggregation system |
| System Upgrade Controller | Automated k3s upgrades |
| Descheduler | Evicts pods to optimize scheduling |
| Authelia | SSO & 2FA authentication server for Cluster Web Apps |
| Nextcloud | File share and collaboration platform |
| Vaultwarden | Unofficial Bitwarden compatible server written in Rust |
| Firefly-iii | Personal finance manager |
| Paperless-ngx | Document management system |
| Mailu | Email stack on kubernetes |
| Rancher | Kubernetes Management Dashboard |
| Homer | Static dashboard for the cluster applications |
| Pod-Gateway | Route mail traffic through an external gateway |
| Goldilocks | Utility to help identifying good resource requests and limits |
Renovate Bot makes sure the Cluster is never outdated.
It creates PullRequests when Helm charts or Docker images have newer versions available and even keeps Flux and k3s up-to-date.
Big shout out to k8s@home for their k3s-cluster-template and everyone from awesome-home-kubernetes for the inspiration ❤️
📍 Installation Notes
1.
pre-commit install-hooks- Encrypt all secrets with SOPS
export GPG_TTY=$(tty)
sops --encrypt --in-place ./cluster/base/cluster-secrets.sops.yaml- Pre-create the
flux-systemnamespace
kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f -- Add the Flux GPG key in-order for Flux to decrypt SOPS secrets
sops -d ./flux-sops-gpg-secret.sops.yaml | kubectl apply -f -- (Optional) Add the Flux SSH key in-order for Flux to pull private git repositories
sops -d ./flux-secret.sops.yaml | kubectl apply -f -- Push everything & Install Flux
kubectl apply --kustomize=./cluster/base/flux-system📍 Due to race conditions with the Flux CRDs run the last command twice. There should be no errors on the second run.