This is the repository I use to version control my kubernetes cluster I deploy and maintain at home. I currently use Talos to provide a secure, minimal and immutable environment for Kubernetes. Previous iterations of this repository relied on Debian-based Operating Systems which can lead unwanted changes in the base system.
Thanks to onedr0p, there is the cluster template that allows you to easily get started with your own kubernetes cluster at home. You don't need to have multiple computers or a fancy setup to get one working.
If you're interested, you can also join the community Home Operations. Several people are involved daily and it makes for some interesting conversations.
This repository uses the following layout for Kubernetes.
📁 bootstrap
├── 📝 helmfile.yaml # Helmreleases required to run bootstrap flux.
└── 📝 secrets.yaml.tpl # Secrets required to bootstrap flux.
📁 kubernetes
├── 📁 apps # Per-cluster application-specific configurations.
├── 📁 components # Flux & Talos configurations for setting up the cluster.
└── 📁 flux # Flux configuration, application repositories and more.
📁 talos
├── 📁 nodes # Override configurations for each individual node.
├── 📝 machineconfig.yaml.j2 # Base configuration for all nodes.
└── 📝 talos.env # Kubernetes and Talos Version Variables
📁 unifi # Configuration files for UniFi
📝 kubeconfig
📝 talosconfigWhile most of my infrastructure and workloads are self-hosted I do rely upon the cloud for certain key parts of my setup. This saves me from having to worry about two things. (1) Dealing with chicken/egg scenarios and (2) services I critically need whether my cluster is online or not.
| Service | Use | Cost |
|---|---|---|
| 1Password | Secrets with External Secrets | ~$55/yr |
| Cloudflare | Domains, Workers, Pages, and R2 | ~$240/yr |
| Backblaze B2 | Backups | $1/m |
| GitHub | Hosting this repository and continuous integration/deployments | Free |
| Let's Encrypt | Issuing SSL Certificates with Cert Manager | Free |
| Migadu | Email Hosting | ~$20/yr |
| Pushover | Kubernetes Alerts and application notifications | Free |
| UniFi Site Manager | UniFi External Access Management | Free |
| Total: ~$10/mo |
flowchart LR
A[["#quot;The Internet#quot;"]] -- 2Gbps ↓ 350Mbps ↑ --> B("UXG Max");
B -- 2.5Gbps ↕ --> C("USW Flex 2.5G 8 PoE")
C -- 2.5Gbps ↕ --> D["U6 LR (Home Network)"]
C -- 10Gbps ↕ --> E("USW Aggregation")
E -- 10Gbps ↕ --> F["UDM Pro SE (Lab Network)"]
F -- 10Gbps ↕ --> G("USW Pro Max 16")
E -- 10Gbps ↕ --> H["3x MS-01 (Talos)"]
E -- 10Gbps ↕ --> I["1x Storage (TrueNAS)"]
| Name | VLAN | Description |
|---|---|---|
| Management | 1 | Servers + Network Management |
| Devices | 2 | Wireless Devices and Workstations |
| IoT | 3 | Small devices that have the potential to be compromised, so they don't get to talk to each other. |
| Services | 4 | No DHCP, Simply a network for Cluster BGP |
| "I Don't Trust You" | 86 | Non-affiliated organization issued devices (school or work devices) |
UniFi released a new feature update with UniFi routers that allow you to create custom dns records to be served to the whole network. I wrote External DNS Unifi Webhook to allow External DNS to gather service and ingress hosts from my clusters and deploy the records to my routers local dns server without any extra local resolvers or moving parts.
Click to see the rack!
Updated 05/25/2024
| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |
|---|---|---|---|---|---|---|
| UXG Max | 1 | - | - | - | UniFi OS | Router |
| UCK G2 Plus | 1 | - | - | - | UniFi OS | Controller |
| USW Flex 2.5G 8 PoE | 1 | - | - | - | UniFi OS | Office Switch |
| U6-LR | 1 | - | - | - | - | Office AP |
| Airgradient | 1 | - | - | - | - | Dining Room AP |
| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose | Network |
|---|---|---|---|---|---|---|---|
| UDM Pro | 1 | - | - | - | UniFi OS | Router | Lab |
| USW 16 Pro Max | 1 | - | - | - | UniFi OS | Switching | Lab |
| USW Aggregation | 1 | - | - | - | UniFi OS | Office Aggregation | Office |
| U7-Pro | 1 | - | - | - | - | Lab AP | Lab |
| UAP-AC-Pro | 1 | - | - | - | - | Dining Room AP | Lab |
| USP-PDU-Pro | 1 | - | - | - | - | Rack PDU | Lab |
| MS-01 | 3 | 1TB NVMe | 2TB PM9A3 U.2 | 96GB | Talos | Main Cluster | Office |
| Fran | 1 | 2x1TB SSD | 5x8TB (raidz2) | 64GB | Debian | Storage | Office |
| JetKVM | 1 | 16GB (Flash) | - | - | JetKVM | Network KVM | Lab |
| APC Back-Ups 1500 | 1 | - | - | - | - | UPS | - |
| Meshtastic MQTT GW | 1 | - | - | - | - | MQTT GW | Lab |
Thanks to all the people who donate their time to the Home Operations community.
Special thanks to: ᗪєνιη ᗷυнʟ, Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs, and Toboshii Nakama for their assistance.
Check out kubesearch.dev to see what other users are running in their kubernetes home labs!