Cloud Infrastructure Operations Repository 🐱‍💻

... managed by Flux and Renovate 🤖

[![Dynamic YAML Badge](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fraw.githubusercontent.com%2Fdotfilesh%2Fops%2Fmain%2Ftalos%2Fclusters%2Fkclt-01%2Ftalconfig.yaml&query=talosVersion&style=for-the-badge&logo=linux&logoColor=white&label=Talos&color=FC500D&cacheSeconds=86400)](https://www.talos.dev/) [![Dynamic YAML Badge](https://img.shields.io/badge/dynamic/yaml?url=https%3A%2F%2Fraw.githubusercontent.com%2Fdotfilesh%2Fops%2Fmain%2Ftalos%2Fclusters%2Fkclt-01%2Ftalconfig.yaml&query=kubernetesVersion&style=for-the-badge&logo=kubernetes&logoColor=white&label=Kubernetes&color=326CE5&cacheSeconds=86400)](https://kubernetes.io/) [![Static Badge](https://img.shields.io/badge/pre--commit-enabled-white?style=for-the-badge&logo=pre-commit&logoColor=white&label=Pre-Commit&color=FAB040)](https://github.com/pre-commit/pre-commit)

📖 Overview

This repository provides the configuration for our cloud infrastructure. Working to adhere to Infrastructure as Code (IaC) and GitOps practices, this system is intended for easy maintenance and use; along with making the system accessible, transparent, and more easily studied in a broader sense.

⛵ Kubernetes

This repo borrows heavily from k8s-at-home/template-cluster-k3 and its derivatives such as Devil Buhl's home-ops and Toboshii Nakama's in structure and practices.

Installation

Clusters run on Talos Linux, an immutable and ephemeral Linux distribution built around Kubernetes, deployed on bare-metal. Rook Ceph running hyper-converged with workloads provides persistent block, object, and file storage.

☸️ Talos

talhelper is used to organize the Talos config files.

Core Components

cilium/cilium: Internal Kubernetes networking plugin.
rook/rook: Distributed block storage for peristent storage.
mozilla/sops: Manages secrets for Kubernetes, Ansible and Terraform.
jetstack/cert-manager: Creates SSL certificates for cluster services.
kubernetes/ingress-nginx: Ingress controller to expose HTTP traffic to pods over DNS.

GitOps

Flux watches the k8s directory and makes changes based on the YAML manifests.

Renovate watches the entire repository looking for dependency updates, when they are found a PR is automatically created. When PRs are merged, Flux applies the relevant changes to the cluster.

Directories

The cloud infrastructure is intended to be able to support multiple clusters, and as such provides a distinction between global configuration and cluster deployments || config. Clusters are named based on the airport geographically closest (*ish) + sequential discriminator.

📁 k8s       # All k8s infrastructure defined below
├─📁 clusters  # all instantiated k8s clusters, defined as code
│ └─📁 icao-00   # example cluster
│   ├─📁 apps      # Apps in cluster by namespace
│   ├─📁 bootstrap # Cluster-specific keys
│   └─📁 flux      # Flux configuration.
└─📁 global    # global resources
  ├─📁 bootstrap # Bootstrapping data (flux installation, global key)
  ├─📁 config    # Universal config data
  └─📁 repos     # (Helm|Git)Repository Flux sources

Networking:

Some cilium nightmare.

Data Backup

Ok question time is over now. go home.

🤝 Thanks

Thanks to all folks who donate their time to the Kubernetes @Home community.

dotfilesh / ops

readme