rwlove/home-ops - Githubissues

## Lovenet Home Operations Repository _Managed by Flux, Renovate and GitHub Actions_ :robot: [![Kubernetes](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.thesteamedcrab.com%2Fquery%3Fformat%3Dendpoint%26metric%3Dkubernetes_version&style=for-the-badge&logo=kubernetes&logoColor=white&color=blue&label=%20)](https://github.com/kashalls/kromgo/) [![Renovate](https://img.shields.io/github/actions/workflow/status/rwlove/home-ops/renovate.yaml?branch=main&label=&logo=renovatebot&style=for-the-badge&color=blue)](https://github.com/rwlove/home-ops/actions/workflows/renovate.yaml) [![Documentation](https://img.shields.io/badge/documentation-blue?&style=for-the-badge)](https://rwlove.github.io/home-ops/) Kubernetes Cluster Information: [![Age-Days](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.thesteamedcrab.com%2Fquery%3Fformat%3Dendpoint%26metric%3Dcluster_age_days&style=flat-square&label=Age)](https://github.com/kashalls/kromgo/) [![Node-Count](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.thesteamedcrab.com%2Fquery%3Fformat%3Dendpoint%26metric%3Dcluster_node_count&style=flat-square&label=Nodes)](https://github.com/kashalls/kromgo/) [![Pod-Count](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.thesteamedcrab.com%2Fquery%3Fformat%3Dendpoint%26metric%3Dcluster_pod_count&style=flat-square&label=Pods)](https://github.com/kashalls/kromgo/) [![CPU-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.thesteamedcrab.com%2Fquery%3Fformat%3Dendpoint%26metric%3Dcluster_cpu_usage&style=flat-square&label=CPU)](https://github.com/kashalls/kromgo/) [![Memory-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.thesteamedcrab.com%2Fquery%3Fformat%3Dendpoint%26metric%3Dcluster_memory_usage&style=flat-square&label=Memory)](https://github.com/kashalls/kromgo/) [![Check Links](https://github.com/rwlove/home-ops/actions/workflows/lychee.yaml/badge.svg)](https://github.com/rwlove/home-ops/actions/workflows/lychee.yaml)

Overview

This is the configuration for my GitOps homelab Kubernetes cluster. This cluster runs home software services for my residence. It is quite complex and there are a lot of interdependencies but the declarative nature of GitOps allows me to manage this mesh of code. The software services fall into a few primary categories:

Home Automation (Home Assistant, ESPHome, Node-Red, EMQX, ZWave JS UI, Zigbee2MQTT)
Home Metering and Monitoring (Weather Station, Power Monitoring, Sensors)
Home Security (Frigate, Double Take)
IOT Devices (WLED, Ratgdo)

Core Components

Infrastructure

CentOS 9 Stream: Kubernetes Node Operating System.
crun: Container Runtime implemented in C.
nVIDIA Container Toolkit: Container Runtime for nVIDIA GPUs.

Networking

cilium: Kubernetes Container Network Interface (CNI).
cert-manager: Creates SSL certificates for services in my Kubernetes cluster.
external-dns: Automatically manages DNS records from my cluster in a cloud DNS provider.
ingress-nginx: Ingress controller to expose HTTP traffic to pods over DNS.
Cloudflared: Cloudflare tunnel client.

Storage

Rook-Ceph: Distributed block storage for peristent storage..
Minio: S3 Compatible Storage Interface.
Longhorn: Cloud native distributed block storage for Kubernetes.
NFS: NFS storage.

GitOps

Flux2: Declarative Cluster GitOps
actions-runner-controller: Self-hosted Github runners.
sops: Managed secrets for Kubernetes which are commited to Git.
Rennovate: Automated Cluster Management.

:gear: Configuration

:gear: Hardware

Hostname	Device	CPU	RAM	OS	Role	Storage	IOT	Network
master1	Intel NUC7PJYH	4	8 GB	CentOS 9	k8s Master
master2	VM on beast	3	8 GB	CentOS 9	k8s Master
master3	VM on beast	3	8 GB	CentOS 9	k8s Master
worker1	ThinkCentre M910x	8	32 GB	CentOS 9	k8s Worker	longhorn NVMe	Z-Stick 7	iot/sec-vlan
worker2	ThinkCentre M910x	8	32 GB	CentOS 9	k8s Worker	longhorn NVMe		iot/sec-vlan
worker3	ThinkCentre M910x	8	32 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd	Sonoff	iot/sec-vlan
worker4	ThinkCentre M910x	8	32 GB	CentOS 9	k8s Worker	longhorn NVMe	Coral USB	iot/sec-vlan
worker5	VM on beast	10	24 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd		iot/sec-vlan
worker6	VM on beast	10	24 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd	skyconnect	iot/sec-vlan
worker7	VM on beast	10	24 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd		iot/sec-vlan
worker8	VM on beast	10	48 GB	CentOS 9	k8s Worker	longhorn NVMe, ceph osd	nVIDIA P40	iot/sec-vlan

Network

Click to see a high level physical network diagram

Name	CIDR	VLAN	Notes
Management VLAN			TBD
Default	`192.168.0.0/16`	0
IOT VLAN	`10.10.20.1/24`	20
Guest VLAN	`10.10.30.1/24`	30
Security VLAN	`10.10.40.1/24`	40
Kubernetes Pod Subnet (Cilium)	`10.42.0.0/16`	N/A
Kubernetes Services Subnet (Cilium)	`10.43.0.0/16`	N/A
Kubernetes LB Range (CiliumLoadBalancerIPPool)	`10.45.0.1/24`	N/A

☁️ Cloud Dependencies

Service	Use	Cost
1Password	Secrets with External Secrets	~$65 (1 Year)
Cloudflare	Domain	Free
GitHub	Hosting this repository and continuous integration/deployments	Free
Mailgun	Email hosting	Free (Flex Plan)
Pushover	Kubernetes Alerts and application notifications	$10 (One Time)
Frigate Plus	Model training services for Frigate NVR	$50 (1 Year)
		Total: ~$9.60/mo

Noteworthy Documentation

Initialization and Teardown Github Webhook Limits and Requests Philosophy Debugging

Home-Ops Search

@whazor created this website as a creative way to search Helm Releases across GitHub. You may use it as a means to get ideas on how to configure an applications' Helm values.

rwlove / home-ops

readme