This repository contains the entire configuration of my Kubernetes-based homelab. It is managed using GitOps principles with FluxCD, Renovate and GitHub Actions. The goal of this project is to create a stable, reproducible and automated homelab environment for learning and experimentation.
The heart of the homelab is a Kubernetes cluster named "Middle-Earth". This cluster is built on top of Talos OS and its Talos configuration is provisioned from a private repository.
The server rack is a custom-built 19" rack that houses all the hardware for the homelab.
It includes the mini-PCs, switch, firewall, patch panel, NAS and UPS (and a companion NUT server built with Raspberry Pi 4).
The k8s cluster consists of the following nodes:
| Name | Role | Model | Category | CPU | RAM | GPU | Storage |
|---|---|---|---|---|---|---|---|
gandalf |
Control Plane | EliteDesk 800 G3 Mini | hobbit-md-i5 | Intel i5-7500t | 16GB | N/A | 256GB NVMe |
sam |
Worker | EliteDesk 800 G3 Mini | hobbit-md-i5 | Intel i5-7500t | 16GB | N/A | 500GB NVMe |
pipin |
Worker | EliteDesk 800 G3 Mini | hobbit-sm-i3 | Intel i3-6100T | 16GB | N/A | 500GB NVMe |
merry |
Worker | EliteDesk 800 G3 Mini | hobbit-sm-i3 | Intel i3-6100T | 16GB | N/A | 500GB NVMe |
gollum |
Worker | Lenovo G400s Laptop | hobbit-bg-i7 | Intel i7-3612QM | 16GB | N/A | 1TB Sata SSD |
saruman |
LLM Server | Custom Build | N/A | AMD Ryzen 8600G | 128GB | NVIDIA 3090 | 1TB NVMe |
The cluster runs a variety of software, from infrastructure components to user-facing applications.
| Application | Description |
|---|---|
flash-slothmore |
A bot that crawls the Berlin Service Portal to find available appointments. |
hello-from-gondor |
Simple dashboard with basic cluster metrics. |
linkwarden |
A self-hosted bookmark and link management system. |
pi-hole |
A network-wide ad blocker doubling as the LAN DNS server |
speedtest-tracker |
A tool to track internet speed over time. |
| Component | Description |
|---|---|
cert-manager |
Manages TLS certificates for the cluster. |
cloudnative-pg |
Manages PostgreSQL clusters in Kubernetes. |
ingress-nginx |
Ingress controller for external access. |
internal-dns |
An instance of external-DNS acting as a local DNS using Pi-hole as the DNS server. |
k8s-dashboard |
Kubernetes dashboard for monitoring the cluster. |
longhorn |
Distributed block storage for persistent volumes. |
metallb |
Bare-metal load balancer for Kubernetes. |
onepassword |
1Password integration for managing secrets. |
renovate |
Automated dependency updates. |
flux-system |
The GitOps operator that powers the cluster. |
gatus |
Monitoring dashboard with the status of apps. |
This project uses a custom-made Helm chart called one-chart.
This chart is designed to be flexible and reusable, and it is used to deploy all the applications that do not have a dedicated Helm chart available.
This project includes a custom Helm chart for deploying PostgreSQL clusters
using CloudNativePG, located at charts/postgresql-cluster.
The network is segmented into multiple VLANs to provide security and isolation between different types of traffic. The firewall is managed by OPNsense, which is running on a dedicated appliance.
All the nodes in the Kubernetes cluster are connected to an isolated VLAN.
metallb is used to provide LoadBalancer services for the applications.
internal-dns provides name resolution for the services in the LAN by propagating the name records to Pi-hole.
Persistent storage is provided by longhorn. longhorn is a distributed block storage system that provides persistent volumes for stateful applications.
For backups, a QNAP TS-453E NAS is used as an NFS share. Longhorn is configured to use this NFS share to back up all the persistent volumes of the cluster.
Secrets are managed using onepassword and the 1Password Connect Operator. The operator syncs secrets from a 1Password vault to Kubernetes secrets. This allows for a secure and centralized way to manage secrets.
This project would not have been possible without the amazing content produced by the homelab community. I would like to express my gratitude to the following individuals for been a great source of information and inspiration:
- Mischa Van den Burg - GitHub
- Techno Tim
- Christian Lempa
- Dave's Garage
- Jeff Geerling
- Raid Owl
- Home Network Guy
- Hardware Haven
The ease with which I was able to set up this Kubernetes cluster, compared to my first NAS build over a decade ago, is a testament to the quality of the content and the collaborative spirit of the homelab community.