This repository contains my entire Kubernetes cluster setup built on K3s and managed by Flux v2.
Secrets are encrypted and managed with SOPS.
For initial deploy see this manuals:
Flux watches my cluster folder (see Repository Structure below) and makes the changes to my cluster based on the YAML manifests.
Renovate is a very useful tool that when configured will start to create PRs in your GitHub repository when Docker images, Helm charts or anything else that can be tracked has a newer version. The configuration for Renovate is located here
There are also a couple GitHub workflows included in this repository that will help automate some processes. See here fore more information.
This Git Repository contains the following directories and are ordered below by how Flux will apply them:
- cluster/flux directory is where Flux deployments are located
- cluster/crds directory contains CustomResourceDefinitions that need to exist before anything else
- cluster/apps directory (depends on crds) is where common applications are located
- cluster/networkpolicies directory (depends on cilium) contains network policies
These directories are not tracked by Flux but are useful nonetheless:
- .github directory contains GitHub related files
- .taskfiles directory contains go-taks related files
- hack directory contains useful scrips
Over WAN, I have port forwarded ports 80 and 443 to the load balancer IP of my ingress controller that's running in my Kubernetes cluster.
Cloudflare works as a proxy to hide my homes WAN IP and also as a firewall. Cilium blocks all IPs not originating from the Cloudflares list of IP ranges, except the local network range ${LAN_NETWORK_RANGE_V4}.
For internal DNS i use the built-in dnsmasq of pihole deployed on a raspberry pi.
For adblocking, I have pihole deployed on a raspberry pi.
cloudflare-operator is deployed in my cluster and ingresses with the annotation cloudflare-operator.io/type=CNAME and cloudflare-operator.io/content=${BASE_DOMAIN} will be synced with Cloudflare.
cloudflare-operator syncs also my external IPv4 address with Cloudflare.
Huge thanks to the community at k8s@home for the awesome templates and the Kubernetes at home logo!