This is the repository I use to version control my kubernetes clusters I deploy and maintain at home. I currently use Talos to provide a secure, minimal and immutable environment for Kubernetes. Previous iterations of this repository relied on Debian-based Operating Systems which can lead unwanted changes in the base system.
Thanks to onedr0p, there is the cluster template that allows you to easily get started with your own kubernetes cluster at home. You don't need to have multiple computers or a fancy setup to get one working.
If you're interested, you can also join the community Discord: Home Operations. Several people are involved daily and it makes for some interesting conversations.
This repository uses the following layout for Kubernetes.
📁 kubernetes
└── 📁 {cluster}
├── 📁 apps # Per-cluster application-specific configurations.
├── 📁 bootstrap # Flux & Talos configurations for setting up the cluster.
├── 📁 flux # Flux configuration, application repositories and more.
├── 📝 kubeconfig # Kubernetes Certificate
└── 📝 talosconfig # Talos CertificateWhile most of my infrastructure and workloads are self-hosted I do rely upon the cloud for certain key parts of my setup. This saves me from having to worry about two things. (1) Dealing with chicken/egg scenarios and (2) services I critically need whether my cluster is online or not.
| Service | Use | Cost |
|---|---|---|
| 1Password | Secrets with External Secrets | ~$55/yr |
| Cloudflare | Domains, Workers, Pages, and R2 | ~$30/yr |
| Backblaze B2 | Backups | $0.50/m |
| GCP | Voice interactions with Home Assistant over Google Assistant | Free |
| GitHub | Hosting this repository and continuous integration/deployments | Free |
| Let's Encrypt | Issuing SSL Certificates with Cert Manager | Free |
| Migadu | Email Hosting | ~$20/yr |
| Pushover | Kubernetes Alerts and application notifications | Free |
| UniFi Site Manager | UniFi External Access Management | Free |
| Total: ~$10/mo |
flowchart LR
A[["#quot;The Internet#quot;"]] -- 2Gbps ↓ 350Mbps ↑ --> B("UDM Pro Max");
B -- 10Gbps ↕ --> C("USW Pro Max 16")
C -- 10Gbps ↕ --> D["1x MS-01 Main (Talos)"]
C -- 10Gbps ↕ --> E["1x Storage (TrueNAS)"]
C -- 1Gbps ↕ --> F["4x Raspian (Talos)"]
| Name | VLAN | Description |
|---|---|---|
| Management | 1 | Servers + Network Management |
| Devices | 2 | Wireless Devices and Workstations |
| IoT | 3 | Small devices that could be compromised, so they don't get to talk to each other. |
| Services | 4 | No DHCP, Simply a network for Cluster BGP |
| "I Don't Trust You" | 86 | Non-affiliated organization issued devices (school or work devices) |
UniFi released a new feature update with UniFi routers that allow you to create custom dns records to be served to the whole network. I wrote External DNS Unifi Webhook to allow External DNS to gather service and ingress hosts from my clusters and deploy the records to my routers local dns server without any extra local resolvers or moving parts.
Click to see the rack!
Updated 05/25/2024
| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |
|---|---|---|---|---|---|---|
| UDM Pro | 1 | - | - | - | UniFi OS | Router |
| USW 16 Pro Max | 1 | - | - | - | UniFi OS | Switching |
| U6-LR | 1 | - | - | - | - | Office AP |
| UAP-AC-Pro | 1 | - | - | - | - | Dining Room AP |
| USP-PDU-Pro | 1 | - | - | - | - | Rack PDU |
| Raspberry Pi 4 | 3 | 256GB SSD | - | 8GB | Talos | Raspberry Cluster |
| Raspberry Pi 5 | 1 | 128GB SSD | - | 8GB | Soon™ (Talos) | Raspberry Cluster |
| MS-01 | 1 | 1TB NVMe | 2x1TB NVMe | 32GB | Talos | Main Cluster |
| Fran | 1 | 2x1TB SSD | 5x8TB (raidz2) | 64GB | Debian | Storage Cluster |
| JetKVM | 1 | 16GB (Flash) | - | - | JetKVM | Network KVM |
| APC Back-Ups 1500 | 1 | - | - | - | - | UPS |
Thanks to all the people who donate their time to the Home Operations community.
Special thanks to: ᗪєνιη ᗷυнʟ, Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs, and Toboshii Nakama for their assistance.
Check out kubesearch.dev to see what other users are running in their kubernetes home labs!