A home Kubernetes cluster :sailboat

... managed with Flux and Renovate 🤖

---

📖  Overview

This is my home Kubernetes cluster. Flux watches this Git repository and makes the changes to my cluster based on the manifests in the cluster directory. Renovate also watches this Git repository and creates pull requests when it finds updates to Docker images, Helm charts, and other dependencies.

For more information, head on over to my docs. I have nested README files that should be visible as you browse the repo.

My Gitlab has more of my projects

Useful Snippets

List of container images in use cluster-wide

kubectl get pods --all-namespaces -o go-template --template="{{range .items}}{{range .spec.containers}}{{.image}} {{end}}{{end}}" | sed 's/ /\n/g' | uniq > ./container_images_in_use.txt

List of container images in use that have arm64 images available (grep -q --> grep -vq for inversion)

kubectl get po -A -o yaml | grep 'image:' | cut -f2- -d':' | sed 's/^[[:space:]]*//g' | grep '/' | sort -u | xargs -I{} bash -c "docker manifest inspect {} | grep -q arm64 && echo {}" > ./container_images_with_arm64.txt

Snippet for nodeAffinity for non-ARM pods

affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "kubernetes.io/arch" operator: In values: - amd64 - i386 - i686 - x86

If using a node-taint for arm nodes[1], this will allow toleration

`tolerations:

• key: "arch" operator: "Equal" value: "arm64" effect: "NoSchedule"`

[1]While Bootstrapping: --kubelet-extra-args --register-with-taints="kubernetes.io/arch=arm64:NoSchedule" Else: kubectl taint no k8s-0 kubernetes.io/arch=arm64:NoSchedule

Other useful snippets: kubectl label node k8s-0 node-role.kubernetes.io/worker=true

kubectl apply --kustomize=./cluster/base/flux-system

cat ~/.config/sops/age/keys.txt | kubectl -n flux-system create secret generic sops-age --from-file=age.agekey=/dev/stdin

kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f -

kubectl get secret db-user-pass -o json | jq '.data | map_values(@base64d)'

Loki snippets. If you know you know.

{app="traefik"} | json message_extracted="message" |  line_format "{{.message_extracted}}" | json | DownstreamStatus!=`200`

{app="authentik"} | json message_extracted="message"| line_format "{{.message_extracted}}" | json level="level",timestamp="timestamp",event="event" | level=`error`

kubectl get namespace "monitoring" -o json | tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" | kubectl replace --raw /api/v1/namespaces/monitoring/finalize -f -

Publicly available DoH server lists

https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers

https://cln.io/blog/combined-list-of-dns-servers/

https://github.com/Sekhan/TheGreatWall

https://github.com/crypt0rr/public-doh-servers/tree/main

🤝  Community

Thanks to all the people who donate their time to the Kubernetes @Home community.