This repo has been retired in favor of my new, updated home-cluster repo, https://github.com/jgilfoil/home-cluster. This repo is here just for historical purposes.
GitOps Repo for deploying my k3s cluster with k3sup backed by Flux and SOPS.
The following components are installed in this k3s cluster.
- flannel
- local-path-provisioner
- flux
- metallb
- cert-manager with Google CloudDNS DNS challenge
- traefik
- homer
- system-upgrade-controller
- velero
- rook-ceph
- plex
Already provisioned Bare metal or VMs with any modern operating system like Ubuntu, Debian or CentOS.
📍 These tools are pre-installed in a Vagrant VM, purpose built to mangage this cluster. You can find that repo here
| Tool | Purpose | Minimum version | Required |
|---|---|---|---|
| k3sup | Tool to install k3s on your nodes | 0.10.2 |
✅ |
| kubectl | Allows you to run commands against Kubernetes clusters | 1.21.0 |
✅ |
| flux | Operator that manages your k8s cluster based on your Git repository | 0.12.3 |
✅ |
| SOPS | Encrypts k8s secrets with GnuPG | 3.7.1 |
✅ |
| GnuPG | Encrypts and signs your data | 2.2.27 |
✅ |
| pinentry | Allows GnuPG to read passphrases and PIN numbers | 1.1.1 |
✅ |
| direnv | Exports env vars based on present working directory | 2.28.0 |
❌ |
| pre-commit | Runs checks during git commit |
2.12.0 |
❌ |
| kustomize | Template-free way to customize application configuration | 4.1.0 |
❌ |
| helm | Manage Kubernetes applications | 3.5.4 |
❌ |
Install pre-commit and the pre-commit hooks that come with this repository. sops-pre-commit will check to make sure you are not by accident commiting your secrets un-encrypted.
After pre-commit is installed on your machine run:
pre-commit install-hooksThe Git repository contains the following directories under cluster and are ordered below by how Flux will apply them.
- base directory is the entrypoint to Flux
- crds directory contains custom resource definitions (CRDs) that need to exist globally in your cluster before anything else exists
- core directory (depends on crds) are important infrastructure applications (grouped by namespace) that should never be pruned by Flux
- apps directory (depends on core) is where your common applications (grouped by namespace) could be placed, Flux will prune resources here if they are not tracked by Git anymore
cluster
├── apps
│ ├── default
│ ├── networking
│ └── system-upgrade
├── base
│ └── flux-system
├── core
│ ├── cert-manager
│ ├── metallb-system
│ ├── namespaces
│ └── system-upgrade
└── crds
└── cert-manager
See full documentation under docs
Big shout out to the K8s@Home team for the majority of the work that went into this cluster's bootstrap and their continuied maintenance of much of the underlying charts and images that underpin it's services.