Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


A homelab running Kubernetes with k3s. Automated provisioning with Ansible.


  • Remote user is assumed to be mark.
  • Remote sudo password is retrieved from keychain on ansible controller. A single sudo password is assumed for all remote hosts.
  • DNS is assumed to be managed by CloudFlare nameservers. CloudFlare is used for public DNS entries (for internal, LAN IP addresses) and for dns-01 challenges for LetsEncrypt.

Provisioning a new machine

  1. Install ubuntu server edition on the new machine.
    • A mark user should be created in the sudo group.
    • The sudo password should be the same as what is set in keyring get ansible-sudo mark on the ansible controller. A machine may also use a custom sudo password, in which case, the sudo password should be set to keyring get <system-name> mark.
  2. Enable SSH password authentication
  3. Note the IP address of the new host. This can be done with nmap if necessary:
nmap -p 22
  1. Add the new host's IP address to a group in inventory/homelab/hosts.ini. If adding a new k8s node (not a master), it should be added under the [node] section. Note that this file is not checked into version control.

  2. Install ansible dependencies:

ansible-galaxy install -r requirements.yml
  1. Bootstrap the node. Note that this will add an SSH key and disable SSH password authentication, making -k unnecessary in any subsequent call:
ansible-playbook site.yml -k

Building a homelab from scratch

This playbook used k3s-io/k3s-ansible as a starting point. To create a cluster from scratch, one must create inventory files, which are not version controlled in this repo.

So to create a cluster from scratch:

  1. Clone this repository
  2. Copy the inventory/sample directory from k3s-io/k3s-ansible as inventory/homelab in this repo.
  3. Set the remote sudo password in the ansible controller's keychain:
keyring set ansible-sudo mark

For custom sudo passwords, set keyring set <system-name> mark and ensure that ansible_become_pass is set correctly in host_vars/<system-name>.yml, e.g.

ansible_become_pass: "{{ lookup('keyring', 'some-system-name mark') | d(omit) }}"
  1. Follow the instructions from Provisioning a new machine.
  2. After setting up the k8s master, you might want to copy over its kube config so that you can use kubectl from the ansible controller:
scp mark@<master-ip>:~/.kube/config ~/.kube/config

Note: Additional variables are needed in inventory/homelab/group_vars/all.yml than what are stubbed out from k3s-io/k3s-ansible. At some point, I'll make this reproducible. For now, ansible will error out when it reaches an undefined variable. You should take that variable and define it in group_vars.


A homelab running Kubernetes with k3s. TLS with LetsEncrypt and remote access with Tailscale. Automated with Ansible.







No releases published


No packages published