This is a repository for my Kubernetes cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using tools like Kubernetes, Flux, Renovate, and GitHub Actions.
- actions-runner-controller: Self-hosted GitHub runners for CI/CD workflows.
- cert-manager: Automated SSL certificate management and provisioning.
- cilium: High-performance container networking powered by eBPF.
- cloudflared: Secure tunnel providing Cloudflare-protected access to cluster services.
- envoy-gateway: Modern ingress controller for cluster traffic management.
- external-dns: Automated DNS record synchronization for ingress resources.
- external-secrets: Kubernetes secrets management integrated with 1Password Connect.
Flux watches my kubernetes folder (see Directories below) and makes the changes to my clusters based on the state of my Git repository.
The way Flux works for me here is it will recursively search the kubernetes/apps folder until it finds the most top level kustomization.yaml per directory and then apply all the resources listed in it. That aforementioned kustomization.yaml will generally only have a namespace resource and one or many Flux kustomizations (install.yaml). Under the control of those Flux kustomizations there will be a HelmRelease or other resources related to the application which will be applied.
Renovate monitors my entire repository for dependency updates, automatically creating a PR when updates are found. When some PRs are merged Flux applies the changes to my cluster.
This Git repository contains the following directories under kubernetes.
📁 kubernetes # Kubernetes cluster defined as code
├─📁 apps # Apps deployed into my cluster grouped by namespace (see below)
├─📁 components # Re-usable kustomize components
└─📁 flux # Flux system configuration| Device | Num | OS Disk Size | Data Disk Size | Ram | OS | Function |
|---|---|---|---|---|---|---|
| Beelink EQi12 | 1 | 500GB SSD | 1TB (local) | 32GB | Talos | Kubernetes |
| UNAS 2 | 1 | - | 2x2TB ZFS (mirrored vdevs) | 4GB | - | NFS + Backup Server |
| Express 7 | 1 | - | - | - | - | Router |
| Flex Mini | 1 | - | - | - | - | 1Gb Switch |