This repository contains the GitOps configuration for my personal Raspberry Pi Kubernetes clusters (k3s), consisting of a development (dev) and a production (prod) environment. Flux continuously reconciles the cluster state with the manifests stored here, ensuring a reproducible, self-healing setup.
The clusters themselves are provisioned by using sfotiadis/ansible-rpi-cluster, which installs k3s and Cilium.
.
├── clusters
│ ├── rpi-cluster-dev # Flux Kustomizations for Dev
│ └── rpi-cluster-prod # Flux Kustomizations for Prod
├── docs # Additional docs (SOPS, networking, ...)
├── helm # Custom or adapted Helm charts tailored for this cluster
├── infrastructure
│ ├── configs # Cluster level config
│ ├── controllers # Operators & controllers
│ └── observability # Monitoring & logging
└── tenants # Application layer
clusters/rpi-cluster-dev and clusters/rpi-cluster-prod reference different overlay paths under infrastructure/* and tenants/*. Patches adjust replica counts and storage classes (local-path vs nfs-rwx).
| Category | Components |
|---|---|
| Networking | MetalLB, Cilium |
| Ingress | ingress-nginx |
| Certificates | cert-manager |
| Database | CloudNativePG, MariaDB Operator |
| Object Storage | MinIO |
| Monitoring | kube-prometheus-stack, Karma |
| Logging | Loki Stack |
| GitOps | Flux controller metrics + GitHub alerts |
| Secrets/Vault | OpenBao (experimental), Kratos (WIP) |
| Storage | NFS Subdir External Provisioner (prod), Local Path Provisioner (dev) |
Sensitive data (e.g. certificates, passwords) is stored in this repository in encrypted form using SOPS. This allows secrets to be safely committed to Git while still enabling Flux to decrypt and apply them to the cluster.
This repository is a personal homelab project running on Raspberry Pi clusters. It is not intended for production use but serves as a playground for experimenting with GitOps and Kubernetes ecosystem tooling.