This is a mono repository for @paulfantom home infrastructure and Kubernetes cluster. Project utilizes Infrastructure as Code to automate provisioning, operating, and updating self-hosted services.
Cluster is k3s provisioned on bare-metal Ubuntu 20.04 using a modified version of Ansible role provided by k3s project.
🔸 Click here to see my Ansible playbooks and roles.
| Logo | Name | Description |
|---|---|---|
 |
Ansible | Automate bare metal provisioning and configuration |
 |
Flux | GitOps tool built to deploy applications to Kubernetes |
 |
cert-manager | Cloud native certificate management |
 |
Cloudflare | DNS |
 |
Grafana | Operational dashboards |
 |
Prometheus | Infrastructure monitoring |
 |
Parca | Continuous profiling |
 |
Jsonnet | Data templating language |
 |
K3s | Lightweight distribution of Kubernetes |
 |
Kubernetes | Container-orchestration system, the backbone of this project |
 |
Loki | Log aggregation system |
 |
MetalLB | Bare metal load-balancer for Kubernetes |
 |
NGINX | Kubernetes Ingress Controller |
|
Prometheus | Systems monitoring and alerting toolkit |
 |
Ubuntu | Base OS for Kubernetes nodes |
 |
GitHub Actions | CI system |
| SealedSecrets | Secrets and encryption management system | |
 |
kured | Kubernetes Reboot Daemon |
Flux watches manifests/ subdirectories in base and apps top-level directories and makes changes based on YAML manifests. Where possible YAML manifests are generated from jsonnet code.
Over WAN, I have port forwarded ports 80 and 443 to the load balancer IP of my ingress controller that's running in my Kubernetes cluster.
CoreDNS is deployed in a cluster and provides an internal resolution of ingress addresses as well as a proxy to NextDNS used for AdBlocking.
My home IP can change at any given time and in order to keep my WAN IP address up to date on Cloudflare I have configured DDNS on Unifi Dream Machine Pro.
QNAP NAS TS-431DeU is used to manage NFS shares and backup them to B2 cloud using HBS.
| Device | Count | RAM | Storage | Connectivity | Purpose |
|---|---|---|---|---|---|
| Unifi Dream Machine Pro | 1 | N/A | N/A | 8x GbE + 2xSFP+ | Router/NVR |
| Unifi US-16-PoE switch | 1 | N/A | N/A | 16x GbE + 2xSFP | Main Switch |
| QNAP TS-431DeU | 1 | 16GB | 2x240NVMe RAID1 + 4x3TB RAID5 | 2x 2.5GbE LACP | NAS |
| Raspberry Pi 4B | 3 | 4GB | 64GB SSD + 32GB SD Card | 1x GbE | K8S Node |
| Raspberry Pi 3B+ | 2 | 1GB | 16GB SD Card | 1x GbE | K8S Node |
| Custom-built Server | 1 | 64GB | 240NVMe + 1TB SSD | 2x GbE LACP + 1GbE | K8S Node w/GPU |
Project status: Alpha
- Common applications: Plex, Nextcloud, HomeAssistant, Ghost...
- Automated Kubernetes installation and management
- Monitoring and alerting
- Modular architecture, easy to add or remove features/components
- Automated certificate management
- Installing and managing applications using GitOps
- CI/CD platform
- Automatically update DNS records for exposed services 🚧
- Distributed storage 🚧
- Automated bare metal provisioning with PXE boot 🚧
- Support multiple environments (dev, stag, prod) 🚧
- Automated offsite backups 🚧
- Single sign-on 🚧
Any contributions you make, either big or small, are greatly appreciated.
If you find any security issue please ping me using one of following contact mediums:
- twitter DM (@paulfantom)
- kubernetes slack (@paulfantom)
- freenode IRC (@paulfantom)
- email (paulfantom+security@gmail.com)
Distributed under the MIT License. See LICENSE for more information.