This repo is tailored from my setup and hardware that is currently available/accessible which is not generally used in the Enterprise. However, the repo aims to make it seamless, high performance, and best practices on operating and maintaining.
To me, any enterprise is a HomeLab and HomeLab in a way is representative of enterprise workflows and setup. Hence the original name of this repo was TheE (The Enterprise). HomeLab is a domain that you have full control over and can try out different things to gain real experiences. Though by playing around with HomeLab, we are not expecting custom hardware to solve our problems, with the SRE hat on we are supposed to cover the whole stack with proper software/boundary/integration defined and provide a seamless experience to our users (which is yourself).
You can only sell a solution if you have already been sold to it first.
– A Random Quote, by me.
Though a side note that I am an SWE myself so my setup is mostly related to the field of Developer Experiences and on-the-go development setup with stories like:
- iPad as a development machine
- Google Colab with GPU but hosted/managed by you (a.k.a JupyterHub)
- Gitpod-like
There are many stories of how people realize that the best/fastest host is localhost... And I am here to make localhost the best 1 person enterprise.
Proxmox VE is a complete open-source platform for enterprise virtualization. With the built-in web interface you can easily manage VMs and containers, software-defined storage and networking, high-availability clustering, and multiple out-of-the-box tools on a single solution.
In actual enterprise, it would likely be VMware's vSphere or Microsoft's Hyper V. But most features are under a paywall so...
For networking, I opted for Bridge Networking. Mostly for my Windows VM to have the same network as the LAN for Steam Remote Play, Logi Options+ Flow and other tedious stuff when trying to host a media server.
List of tools:
- Terraform
- Packer
- Cloud-init
- Kubernetes (opts with K3s)
- LXC
- QEMU servers (a.k.a Proxmox VM)
- Zero-trust VPN (Tailscale)
- OpenID / OAuth2 (DexIdp + GitHub)
- OpenID / OAuth 2 alternatives (Auth0)
NOTE: For production setup of Tailscale with Kubernetes (likely involving multiple clusters with multiple environments). Tailscale should be installed on Kubernetes and leverage CoreDNS with Tailscale SplitDNS, Subnet, and using proper Exit Node to have unify IP. This is not at all because I am using free tier with only 1 subnet router...
The setup could be similar to: https://deepsource.com/blog/tailscale-at-deepsource/
For most of the internal services outside of Proxmox and DexIdp (LXC Container) have to live outside of Kubernetes. Everything else is inside Kubernetes and exposed entirely by Istio. With the help of cert-manager and external-dns we can also have similar setup that automatically publish service like a production one.