maksim-se/kubernetes-homelab

Building a Kubernetes homelab

kubernetes-homelab

A repository to keep resources and configuration files used with my Kubernetes homelab.

Content of the Repository

• alertmanager - configuration files to deploy Alertmanager.
• ansible - Ansible playbooks to deploy Kubernetes homelab.
• calico - configuration files to deploy Calico CNI.
• charts - Helm charts.
• dashboard - configuration files to deploy Kubernetes dashboard.
• docs - images and documentation files.
• grafana - configuration files to deploy Grafana.
• httpd-healthcheck - configuration files deploy a simple httpd healthcheck for Istio ingressgateway.
• istio - configuration files to deploy Istio.
• istio-addons - configuration files to deploy Istio add-ons (e.g. Kiali).
• kube-state-metrics - configuration files to deploy kube-state-metrics.
• metallb - configuration files to deploy MetalLB.
• mikrotik-exporter - configuration files to deploy a Prometheus exporter for Mikrotik devices.
• pii-demo - a demo PII application based on Apache, PHP and MySQL to test Istio's mTLS.
• pii-demo-blue-green - a demo PII application based that uses blue/green deployment.
• prometheus - configuration files to deploy Prometheus monitoring.
• pxe - configuration files for PXE boot and Kickstart.
• regcred - docker registry credentials.
• terraform - configuration files to manage Kubernetes with Terraform.
• truenas-nfs - configuration files to deploy democratic-csi with TrueNAS NFS.

Pre-requisites

A TrueNAS NFS server is required to create persistent volumes claims using democratic-csi.

Deployment

Ansible-defined Kubernetes Homelab

See ansible/README.md.

Manage Kubernetes Homelab with Terraform

See terraform/README.md.

Kubernetes Resources

Create a monitoring namespace:

$ kubectl apply -f ./monitoring-ns-istio-injection-enabled.yml

kube-state-metrics

Deploy kube-state-metrics:

$ kubectl apply -f ./kube-state-metrics

Prometheus

Deploy prometheus:

$ kubectl apply -f ./prometheus

Grafana

Deploy grafana:

$ kubectl apply -f ./grafana

Alertmanager

Alertmanager uses the Incoming Webhooks feature of Slack, therefore you need to set it up if you want to receive Slack alerts.

Update the config map alertmanager/alertmanager-config-map.yml and specify your incoming webhook URL. Deploy alertmanager:

$ kubectl apply -f ./alertmanager

Mikrotik-exporter

Update the secret file mikrotik-exporter/mikrotik-exporter-secret.yml and specify your password for the Mikrotik API user. Deploy mikrotik-exporter:

$ kubectl apply -f ./mikrotik-exporter

X509 Certificate Exporter

Deploy the Helm chart:

$ helm upgrade --install x509-certificate-exporter \
  ./charts/x509-certificate-exporter/ \
  --namespace monitoring \
  --debug

MetalLB

Update the config map metallb/metallb-config-map.yml and specify the IP address range. Deploy MetalLB network load-balancer:

$ kubectl apply -f ./metallb

Install Istio

The Istio namespace must be created manually.

$ kubectl create ns istio-system

The kubectl apply command may show transient errors due to resources not being available in the cluster in the correct order. If that happens, simply run the command again.

kubectl apply -f ./istio/istio-kubernetes.yml

Install httpd-healthcheck:

$ kubectl apply -f ./httpd-healthcheck

Install Istio Addons - Prometheus

$ kubectl apply -f istio-addons/prometheus

Install Istio Addons - Kiali

$ kubectl apply -f istio-addons/kiali

Create a Homelab ROOT CA

Create your own Certificate Authority (CA) for homelab environment. Run the following a CentOS 7 server:

$ vim /etc/pki/tls/certs/make-dummy-cert
$ openssl req -newkey rsa:2048 -keyout homelab-ca.key -nodes -x509 -days 3650 -out homelab-ca.crt

Create a Kubernetes Wildcard Cert Signed by the ROOT CA

$ DOMAIN=wildcard.apps.hl.test
$ openssl genrsa -out "${DOMAIN}".key 2048 && chmod 0600 "${DOMAIN}".key
$ openssl req -new -sha256 -key "${DOMAIN}".key -out "${DOMAIN}".csr
$ openssl x509 -req -in "${DOMAIN}".csr -CA homelab-ca.crt -CAkey homelab-ca.key -CAcreateserial -out "${DOMAIN}".crt -days 1825 -sha256

Blog Posts

• Install and Configure a Multi-Master HA Kubernetes Cluster with kubeadm, HAProxy and Keepalived on CentOS 7
• Install Kubernetes Dashboard
• Install Kube State Metrics on Kubernetes
• Install and Configure Prometheus Monitoring on Kubernetes
• Install and Configure Grafana on Kubernetes
• Install and Configure Alertmanager with Slack Integration on Kubernetes
• Monitor Etcd Cluster with Grafana and Prometheus
• Monitor Bind DNS Server with Grafana and Prometheus (bind_exporter)
• Monitor HAProxy with Grafana and Prometheus (haproxy_exporter)
• Monitor Linux Servers with Grafana and Prometheus (node_exporter)
• Monitor Mikrotik Router with Grafana and Prometheus (mikrotik-exporter)
• Upgrading Homelab Kubernetes Cluster from 1.19 to 1.20
• Upgrading Homelab Kubernetes Cluster from 1.20 to 1.21
• Install MetalLB and Istio Ingress Gateway with Mutual TLS for Kubernetes
• Moving to TrueNAS and Democratic CSI for Kubernetes Persistent Storage
• Configure PXE Boot Server for Rocky Linux 8 Kickstart Installation
• Migrating HA Kubernetes Cluster from CentOS 7 to Rocky Linux 8

Homelab Network Diagram

Average Kubernetes Homelab Power Consumption

~80W

Monthly, my homelab costs (((80W * 24h) / 1000) * £0.16/kWh * 365days) / 12months = £9.34 (~13$).