kubernetes-homelab
A repository to keep resources and configuration files used with my Kubernetes homelab.
Content of the Repository
alertmanager
- configuration files to deploy Alertmanager.ansible
- Ansible playbooks to deploy Kubernetes homelab.calico
- configuration files to deploy Calico CNI.charts
- Helm charts.dashboard
- configuration files to deploy Kubernetes dashboard.docs
- images and documentation files.grafana
- configuration files to deploy Grafana.httpd-healthcheck
- configuration files deploy a simple httpd healthcheck for Istio ingressgateway.istio
- configuration files to deploy Istio.istio-addons
- configuration files to deploy Istio add-ons (e.g. Kiali).kube-state-metrics
- configuration files to deploy kube-state-metrics.metallb
- configuration files to deploy MetalLB.mikrotik-exporter
- configuration files to deploy a Prometheus exporter for Mikrotik devices.pii-demo
- a demo PII application based on Apache, PHP and MySQL to test Istio's mTLS.pii-demo-blue-green
- a demo PII application based that uses blue/green deployment.prometheus
- configuration files to deploy Prometheus monitoring.pxe
- configuration files for PXE boot and Kickstart.regcred
- docker registry credentials.terraform
- configuration files to manage Kubernetes with Terraform.truenas-nfs
- configuration files to deploy democratic-csi with TrueNAS NFS.
Pre-requisites
A TrueNAS NFS server is required to create persistent volumes claims using democratic-csi
.
Deployment
Ansible-defined Kubernetes Homelab
See ansible/README.md
.
Manage Kubernetes Homelab with Terraform
See terraform/README.md
.
Kubernetes Resources
Create a monitoring namespace:
$ kubectl apply -f ./monitoring-ns-istio-injection-enabled.yml
kube-state-metrics
Deploy kube-state-metrics
:
$ kubectl apply -f ./kube-state-metrics
Prometheus
Deploy prometheus
:
$ kubectl apply -f ./prometheus
Grafana
Deploy grafana
:
$ kubectl apply -f ./grafana
Alertmanager
Alertmanager uses the Incoming Webhooks feature of Slack, therefore you need to set it up if you want to receive Slack alerts.
Update the config map alertmanager/alertmanager-config-map.yml
and specify your incoming webhook URL. Deploy alertmanager
:
$ kubectl apply -f ./alertmanager
Mikrotik-exporter
Update the secret file mikrotik-exporter/mikrotik-exporter-secret.yml
and specify your password for the Mikrotik API user. Deploy mikrotik-exporter
:
$ kubectl apply -f ./mikrotik-exporter
X509 Certificate Exporter
Deploy the Helm chart:
$ helm upgrade --install x509-certificate-exporter \
./charts/x509-certificate-exporter/ \
--namespace monitoring \
--debug
MetalLB
Update the config map metallb/metallb-config-map.yml
and specify the IP address range. Deploy MetalLB network load-balancer:
$ kubectl apply -f ./metallb
Install Istio
The Istio namespace must be created manually.
$ kubectl create ns istio-system
The kubectl apply
command may show transient errors due to resources not being available in the cluster in the correct order. If that happens, simply run the command again.
kubectl apply -f ./istio/istio-kubernetes.yml
Install httpd-healthcheck:
$ kubectl apply -f ./httpd-healthcheck
Install Istio Addons - Prometheus
$ kubectl apply -f istio-addons/prometheus
Install Istio Addons - Kiali
$ kubectl apply -f istio-addons/kiali
Create a Homelab ROOT CA
Create your own Certificate Authority (CA) for homelab environment. Run the following a CentOS 7 server:
$ vim /etc/pki/tls/certs/make-dummy-cert
$ openssl req -newkey rsa:2048 -keyout homelab-ca.key -nodes -x509 -days 3650 -out homelab-ca.crt
Create a Kubernetes Wildcard Cert Signed by the ROOT CA
$ DOMAIN=wildcard.apps.hl.test
$ openssl genrsa -out "${DOMAIN}".key 2048 && chmod 0600 "${DOMAIN}".key
$ openssl req -new -sha256 -key "${DOMAIN}".key -out "${DOMAIN}".csr
$ openssl x509 -req -in "${DOMAIN}".csr -CA homelab-ca.crt -CAkey homelab-ca.key -CAcreateserial -out "${DOMAIN}".crt -days 1825 -sha256
Blog Posts
- Install and Configure a Multi-Master HA Kubernetes Cluster with kubeadm, HAProxy and Keepalived on CentOS 7
- Install Kubernetes Dashboard
- Install Kube State Metrics on Kubernetes
- Install and Configure Prometheus Monitoring on Kubernetes
- Install and Configure Grafana on Kubernetes
- Install and Configure Alertmanager with Slack Integration on Kubernetes
- Monitor Etcd Cluster with Grafana and Prometheus
- Monitor Bind DNS Server with Grafana and Prometheus (bind_exporter)
- Monitor HAProxy with Grafana and Prometheus (haproxy_exporter)
- Monitor Linux Servers with Grafana and Prometheus (node_exporter)
- Monitor Mikrotik Router with Grafana and Prometheus (mikrotik-exporter)
- Upgrading Homelab Kubernetes Cluster from 1.19 to 1.20
- Upgrading Homelab Kubernetes Cluster from 1.20 to 1.21
- Install MetalLB and Istio Ingress Gateway with Mutual TLS for Kubernetes
- Moving to TrueNAS and Democratic CSI for Kubernetes Persistent Storage
- Configure PXE Boot Server for Rocky Linux 8 Kickstart Installation
- Migrating HA Kubernetes Cluster from CentOS 7 to Rocky Linux 8
Homelab Network Diagram
Average Kubernetes Homelab Power Consumption
~80W
Monthly, my homelab costs (((80W * 24h) / 1000) * £0.16/kWh * 365days) / 12months = £9.34 (~13$).