Kubernetes cluster

... managed using Talos, Flux and Renovate

---

📖 Overview

This repository houses the code responsible for managing my home infrastructure.

The setup is based on Talos OS. I used Talhelper to generate the initial configs. Following the cluster deployment, Flux continuously monitors this repository for changes, and Renovate is used to handle automated dependency updates.

---

Repository Structure

📁 infrastructure
└── 📁 talos
    ├── 📁 clusterconfig  # holds the talos configuration for each node
    ├── 📁 integrations   # helmfile for initial deployments
    ├── 📁 patches        # talos patches
    └── talconfig.yaml
    └── talsecret.sops.yaml
📁 k8s
├── 📁 apps           # applications
├── 📁 bootstrap      # bootstrap procedures
└── 📁 flux           # core flux configuration
📁 terraform
├── 📁 authentik
├── 📁 akeyless
├── 📁 cloudflare
└── 📁 minio

---

🔧  External Third-Party Components

These tools complement the Kubernetes infrastructure by providing essential functionality for security, automation and infrastructure management

Logo	Tool	Purpose
	Sops	A flexible tool for managing repository secrets securely.
	Pre-commit	Ensures consistency and quality of YAML and shell scripts in the repository.
	Renovate	Automates the detection of new releases and creates pull requests accordingly.
	Akeyless	A centralized platform for managing and securing certificates, credentials, and keys.
	Cloudflare	DNS management service for handling domain name resolutions.
	GMX	SMTP service provider for managing email communications.
	Terraform	IAC tool for automating the provisioning and management of outside dependencies (Akeyless, Cloudflare, etc...).

🔧 Hardware

Hardware is a combination of mini PC's and desktop computers. Worker nodes have been upgraded to have more RAM.

Devices	Count	OS Disk Size	RAM	Operating System	Purpose	Links
Bmax1-master	1	128GB	8GB	Talos v1.9.3	Kubernetes Control	Amazon Link
Soyo1-master	1	128GB	6GB	Talos v1.9.3	Kubernetes Control	AliExpress Link
Soyo2-master	1	128GB	6GB	Talos v1.9.3	Kubernetes Control	AliExpress Link
Hp-worker1	1	240GB	20GB	Talos v1.9.3	Kubernetes Worker	Amazon Link
Hp-worker2	1	240GB	28GB	Talos v1.9.3	Kubernetes Worker	Amazon Link
Hp-worker3	1	240GB	32GB	Talos v1.9.3	Kubernetes Worker	Amazon Link
Raspberry PI 4	1	3TB (2 + 1)	8GB	Pi OS	NAS - OpenMediaVault
TP-Link LS108G	1	-	-	-	Switch

---

Applications

Infrastruture Related

Logo	Name	Description
	Cert Manager	Let's Encrypt Certificates for SSL/TLS
	Cilium	CNI
	Longhorn	Distributed block storage for POD’s persistent volumes
	Minio	S3 Object storage
	External DNS	Synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
	External Secrets Operator	Used with Akeyless Platform to retrieve and push secrets
	Traefik	Reverse proxy and Ingress controller
	Tailscale Operator	Secure access to Kubernetes
	Cloudflared	Cloudflare Tunnel client
	CSI Driver NFS	Allows Kubernetes to access NFS server
	Dragonfly	Modern in-memory datastore, fully compatible with Redis and Memcached APIs
	Crowdsec	Curated Threat Intelligence. Used in conjunction with Traefik
	Authentik	Open source identity provider
	Flux CD	GitOps tool of choice

---

NAS

The backbone of my home storage infrastructure is built on a Raspberry Pi 4 running OpenMediaVault, a dedicated network-attached storage solution. The system utilizes two SSDs (2TB + 1TB) configured to store:

• Media content (books, audiobooks)
• Longhorn volume backups
• System configurations
• Docker Containers Data

The NAS hosts several essential containers:

Service	Description
Postgres	Reliable relational database for persistent data storage
PI-Hole	Network-wide ad blocking and local DNS management
Portainer	Container management and monitoring interface
TailNord	Tailscale exit node egressing over NordVPN

---

Gratitude and Thanks

Thanks to all the people who donate their time to the Home Operations Discord community. Be sure to check out kubesearch.dev for ideas on how to deploy applications or get ideas on what you may deploy.