Awesome

Raspbernetes

My Personal Kubernetes GitOps Repository

... managed with Flux, Renovate and GitHub Actions

</div> <div align="center">

</div>

🍼 Overview

This educational project is designed to provide a hands-on learning experience for mastering Kubernetes cluster configurations and best practices. The repository showcases a declarative implementation of a Kubernetes cluster, following GitOps principles that can be utilized with a variety of tools and workflows.

The main goal of this project is to demonstrate best practices for implementing enterprise-grade security, observability, and comprehensive cluster configuration management using GitOps in a Kubernetes environment, while fostering learning and growth in the Kubernetes community.

This repository leverages a range of cutting-edge open-source tools and platforms, forming a comprehensive technology stack that demonstrates the power of the CNCF ecosystem.

📖 Table of contents

🍼 Overview

📚 Documentation

📋 Requirements

In order to effectively utilize this repository, it is important to have the following tools set up in your environment.

Kubernetes cluster
Flux installed
Kustomize installed
Taskfile installed

🚀 Quick Start

Set up the necessary environment variables:

export GITHUB_TOKEN=<your-token>
export GITHUB_USER=<your-username>
export GITHUB_REPO=<your-repo>
export CLUSTER=<target-cluster>

Verify that your cluster satisfies the prerequisites:

flux check --pre

Run the bootstrap command to install Flux and deploy into the cluster:

task cluster CLUSTER_NAME=cluster-0

Note: Many variables in the cluster depend on your specific configuration and should be modified accordingly. Be sure to review and adjust these variables as needed to match your environment and requirements.

🔧 Hardware

Device	Description	Quantity	CPU	RAM	Architecture	Operating System
Protectli FW6E	Router	1	4 Cores	16GB RAM	AMD64	VyOs
Protectli VP2410	Kubernetes Control Plane	3	4 Cores	8GB RAM	AMD64	Talos Linux
Protectli FW2B	Kubernetes Node(s)	3	2 Cores	8GB RAM	AMD64	Talos Linux
Raspberry Pi 4 Model B	Kubernetes Node(s)	4	4 Cores	8GB RAM	ARM64	Talos Linux
Rock Pi 4 Model C	Kubernetes Node(s)	6	4 Cores	4GB RAM	ARM64	Talos Linux

☁️ Cloud Services

Although I manage most of my infrastructure and workloads on my own, there are specific components of my setup that rely on cloud services.

Service	Description	Cost (AUD)
Cloudflare	I use Cloudflare in my home network for DNS management and to secure my domain with Cloudflare's services.	~$69/yr
GCP	I use Google Cloud Platform (GCP) to manage backups using Google Cloud Storage (GCS) and employ GCP's OAuth for authentication.	~20/mo
GitHub	I use GitHub for code management and version control, enabling seamless collaboration in addition to OAuth for authentication	Free
NextDNS	I use NextDNS for malware protection and ad-blocking for a safer browsing experience.	~$30/yr
UptimeRobot	I use UptimeRobot to monitor my home services for uninterrupted performance.	~$84/yr
Lets Encrypt	I use Let's Encrypt to generate certificates for secure communication within my network.	Free
		Total: ~$35/mo

🖥️ Technology Stack

The below showcases the collection of open-source solutions currently implemented in the cluster. Each of these components has been meticulously documented, and their deployment is managed using FluxCD, which adheres to GitOps principles.

The Cloud Native Computing Foundation (CNCF) has played a crucial role in the development and popularization of many of these tools, driving the adoption of cloud-native technologies and enabling projects like this one to thrive.

	Name	Description
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/kubernetes/icon/color/kubernetes-icon-color.svg">	Kubernetes	An open-source system for automating deployment, scaling, and management of containerized applications
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/flux/icon/color/flux-icon-color.svg">	FluxCD	GitOps tool for deploying applications to Kubernetes
<img width="32" src="https://www.talos.dev/images/logo.svg">	Talos Linux	Talos Linux is Linux designed for Kubernetes
<img width="62" src="https://github.com/cncf/artwork/raw/main/projects/cilium/icon/color/cilium_icon-color.svg">	Cilium	Cilium is an open source, cloud native solution for providing, securing, and observing network connectivity between workloads
<img width="62" src="https://github.com/cncf/artwork/raw/main/projects/istio/icon/color/istio-icon-color.svg">	Istio	Istio extends Kubernetes to establish a programmable, application-aware network using the powerful Envoy service proxy.
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/containerd/icon/color/containerd-icon-color.svg">	containerd	Container runtime integrated with Talos Linux
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/coredns/icon/color/coredns-icon-color.svg">	CoreDNS	A DNS server that operates via chained plugins
<img width="32" src="https://metallb.universe.tf/images/logo/metallb-blue.png">	MetalLB	Load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols.
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/prometheus/icon/color/prometheus-icon-color.svg">	Prometheus	Monitoring system and time series database
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/jaeger/icon/color/jaeger-icon-color.svg">	Jaeger	Open-source, end-to-end distributed tracing for monitoring and troubleshooting transactions in complex distributed systems
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/helm/icon/color/helm-icon-color.svg">	Helm	The Kubernetes package manager
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/falco/icon/color/falco-icon-color.svg">	Falco	Container-native runtime security
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/flux/flagger/icon/color/flagger-icon-color.svg">	Flagger	Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/opa/icon/color/opa-icon-color.svg">	Open Policy Agent	An open-source, general-purpose policy engine
<img width="52" src="https://github.com/cncf/artwork/raw/main/projects/kyverno/icon/color/kyverno-icon-color.svg">	Kyverno	Kubernetes Native Policy Management
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/dex/icon/color/dex-icon-color.svg">	Dex	An identity service that uses OpenID Connect to drive authentication for other apps
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/crossplane/icon/color/crossplane-icon-color.svg">	Crossplane	Manage any infrastructure your application needs directly from Kubernetes
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/litmus/icon/color/litmus-icon-color.svg">	Litmus	Chaos engineering for your Kubernetes
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/openebs/icon/color/openebs-icon-color.svg">	OpenEBS	Container-attached storage
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/opentelemetry/icon/color/opentelemetry-icon-color.svg">	OpenTelemetry	Making robust, portable telemetry a built in feature of cloud-native software.
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/thanos/icon/color/thanos-icon-color.svg">	Thanos	Highly available Prometheus setup with long-term storage capabilities
<img width="32" src="https://github.com/cncf/artwork/raw/main/projects/cert-manager/icon/color/cert-manager-icon-color.svg">	Cert Manager	X.509 certificate management for Kubernetes
<img width="32" src="https://grafana.com/static/img/menu/grafana2.svg">	Grafana	Analytics & monitoring solution for every database.
<img width="32" src="https://github.com/grafana/loki/blob/main/docs/sources/logo.png?raw=true">	Loki	Horizontally-scalable, highly-available, multi-tenant log aggregation system
<img width="62" src="https://velero.io/img/Velero.svg">	Velero	Backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes.

🤖 Automation

This repository is automatically managed by Renovate. Renovate will keep all of the container images within this repository up to date automatically. It can also be configured to keep Helm chart dependencies up to date as well.

🤝 Acknowledgments

A special thank you to everyone in the Kubernetes @Home Discord community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic.

Also I extend heartfelt thanks to all CNCF contributors for their dedication and expertise, as their collective efforts have been vital in driving innovation and success within the cloud-native ecosystem.

For more ideas on deploying applications or discovering new possibilities, be sure to explore the Kubernetes @Home search search.

👥 Contributing

Our project welcomes contributions from any member of our community. To get started contributing, please see our Contributor Guide.

🚫 Code of Conduct

By participating in this project, you are expected to uphold the project's Code of Conduct. Please report any unacceptable behavior to the repository maintainer.

💡 Reporting Issues and Requesting Features

If you encounter any issues or would like to request new features, please create an issue on the repository's issue tracker. When reporting issues, include as much information as possible, such as error messages, logs, and steps to reproduce the issue.

Thank you for your interest in contributing to this project! Your contributions help make it better for everyone.

📄 License

This repository is Apache 2.0 licensed