Awesome
<div align="center"> <img src="./docs/assets/raspbernetes.png" alt="Raspbernetes">Raspbernetes
My Personal Kubernetes GitOps Repository
... managed with Flux, Renovate and GitHub Actions
</div> <div align="center">
🍼 Overview
This educational project is designed to provide a hands-on learning experience for mastering Kubernetes cluster configurations and best practices. The repository showcases a declarative implementation of a Kubernetes cluster, following GitOps principles that can be utilized with a variety of tools and workflows.
The main goal of this project is to demonstrate best practices for implementing enterprise-grade security, observability, and comprehensive cluster configuration management using GitOps in a Kubernetes environment, while fostering learning and growth in the Kubernetes community.
This repository leverages a range of cutting-edge open-source tools and platforms, forming a comprehensive technology stack that demonstrates the power of the CNCF ecosystem.
📖 Table of contents
📚 Documentation
📋 Requirements
In order to effectively utilize this repository, it is important to have the following tools set up in your environment.
- Kubernetes cluster
- Flux installed
- Kustomize installed
- Taskfile installed
🚀 Quick Start
- Set up the necessary environment variables:
export GITHUB_TOKEN=<your-token>
export GITHUB_USER=<your-username>
export GITHUB_REPO=<your-repo>
export CLUSTER=<target-cluster>
- Verify that your cluster satisfies the prerequisites:
flux check --pre
- Run the bootstrap command to install Flux and deploy into the cluster:
task cluster CLUSTER_NAME=cluster-0
Note: Many variables in the cluster depend on your specific configuration and should be modified accordingly. Be sure to review and adjust these variables as needed to match your environment and requirements.
🔧 Hardware
| Device | Description | Quantity | CPU | RAM | Architecture | Operating System | Notes |
|---|---|---|---|---|---|---|---|
| Protectli FW6E | Router | 1 | 4 Cores | 16GB RAM | AMD64 | VyOs | |
| Protectli VP2410 | Kubernetes Control Plane | 3 | 4 Cores | 8GB RAM | AMD64 | Talos Linux | |
| Protectli FW2B | Kubernetes Node(s) | 3 | 2 Cores | 8GB RAM | AMD64 | Talos Linux | |
| Raspberry Pi 4 Model B | Kubernetes Node(s) | 4 | 4 Cores | 8GB RAM | ARM64 | Talos Linux | |
| Rock Pi 4 Model C | Kubernetes Node(s) | 6 | 4 Cores | 4GB RAM | ARM64 | Talos Linux |
☁️ Cloud Services
Although I manage most of my infrastructure and workloads on my own, there are specific components of my setup that rely on cloud services.
| Service | Description | Cost (AUD) |
|---|---|---|
| Cloudflare | I use Cloudflare in my home network for DNS management and to secure my domain with Cloudflare's services. | ~$69/yr |
| GCP | I use Google Cloud Platform (GCP) to manage backups using Google Cloud Storage (GCS) and employ GCP's OAuth for authentication. | ~20/mo |
| GitHub | I use GitHub for code management and version control, enabling seamless collaboration in addition to OAuth for authentication | Free |
| NextDNS | I use NextDNS for malware protection and ad-blocking for a safer browsing experience. | ~$30/yr |
| UptimeRobot | I use UptimeRobot to monitor my home services for uninterrupted performance. | ~$84/yr |
| Lets Encrypt | I use Let's Encrypt to generate certificates for secure communication within my network. | Free |
| Total: ~$35/mo |
🖥️ Technology Stack
The below showcases the collection of open-source solutions currently implemented in the cluster. Each of these components has been meticulously documented, and their deployment is managed using FluxCD, which adheres to GitOps principles.
The Cloud Native Computing Foundation (CNCF) has played a crucial role in the development and popularization of many of these tools, driving the adoption of cloud-native technologies and enabling projects like this one to thrive.
| Name | Description | |
|---|---|---|
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/kubernetes/icon/color/kubernetes-icon-color.svg"> | Kubernetes | An open-source system for automating deployment, scaling, and management of containerized applications |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/flux/icon/color/flux-icon-color.svg"> | FluxCD | GitOps tool for deploying applications to Kubernetes |
| <img width="32" src="https://www.talos.dev/images/logo.svg"> | Talos Linux | Talos Linux is Linux designed for Kubernetes |
| <img width="62" src="https://github.com/cncf/artwork/raw/main/projects/cilium/icon/color/cilium_icon-color.svg"> | Cilium | GitOps tool for deploying applications to Kubernetes |
| <img width="62" src="https://github.com/cncf/artwork/raw/main/projects/istio/icon/color/istio-icon-color.svg"> | Istio | Istio extends Kubernetes to establish a programmable, application-aware network using the powerful Envoy service proxy. |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/containerd/icon/color/containerd-icon-color.svg"> | containerd | Container runtime integrated with Talos Linux |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/coredns/icon/color/coredns-icon-color.svg"> | CoreDNS | A DNS server that operates via chained plugins |
| <img width="32" src="https://metallb.universe.tf/images/logo/metallb-blue.png"> | MetalLB | Load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols. |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/prometheus/icon/color/prometheus-icon-color.svg"> | Prometheus | Monitoring system and time series database |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/jaeger/icon/color/jaeger-icon-color.svg"> | Jaeger | Open-source, end-to-end distributed tracing for monitoring and troubleshooting transactions in complex distributed systems |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/helm/icon/color/helm-icon-color.svg"> | Helm | The Kubernetes package manager |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/falco/icon/color/falco-icon-color.svg"> | Falco | Container-native runtime security |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/flux/flagger/icon/color/flagger-icon-color.svg"> | Flagger | Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments) |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/opa/icon/color/opa-icon-color.svg"> | Open Policy Agent | An open-source, general-purpose policy engine |
| <img width="52" src="https://github.com/cncf/artwork/raw/main/projects/kyverno/icon/color/kyverno-icon-color.svg"> | Kyverno | Kubernetes Native Policy Management |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/dex/icon/color/dex-icon-color.svg"> | Dex | An identity service that uses OpenID Connect to drive authentication for other apps |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/crossplane/icon/color/crossplane-icon-color.svg"> | Crossplane | Manage any infrastructure your application needs directly from Kubernetes |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/litmus/icon/color/litmus-icon-color.svg"> | Litmus | Chaos engineering for your Kubernetes |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/openebs/icon/color/openebs-icon-color.svg"> | OpenEBS | Container-attached storage |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/opentelemetry/icon/color/opentelemetry-icon-color.svg"> | OpenTelemetry | Making robust, portable telemetry a built in feature of cloud-native software. |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/thanos/icon/color/thanos-icon-color.svg"> | Thanos | Highly available Prometheus setup with long-term storage capabilities |
| <img width="32" src="https://github.com/cncf/artwork/raw/main/projects/cert-manager/icon/color/cert-manager-icon-color.svg"> | Cert Manager | X.509 certificate management for Kubernetes |
| <img width="32" src="https://grafana.com/static/img/menu/grafana2.svg"> | Grafana | Analytics & monitoring solution for every database. |
| <img width="32" src="https://github.com/grafana/loki/blob/main/docs/sources/logo.png?raw=true"> | Loki | Horizontally-scalable, highly-available, multi-tenant log aggregation system |
| <img width="62" src="https://velero.io/img/Velero.svg"> | Velero | Backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes. |
🤖 Automation
This repository is automatically managed by Renovate. Renovate will keep all of the container images within this repository up to date automatically. It can also be configured to keep Helm chart dependencies up to date as well.
🤝 Acknowledgments
A special thank you to everyone in the Kubernetes @Home Discord community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic.
Also I extend heartfelt thanks to all CNCF contributors for their dedication and expertise, as their collective efforts have been vital in driving innovation and success within the cloud-native ecosystem.
For more ideas on deploying applications or discovering new possibilities, be sure to explore the Kubernetes @Home search search.
👥 Contributing
Our project welcomes contributions from any member of our community. To get started contributing, please see our Contributor Guide.
🚫 Code of Conduct
By participating in this project, you are expected to uphold the project's Code of Conduct. Please report any unacceptable behavior to the repository maintainer.
💡 Reporting Issues and Requesting Features
If you encounter any issues or would like to request new features, please create an issue on the repository's issue tracker. When reporting issues, include as much information as possible, such as error messages, logs, and steps to reproduce the issue.
Thank you for your interest in contributing to this project! Your contributions help make it better for everyone.
📄 License
This repository is Apache 2.0 licensed