Hey there! 👋 Thanks for stopping by. This repo is a little window into my world of managing Kubernetes with K3s on Flux. It's a practical setup, a bit of experimentation, and a whole lot of learning on the go. Dive in and take a look around! It's kept up to date as it is a 'production' cluster
The repository is structured as follows:
├── .github/ # GitHub Actions and workflows
├── apps/ # Application values and definitions
├── base/ # Base configuration and flux generated files
├── charts/ # Chart repository definitions
├── configs/ # Cluster wide configurations
└── README.md
These applications are for managing, automating, and serving media content.
The common chart provided by bjw-s has been used for a lot of the applications as it's robust and easy enough to learn.
| Project | Description | GitHub Link | Directory in Repo |
|---|---|---|---|
| Plex | Plex is a feature-rich media library platform that organizes and streams your media files. | Plex | apps/media/plex |
| Sonarr | Automated TV show management tool for downloading and serving television series. | Sonarr | apps/media/sonarr |
| Radarr | A fork of Sonarr to work with movies à la Couchpotato. | Radarr | apps/media/radarr |
| Overseerr | A request management and media discovery tool to integrate with Plex and other services. | Overseerr | apps/media/overseerr |
| Plaxt | Allows for Plex plays to be scrobbled to Trakt.tv instantly. | Plaxt | apps/media/plaxt |
| intel-gpu-plugin | A plugin to facilitate Intel GPU usage in Kubernetes clusters for various workloads. | intel-gpu-plugin | apps/media/intel-gpu-plugin |
| Immich | An open-source personal media backup solution with a mobile-first approach. | Immich | apps/media/immich |
| SABnzbd | A robust and reliable binary newsgrabber for downloading files from Usenet servers. | SABnzbd | apps/media/sabnzbd |
| Tautulli | Monitoring and tracking tool for Plex Media Server with a rich feature set. | Tautulli | apps/media/tautulli |
| Tdarr | A distributed media transcoding system with a focus on automation and scalability. | Tdarr | apps/media/tdarr |
Network tools are essential for routing, load balancing, and managing certificates within a Kubernetes cluster.
| Project | Description | GitHub Link | Directory in Repo |
|---|---|---|---|
| Traefik | A modern HTTP reverse proxy and load balancer. | Traefik | apps/network/traefik |
| Cert-Manager | Automates the management and issuance of TLS certificates. | Cert-Manager | apps/network/cert-manager |
| MetalLB | A load-balancer implementation for bare metal Kubernetes clusters. | MetalLB | apps/network/metallb |
Services that are typically deployed in their own namespace due to their scope or operational requirements.
| Project | Description | GitHub Link | Directory in Repo |
|---|---|---|---|
| Authentik | An identity provider to facilitate authentication, authorization, and more. | Authentik | apps/authentik |
| Longhorn | Cloud-native distributed storage built on and for Kubernetes. | Longhorn | apps/longhorn |
Tools for persistent storage, database management, and in-memory data structures.
| Project | Description | GitHub Link | Directory in Repo |
|---|---|---|---|
| CSI-NFS | CSI driver that allows Kubernetes to use NFS volumes for storage. | CSI-NFS | apps/data/csi-nfs |
| MinIO | High performance, Kubernetes-native object storage. | MinIO | apps/data/minio |
| PostgreSQL | Robust and reliable open-source relational database system. | PostgreSQL | apps/data/postgres |
| Redis | An in-memory data structure store, used as a database and cache. | Redis | apps/data/redis |
| Elasticsearch | A distributed search and analytics engine. | Elasticsearch | apps/data/elasticsearch |
Open-source social networking services.
| Project | Description | GitHub Link | Directory in Repo |
|---|---|---|---|
| Mastodon | A free and open-source self-hosted social networking service. | Mastodon | apps/social/mastodon |
Tools for automating and managing home infrastructure.
| Project | Description | GitHub Link | Directory in Repo |
|---|---|---|---|
| Home Assistant | An open-source home automation platform that prioritizes local control. | Home Assistant | apps/home/home-assistant |
Applications designed for public-facing web services.
| Project | Description | GitHub Link | Directory in Repo |
|---|---|---|---|
| Ghost | A professional publishing platform focused on aesthetics and user experience. | Ghost | apps/public/ghost |
Systems and tools for monitoring the health and performance of the cluster and applications.
| Project | Description | GitHub Link | Directory in Repo |
|---|---|---|---|
| Uptime-Kuma | A fancy self-hosted monitoring tool. | Uptime-Kuma | apps/monitoring/uptime-kuma |
| Goldilocks | Provides recommendations on Kubernetes resource requests and limits. | Goldilocks | apps/monitoring/goldilocks |
| Kube-Prometheus | A collection of community curated Kubernetes manifests, Grafana dashboards, and Prometheus rules. | kube-prometheus | apps/monitoring/kube-prom |
| Loki | A horizontally-scalable, highly-available, multi-tenant log aggregation system. | Loki | apps/monitoring/loki |
| Promtail | An agent which ships the contents of local logs to a private Loki instance. | Promtail | apps/monitoring/prom-tail |
I use SOPS (Secrets OPerationS) for managing secrets securely. SOPS lets me encrypt my secrets so that I can safely store them in my Git repository.
- Transparent Encryption/Decryption: SOPS decrypts files on-the-fly, making it feel like you're working with plain text.
- Fine-Grained Control: It allows encrypting only the values, not the keys, in my secret files. This balances security and usability well.
- Versatile Key Management: It supports various key management services, fitting well in different cloud environments.
- Smooth Integration with Flux: I’ve set things up so Flux and SOPS work seamlessly together, decrypting secrets during deployment without exposing sensitive information.
This project is open-sourced under the MIT License.
A big thank you to all the contributors and maintainers of the tools and technologies used in this project, including K3s, KairOS, Flux, and the wider Kubernetes community.