The Git repository contains the following directories:
📁
├──📁 ansible
│ └──📁 playbooks
└──📁 kubernetes
├──📁 apps
│ ├──📁 dashboard
│ │ └──📁 homarr
│ ├──📁 label-studio
│ │ └──📁 label-studio
│ ├──📁 media
│ │ ├──📁 decluttarr
│ │ ├──📁 flaresolver
│ │ ├──📁 flood
│ │ ├──📁 jellyfin
│ │ ├──📁 jellyseer
│ │ ├──📁 prowlarr
│ │ ├──📁 qbittorrent
│ │ ├──📁 radarr
│ │ ├──📁 recyclarr
│ │ └──📁 sonarr
│ ├──📁 muse
│ │ └──📁 muse
│ ├──📁 ntfy
│ │ └──📁 ntfy
│ ├──📁 pihole
│ │ └──📁 pihole
│ ├──📁 semaphore
│ │ └──📁 semaphore
│ ├──📁 speedtest
│ │ └──📁 speedtest
│ └──📁 vaultwarden
│ └──📁 vaultwarden
└──📁 infra
├──📁 cert-manager
│ └──📁 cert-manager
├──📁 databases
│ ├──📁 cloudnative-postgres
│ └──📁 postgres-operator
├──📁 flux
│ ├──📁 repositories
│ └──📁 sources
├──📁 longhorn
│ └──📁 longhorn
├──📁 metallb
│ └──📁 metallb
├──📁 pod-gateway
│ └──📁 pod-gateway
├──📁 reflector
│ └──📁 reflector
├──📁 reloader
│ └──📁 reloader
├──📁 system-upgrade
│ └──📁 system-upgrade-controller
└──📁 traefik
└──📁 traefikThe following apps are installed on the clusters.
| Software | Purpose |
|---|---|
| Flux | GitOps Tool managing the cluster |
| Longhorn | Persistent Block Storage Provisioner |
| MetalLB | Bare metal LoadBalancer |
| Cert-Manager | Letsencrypt certificates with Cloudflare DNS |
| System Upgrade Controller | Automated k3s upgrades |
| Homarr | Sleek, modern dashboard for managing services |
| CloudNativePG | Cloud-native PostgreSQL cluster operator |
| Postgres Operator | Operator for managing PostgreSQL clusters |
| Decluttarr | Automated media organization and decluttering tool |
| Flaresolverr | Cloudflare and DDoS protection bypass |
| Flood | Web UI for rtorrent and other torrent clients |
| Jellyfin | Media server |
| Jellyseer | Media discovery and management for Jellyfin |
| Muse | Self-hostable discord music bot |
| Recyclarr | Notifications and monitoring tool for media services |
| Prowlarr | Indexer manager for media automation |
| Qbittorrent | Torrent client |
| Radarr | Automated movie download tool |
| Sonarr | Automated TV show download tool |
| Ntfy | Push notifications |
| Pihole | Network-wide ad blocker (I am also using this for DNS) |
| Reflector | Reflection and proxying of Docker registries |
| Reloader | Kubernetes controller to watch changes in ConfigMap and Secrets and trigger Pod restarts |
| Semaphore | Continuous integration and delivery |
| Speedtest | Internet speed testing tool |
| Traefik | Edge router and load balancer |
| Pod-gateway | Routes traffic from pods to a gateway (I use it to route to a vpn) |
| Vaultwarden | Bitwarden compatible password manager |
| Label-Studio | Data labeling tool |
| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |
|---|---|---|---|---|---|---|
| Turing RK1 | 4 | 2TB NVMe | - | 16GB | Ubuntu | Cluster Nodes |
| Turing Pi 2 | 1 | - | - | - | - | Baseboard and KVM |
| CWWK AMD-7940HS | 1 | 1TB NVMe | 8TB HDD (2x) | 32GB | Proxmox | NAS/Cluster Nodes |
Renovate Bot makes sure the components are never outdated.
It creates PullRequests when Helm charts or Docker images have newer versions available and even keeps Flux and k3s up-to-date.
Flux supports SOPS in particular AGE, you can encrypt your secrets locally with age and then flux will decrypt them when it applies the manifests. All my secrets are encrypted on my local machine and decrypted by Flux when it applies the manifests.
I'm using Cloudflare for external DNS and have a wildcard A record pointing to my traefik instance. Internally I'm using PiHole for DNS resolution, these are injected into the pods via the hosts configmap.