💻 Virtualized infrastructure with Proxmox
🔧 VM provisioning and cluster bootstrapping with Ansible
🤖 Application workload management with Flux
| Node | CPU | RAM | Storage | Function | Operating System |
|---|---|---|---|---|---|
| Minisforum NBP5 | i5 13500H | 32GB DDR5 | 1TB m.2 | 1x k3s Master 1x k3s Worker (with iGPU) |
Proxmox 8.x |
| Custom NAS build | N5105 | 32GB DDR4 | 256GB m.2 16TB HDD 10TB HDD |
TrueNAS 1x k3s Master 1x k3s Worker |
Proxmox 8.x |
| Topton router | N5105 | 16GB DDR4 | 512GB m.2 | OPNSense 1x k3s Master |
Proxmox 8.x |
- bootstrapping directory contains Ansible playbooks and roles. It's used to spin up VMs inside proxmox, configure those VMs, and lastly bootstrap the k3s Kubernetes cluster.
- cluster directory contains Kubernetes application workloads with following sub-dirs:
- flux directory is the entrypoint to Flux
- core directory (depends on flux) are important infrastructure applications (grouped by namespace). Flux is configured to not prune these resources automatically.
- apps directory (depends on core) is where common applications (grouped by namespace) are placed. Flux will prune resources here if they are not tracked by Git anymore
Secrets are encrypted with sops using age before being pushed into this repository. Flux is configured to automatically decrypt these secrets inside the cluster. This allows secret values to be configured in cluster-secrets.yaml and in cluster-settings.yaml.
- Renovate helps keep workloads up-to-date by scanning the repo and opening pull requests when it detects a new container image update or a new helm chart in the upstream repository
- Container images: Some self-managed container images are automatically built using Github Actions once a new version is detected in the upstream container image registry. Both AMD64 and ARM architectures supported and Trivy is used to scan and provide vulnerability reporting for the produced images. NOTE: This is no longer maintained.