This repository manages my Kubernetes cluster Powered by TrueCharts ClusterTool and using Flux. All applications are installed and configured via the Helm TrueCharts.
Below you will find an overview of the main components in my cluster, as well as a table of contents with brief descriptions of the included apps and services.
This cluster runs on K3s and is deployed using Flux (GitOps methodology). All apps are managed as Helm releases via the TrueCharts Clustertool. This allows every component and configuration to be versioned and automatically rolled out.
Key architecture highlights:
- Talos as OS for the Kubernetes nodes
- K8s as a Kubernetes distribution
- Flux as the GitOps engine
- Renovate as a bot for autoupdate
- Cilium as the Container Network Interface (CNI)
- MetalLB for assigning LoadBalancer IP addresses in the local network
- Traefik as an ingress controller
- Longhorn for distributed storage volumes
- OpenEBS for Local PV storage
- CloudNative PG for PostgreSQL clusters
- Various monitoring and observability tools (Prometheus, Grafana)
Use TrueCharts/Clustertool
Documentation: TrueCharts - Getting started with ClusterTool
- Download ClusterTool
- Init ClusterTool
- Adjust Config
- clusters/main/clusterenv.yaml
- clusters/main/talos/talconfig.yaml
- Generate Configuration
- Encrypt Configuration
- Apply Talos/Clusterconfig to the Kubernetes Nodes
Below is a list of the primary applications and add-ons running in this cluster. (Refer also to the outputs of kubectl get pods -A and kubectl get svc -A above for a complete overview.)
- Description: A DNS proxy and ad-blocker used to filter ads and malicious domains.
- Key Features: DNS caching, multiple modes for different blocklists.
- Description: Automated TLS certificate management (e.g., Let’s Encrypt).
- Key Features: Automatic certificate issuance, renewal, and distribution.
- Description: Cloudflare Tunnel for secure, encrypted connections to external services.
- Key Features: Tunnels internal services without exposing them via a public IP.
- Description: PostgreSQL operator for managing highly available Postgres databases.
- Key Features: Automated Postgres cluster provisioning, failover, backup.
- Description: GitOps engine that deploys all workloads and configurations from this repository.
- Components:
source-controller,kustomize-controller,helm-controller,notification-controller,image-reflector-controller,image-automation-controller.
- Description: Visualization and analytics platform.
- Key Features: Dashboards for metrics from Prometheus and other sources, alerting functionality.
- Description: HomeAssistant platform.
- Key Features: HomeAutomation and dashboards
- Description: A personal homepage/portal to access various self-hosted services.
- Description: The official Kubernetes Dashboard for cluster management via a web UI.
- Key Features: Workloads overview, cluster resources, namespaces, events.
- Description: A policy engine for Kubernetes to ensure security and compliance.
- Key Features: Admission and mutation policies, background scans, policy reports.
- Description: Distributed block storage for Kubernetes.
- Key Features: Replication, snapshots, automatic recovery in case of node failures.
- Description: A LoadBalancer implementation for bare-metal Kubernetes clusters.
- Key Features: Assigns external IPs, supports ARP and BGP.
- Description: Container-native storage solution for dynamic volumes (Local PV).
- Key Features: Node-local persistent volumes, easy management through Kubernetes.
- Description: Self-hosted file sharing application.
- Key Features: Shareable links, access management, user-friendly web interface.
- Description: A suite of monitoring and alerting tools.
- Key Features:
- Prometheus: Metric collection and querying
- Alertmanager: Handling and routing alerts (e-mail, Slack, etc.)
- Description: Self-hosted CI/CD platform for automating builds and deployments.
- Key Features: Pipeline definitions, container- or VM-based jobs, Git integration.
- Description: Docker registry mirror/cache or replication tool (purpose may vary).
- Key Features: Speeds up image pulls, reduces Internet bandwidth usage.
- Description: Online recipe manager.
- Key Features: Recipe import/export, categorization, multi-language support.
- Description: Ingress controller and reverse proxy.
- Key Features: Automatic service discovery, Let’s Encrypt integration, dashboard, HTTP/2, TCP/TLS support.
- Description: Unifi Poller for Grafana dashboards and metrics collection from Unifi devices.
- Key Features: Fetches metrics from Unifi network devices, integrates with Prometheus.
- Description: Backup and replication solution for stateful workloads.
- Key Features: Secure PersistentVolume backups, replication across different sites.
- Description: A controller for automated upgrades of K3s clusters.
- Key Features: Rolling updates, scheduling, version management.
- Cilium: Network and security stack (CNI) with eBPF-based filtering.
- Node Feature Discovery: Automatically detects hardware features and labels nodes.
- Descheduler: Optimizes pod distribution across the cluster.
- snapshot-controller: Facilitates volume snapshots.
- Others:
kubelet-csr-approver,metrics-server, etc.
-
Make changes
Edit Helm charts and Kustomize configurations in this repository (e.g., inapps/orcharts/). -
Push to Git
Once committed and pushed, Flux will detect changes and apply them to the cluster. -
Monitoring & Logging
Monitor resources via Grafana/Prometheus or use the Kubernetes Dashboard. -
Scaling & Updates
With GitOps (Flux), rollbacks and updates are straightforward; simply revert or update versions in Git.
This project is licensed under the MIT License. See LICENSE for details.