gwg313/homelab-gitops
1
0
Fork 0
mirror of https://github.com/gwg313/homelab-gitops.git synced 2026-06-05 19:51:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
No description
43 commits 1 branch 0 tags 233 KiB
Find a file
gwg313 d3da92bbb8
add cicd exclude to resource limits 
Signed-off-by: gwg313 <gwg313@pm.me>
2026-05-23 22:09:35 -04:00
apps add cicd exclude to resource limits 2026-05-23 22:09:35 -04:00
apps_bak add harbor 2026-05-19 14:26:06 -04:00
apps_temp update default deny 2026-05-17 00:05:02 -04:00
bootstrap update 2026-05-17 14:29:03 -04:00
hedgedoc update hedgedoc pull policy 2025-09-22 22:32:26 -04:00
karakeep add karakeep 2025-08-11 23:32:15 -04:00
management/platform-apps add cicd exclude to resource limits 2026-05-23 22:09:35 -04:00
minio squash all 2025-07-03 08:02:33 -04:00
platform add cicd exclude to resource limits 2026-05-23 22:09:35 -04:00
.argocd-ignore squash all 2025-07-03 08:02:33 -04:00
.devenv.flake.nix squash all 2025-07-03 08:02:33 -04:00
.envrc initial commit 2025-06-21 16:00:40 -04:00
.gitignore initial commit 2025-06-21 16:00:40 -04:00
.gitleaks.toml squash all 2025-07-03 08:02:33 -04:00
.yamllint squash all 2025-07-03 08:02:33 -04:00
devenv.lock initial commit 2025-06-21 16:00:40 -04:00
devenv.nix squash all 2025-07-03 08:02:33 -04:00
README.md readme update 2026-05-17 23:43:06 -04:00
root-app.yaml squash me 2026-05-15 16:56:17 -04:00

README.md

Homelab Kubernetes GitOps Repository

Currently in process of major overhaul, so things may be a bit messy for a few days This repository contains the Kubernetes manifests and Helm configurations used to operate my self-hosted infrastructure.

The cluster runs on Talos OS and is fully managed using ArgoCD with the App-of-Apps pattern.

Overview

All infrastructure and applications are declaratively defined in this repository.

Core components:

  • Talos OS (Kubernetes distribution)
  • ArgoCD (GitOps controller)
  • Sealed Secrets (encrypted secret management)
  • cert-manager (certificate automation)
  • Istio (Gateways for ingress and reverse proxy)
  • MetalLB (bare-metal load balancing)

Repository Structure

├── apps/
├── audiobookshelf/
├── bytestash/
├── cert-manager/
├── cluster-issuer/
├── focalboard/
├── forgejo/
├── harbor-config/
├── hedgedoc/
├── karakeep/
├── linkwarden/
├── metallb/
├── minio/
├── navidrome/
├── sealed-secrets/
├── security/
├── stirling-pdf/
├── woodpecker/
├── yopass/
└── root-app.yaml

Each application directory contains the manifests or Helm values required to deploy the service.

root-app.yaml bootstraps all applications via ArgoCD.

GitOps Structure

  • root-app.yaml defines the parent ArgoCD application.
  • Child applications are defined under apps/.
  • Infrastructure components and services are separated by directory.
  • The repository represents the desired state of the cluster.

Secrets Management

Secrets are managed using Bitnami Sealed Secrets.

  • Plain Kubernetes Secrets are sealed using kubeseal.
  • Only encrypted SealedSecret resources are committed to Git.
  • The Sealed Secrets controller decrypts them inside the cluster.

No unencrypted secrets are stored in this repository.

Networking

Load Balancing

MetalLB provides external IP addresses for services in the bare-metal cluster.

Ingress & Reverse Proxy

Istio Gateways are used to expose services externally and handle reverse proxy functionality.

TLS

cert-manager manages certificate issuance and renewal using configured ClusterIssuers.