PitchHut logo
Log in / Sign up
Empower your home lab with an automated Kubernetes experience.
Preview url
Visit project
Pitch

H8s is a comprehensive home infrastructure solution that integrates Kubernetes with Talos OS, tailored for personal cloud environments. Built on budget-friendly mini PCs, it delivers a secure and efficient cluster setup. With features like automated provisioning and a home-wide ad blocker, it’s designed to enhance control and convenience in home tech management.

Description

H8s (Homernetes)

H8s is an innovative home infrastructure solution that seamlessly integrates Kubernetes with the security-oriented Talos OS, specifically designed for home labs and personal cloud environments. This project showcases a setup that uses two N100 CPU-based mini PCs, each equipped with 32GB of RAM and 1TB NVME SSDs, providing a robust platform for hosting services right at home.

Project Motivation

Building a homelab Kubernetes cluster has been a rewarding experience, aimed at enhancing skills in various areas:

  • Mastering DevOps and Software Engineering practices.
  • Deepening knowledge and expertise in Kubernetes, which is heavily utilized in professional environments.
  • Gaining control over a private technology stack.
  • Self-hosting various useful applications.
    The primary drive behind this project is a passion for continuous learning and exploration, which inspires both professional and personal development.

Key Features

H8s incorporates a range of powerful features designed to streamline home infrastructure management:

  • Automated Bootstrap: A comprehensive 8-stage declarative pipeline to provision a full cluster from bare metal in under 10 minutes.
  • Container Registry: Facilitate efficient management and storage of container images.
  • Home-wide Ad Blocker and DNS: Enhance browsing experience across the home network.
  • Internal Certificate Authority: Manage security certificates internally.
  • Routing for Private Services: Access to exclusive home services.
  • Secrets Management: Secure handling of sensitive information.
  • Comprehensive Observability: Metrics and logs can be monitored effectively.
  • CI/CD Capabilities: Full integration for continuous integration and delivery.
  • External Service Access via Cloudflare: Experience external access to prioritized services, including:
  • PostgreSQL Databases: Facilitates internal service management for tools like Terraform and Harbor.
  • Advanced Networking with Cilium: Provides network encryption, observability, IP address management, kube-proxy replacement, and L2 announcements.

Repository Structure

The structure of the repository is organized to enhance navigation and usability:

├── applications
│   ├── excalidraw                  | Self-hosted Excalidraw.
│   └── searxng                     | Privacy-focused metasearch engine.
├── ci-cd
│   ├── argo-workflows              | CI/CD pipelines (WIP).
│   ├── argocd                      | GitOps CD for Kubernetes resources.
│   └── renovate                    | Automated dependency updates.
├── images
│   ├── coredns
│   ├── terraform
│   └── image-buildah
├── infrastructure                  | Complete bootstrapping of the cluster with Proxmox and Talos + platform configuration.
├── namespaces                      | Holds all namespaces for the cluster.
├── networking
│   ├── cert-manager                | Certificate controller for the self-hosted certificate authority.
│   ├── cilium                      | The cluster's eBPF CNI.
│   ├── cloudflared                 | Facilitates Cloudflare ingress.
│   ├── coredns                     | Home-wide DNS services and ad-blocking.
│   └── gateways                    | Ingress and networking routing management.
├── observability
│   ├── grafana                     | Metrics and log observability.
│   ├── loki                        | Log collection.
│   ├── prometheus                  | Metrics collection.
│   └── promtail                    | Log shipping agent.
├── security
│   ├── cosign                      | Container and binary signing for Harbor.
│   ├── external-secrets-operator   | Manages secrets inside the cluster.
│   ├── keycloak                    | (WIP) Cluster single sign-on.
│   └── vault                       | Secrets storage and certificate authority.
└── storage
    ├── cloudnative-pg              | PostgreSQL database management for various applications.
    ├── harbor                       | Container and binary registry.
    └── longhorn                     | Cluster CSI.

This project exemplifies a modern approach to home infrastructure and Kubernetes management, offering features that enhance productivity and security, making it ideal for enthusiasts and professionals alike.

0 comments

No comments yet.

Sign in to be the first to comment.