Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity
73 Commits 6 Branches 0 Tags
7ae3d1b6bf98604f98d6354e5f37f5a8d4ca9cda
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Lumpiasty 7ae3d1b6bf add flux fileMatch
2025-03-26 00:37:15 +01:00
.vscode
Init basic cluster
2025-02-02 23:21:45 +01:00
ansible
disable exporting default gateway via bgp
2025-03-25 22:57:50 +01:00
apps
decreate loglevel of renovate
2025-03-26 00:02:40 +01:00
cluster
Update flux to 2.5.0
2025-03-18 01:47:52 +01:00
infra
Update cilium to 1.17.2
2025-03-25 03:13:42 +01:00
talos/patches
update talos to v1.9.5
2025-03-25 22:39:51 +01:00
utils
Create vault policies recoinciling script
2025-02-16 21:27:46 +01:00
vault/policy
Create vault policies recoinciling script
2025-02-16 21:27:46 +01:00
.gitignore
Init basic cluster
2025-02-02 23:21:45 +01:00
.gitmodules
Init basic cluster
2025-02-02 23:21:45 +01:00
flake.lock
update flake
2025-03-18 01:45:26 +01:00
flake.nix
Create vault policies recoinciling script
2025-02-16 21:27:46 +01:00
Makefile
Delete zoma-dibaiyin node
2025-03-25 22:34:06 +01:00
README.md
Init basic cluster
2025-02-02 23:21:45 +01:00
renovate.json
add flux fileMatch
2025-03-26 00:37:15 +01:00
shell.nix
Init basic cluster
2025-02-02 23:21:45 +01:00

README.md

Homelab

Goals

Wanting to set up homelab kubernetes cluster.

Software

  1. Running applications
    1. NAS, backups, security recorder
    2. Online presence, website, email, communicators (ts3, matrix?)
    3. Git server, container registry
    4. Environment to deploy my own apps
    5. Some LLM server, apps for my own use
    6. Public services like Tor, mirrors of linux distros etc.
    7. Some frontends
    8. Awesome-Selfhosted, Awesome Sysadmin
  2. Managing them hopefully using GitOps
    1. FluxCD, Argo etc.
    2. State of cluster in git, all apps version pinned
    3. Some bot to inform about updates?
  3. It's a homelab
    1. Should be open to experimenting
    2. Avoiding vendor lock-in, changing my mind shouldn't block me for too long
    3. Backups of important data in easy to access format
    4. Expecting downtime, no critical workloads
    5. Trying to keep it reasonably up anyways

Infrastructure

  1. Using commodity hardware
  2. Reasonably scalable
  3. Preferably mobile workloads, software should be a bit more flexible than me moving disks and data
  4. Replication is overkill for most data
  5. Preferably dynamically configured network
    1. BGP with OpenWRT router
    2. Dynamically allocated host subnets
    3. Load-balancing (MetalLB?), ECMP on router
    4. Static IP configurations on nodes
  6. IPv6 native, IPv4 accessible
    1. IPv6 has whole block routed to us which gives us control over address routing and usage
    2. Which allows us to expose services directly to the internet without complex router config
    3. Which allows us to use eg. ExternalDNS to autoconfigure domain names for LB
    4. But majority of the world still runs IPv4, which should be supported for public services
    5. Exposing IPv4 service may require additional reconfiguration of router, port forwarding, manual domain setting or controller doing this some day in future
    6. One public IPv4 address means probably extensive use of rule-based ingress controllers
    7. IPv6 internet from pods should not be NATed
    8. IPv4 internet from pods should be NATed by router

Current implementation idea

  1. Cluster server nodes running Talos
  2. OpenWRT router
    1. VLAN / virtual interface, for cluster
    2. Configuring using Ansible
    3. Peering with cluster using BGP
    4. Load-balancing using ECMP
  3. Cluster networking
    1. Cilium CNI
    2. Native routing, no encapsulation or overlay
    3. Using Cilium's network policies for firewall needs
    4. IPv6 address pool
      1. Nodes: 2001:470:61a3:100::/64
      2. Pods: 2001:470:61a3:200::/64
      3. Services: 2001:470:61a3:300::/112
      4. Load balancer: 2001:470:61a3:400::/112
    5. IPv4 address pool
      1. Nodes: 192.168.1.32/27
      2. Pods: 10.42.0.0/16
      3. Services: 10.43.0.0/16
      4. Load balancer: 10.44.0.0/16
  4. Storage
    1. OS is installed on dedicated disk
    2. Mayastor managing all data disks
      1. DiskPool for each data disk in cluster, labelled by type SSD or HDD
      2. Creating StorageClass for each topology need (type, whether to replicate, on which node etc.)

Working with repo

Repo is preconfigured to use with nix and vscode

Install nix, vscode should pick up settings and launch terminals in nix develop with all needed utils.

Bootstrapping cluster

  1. Configure OpenWRT, create dedicated interface for connecting server
    1. Set up node subnet, routing
    2. Create static host entry kube-api.homelab.lumpiasty.xyz pointing at ipv6 of first node
  2. Connect server
  3. Grab Talos ISO, dd it to usb stick
  4. Boot it and using keyboard set up static ip ipv6 subnet, should become reachable from pc
  5. talosctl gen config homelab https://kube-api.homelab.lumpiasty.xyz:6443
  6. Generate secrets talosctl gen secrets, backup, keep secrets.yml safe
  7. Generate config files make gen-talos-config
  8. Apply config to first node talosctl apply-config --insecure -n 2001:470:61a3:100::2 -f controlplane.yml
  9. Wait for reboot then talosctl bootstrap --talosconfig=talosconfig -n 2001:470:61a3:100::2
  10. Set up router and CNI

Updating Talos config

Update patches and re-generate and apply configs.

make gen-talos-config
make apply-talos-config
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 4.4 MiB
Languages
Python 28.4%
Jinja 24.1%
Shell 17.3%
HCL 14.7%
Nix 9.2%
Other 6.3%