GitOps-managed Kubernetes cluster running on Talos Linux with Flux CD and Renovate
This is a GitOps-managed Kubernetes home server with the following stack:
- Nodes: 5-node hybrid cluster (4x ARM64, 1x x86_64)
- OS: Talos Linux v1.12.1 (immutable, API-configured)
- Kubernetes: v1.35.0
- GitOps: Flux CD manages all workloads from this repository
- Storage: Longhorn for persistent volumes, Crunchy Postgres for databases, Dragonfly for caching
- Networking: Cilium CNI, Envoy Gateway, Cloudflare DNS/DDNS, Tailscale VPN
- Secrets: SOPS with AGE encryption + 1Password via External Secrets Operator (mostly this, some former)
The Git repository contains the following directories:
📁
└──📁 kubernetes
├──📁 ai
│ ├──📁 litellm
│ ├──📁 openwebui
│ └──📁 searxng
├──📁 games
│ └──📁 abiotic-factor
├──📁 infra
│ ├──📁 flux
│ │ ├──📁 instance
│ │ ├──📁 notifications
│ │ ├──📁 operator
│ │ ├──📁 receiver
│ │ ├──📁 repositories
│ │ └──📁 secrets
│ ├──📁 node-feature-discovery
│ │ └──📁 node-feature-discovery
│ ├──📁 nvidia-device-plugin
│ │ └──📁 nvidia-device-plugin
│ ├──📁 reflector
│ │ └──📁 reflector
│ ├──📁 reloader
│ │ └──📁 reloader
│ ├──📁 spegel
│ └──📁 tuppr
│ └──📁 upgrades
├──📁 manga
│ ├──📁 komf
│ ├──📁 komga
│ └──📁 suwayomi
├──📁 media
│ ├──📁 cleanuparr
│ ├──📁 decluttarr
│ ├──📁 dispatcharr
│ ├──📁 flaresolver
│ ├──📁 huntarr
│ ├──📁 jellyfin
│ ├──📁 jellyseer
│ ├──📁 prowlarr
│ ├──📁 qbittorrent
│ │ └──📁 ui
│ ├──📁 radarr
│ ├──📁 recyclarr
│ └──📁 sonarr
├──📁 misc
│ ├──📁 immich
│ ├──📁 speedtest-tracker
│ │ └──📁 speedtest-tracker
│ └──📁 syncthing
│ └──📁 syncthing
├──📁 networking
│ ├──📁 cert-manager
│ │ └──📁 cert-manager
│ ├──📁 cilium
│ │ └──📁 cilium
│ ├──📁 envoy-gateway
│ │ └──📁 config
│ ├──📁 external-dns
│ │ ├──📁 cloudflare
│ │ └──📁 cloudflare-ddns
│ └──📁 tailscale
│ └──📁 tailscale
├──📁 observability
│ ├──📁 dashboard
│ │ └──📁 homepage
│ ├──📁 kube-prometheus-stack
│ ├──📁 kube-state-metrics
│ ├──📁 metrics-server
│ └──📁 node-exporter
├──📁 projects
│ └──📁 colwiki
├──📁 security
│ ├──📁 authentik
│ │ └──📁 authentik
│ └──📁 secrets
│ └──📁 external-secrets
└──📁 storage
├──📁 databases
│ ├──📁 dragonfly
│ └──📁 postgres
├──📁 garage
│ └──📁 webui
└──📁 longhorn
└──📁 longhorn| Software | Category | Purpose |
|---|---|---|
| Authentik | Security | Identity provider for SSO and authentication. |
| Cert-Manager | Networking | Automated certificate management for Kubernetes. |
| Cilium | Networking | eBPF-based networking, security, and observability. |
| Cleanuparr | Media Automation | Automated media cleanup tool for *arr apps. |
| Crunchy Postgres Operator | Storage | PostgreSQL operator for Kubernetes. |
| Decluttarr | Media Automation | Removes stalled torrents from qBittorrent. |
| Dispatcharr | Media Automation | Discord notifications for *arr apps. |
| Dragonfly | Storage | Modern in-memory datastore (Redis/Memcached alternative). |
| Envoy Gateway | Networking | Kubernetes-native API gateway powered by Envoy. |
| External DNS | Networking | Synchronizes Kubernetes services with DNS providers. |
| External Secrets Operator | Security | Integrates external secret stores with Kubernetes. |
| Flaresolverr | Media Automation | Proxy server to bypass Cloudflare protection. |
| Flux CD | Infrastructure | GitOps continuous delivery for Kubernetes. |
| Garage | Storage | Distributed object storage service (S3-compatible). |
| Homepage | Applications | Customizable homepage dashboard for service management. |
| Huntarr | Media Automation | Missing media searcher for Radarr and Sonarr. |
| Immich | Applications | Self-hosted photo and video backup solution. |
| Jellyfin | Media Automation | Media server for movies, TV shows, and music. |
| Jellyseerr | Media Automation | Media discovery and request management for Jellyfin. |
| Komf | Applications | Metadata fetcher for Komga. |
| Komga | Applications | Media server for comics and manga. |
| Kube Prometheus Stack | Observability | Complete monitoring stack with Prometheus and Grafana. |
| Kube State Metrics | Observability | Exposes cluster-level Kubernetes object metrics. |
| LiteLLM | Applications | Proxy server for LLM API calls with unified interface. |
| Longhorn | Storage | Distributed block storage for Kubernetes. |
| Metrics Server | Observability | Cluster-wide aggregator of resource usage data. |
| Node Exporter | Observability | Prometheus exporter for hardware and OS metrics. |
| Node Feature Discovery | Node Management | Detects hardware features available on each node. |
| NVIDIA Device Plugin | Node Management | Exposes NVIDIA GPUs to Kubernetes. |
| Open WebUI | Applications | User-friendly web interface for AI models. |
| Otterwiki | Applications | Simple wiki for personal use. |
| Prowlarr | Media Automation | Indexer manager/proxy for media automation. |
| Qbittorrent | Media Automation | BitTorrent client with web interface. |
| Radarr | Media Automation | Automated movie download and management. |
| Recyclarr | Media Automation | Quality profiles and custom formats sync for *arr apps. |
| Reflector | Infrastructure | Mirrors ConfigMaps and Secrets across namespaces. |
| Reloader | Infrastructure | Triggers pod restarts on ConfigMap/Secret changes. |
| SearXNG | Applications | Privacy-respecting metasearch engine. |
| Sonarr | Media Automation | Automated TV show download and management. |
| Spegel | Infrastructure | Stateless cluster-local OCI registry mirror. |
| Speedtest Tracker | Applications | Internet speed tracking and monitoring tool. |
| Suwayomi | Applications | Free and open source manga reader server. |
| Syncthing | Applications | Continuous file synchronization program. |
| Tailscale | Networking | Zero-config VPN built on WireGuard. |
| Tuppr | Node Management | Talos Linux system upgrade controller. |
| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |
|---|---|---|---|---|---|---|
| Turing RK1 | 4 | 2TB NVMe | - | 16GB | Talos v1.12.1 | ARM64 Cluster Nodes |
| Turing Pi 2 | 1 | - | - | - | - | Baseboard and KVM |
| CWWK AMD-7940HS | 1 | 1TB NVMe | 8TB HDD (2x) | 32GB | Talos v1.12.1 | x86_64 Cluster Node |