Self-Managing Kubernetes Homelab w/ ArgoCD

This repository serves as the immutable source of configurations for my personal homelab and is deployed using ArgoCD. The configurations contained in the repository self-manage ArgoCD as well as the applications. With various operators like external-dns, cert-manager, and metallb, this homelab pretty much manages itself. Once set up, there is zero intervention required to keep things running.

Applications are divided into ArgoCD projects by their respective types.

• setup - Required base components used to operate the cluster and deployments.
  • ArgoCD Application Definitions: argocd/applications/setup
  • Configurations: configs/setup/
• external - Externally facing applications.
  • ArgoCD Application Definitions: argocd/applications/external
  • Configurations: configs/external/
• internal - Internal-only applications.
  • ArgoCD Application Definitions: argocd/applications/internal
  • Configurations: configs/internal/

Applications

app-of-apps

Setup

• argocd - The GitOps operator responsible for managing the cluster
• cert-manager - Automatic SSL certificate generation, configured for Cloudflare
• external-dns - Automatically create DNS entries, configured for Lets Encrypt
• k8s-gateway - CoreDNS controller plugin
• metacontroller - For rapid prototyping an deployment of custom controllers
• metallb - A loadbalancer for non-cloud deployments
• metrics-server - Reports resource usage when running kubectl top
• nfs-subdir-provisioner - Automatically provisions subdirectories against an NFS share
• nginx-ingress - The ingress controller for the cluster (Offical Kubernetes Ingress)
• sealed-secrets - A controller for encrypting and decrypting secrets
• tnsr-controller- A homebrew controller that automatically adds firewall and NAT rules

External

• chia-node - A Chia node for the Chia cryptocurrency
• contact-api - A small API to submit form data from my website to an SMTP relay
• ghost - Blogging software
• main-site - Combines the Bitnami Nginx and Error Pages charts to deploy my website
• minio - An S3 compliant object storage system
• ombi - A multimedia request platform for Plex
• paperless - A document management system
• plex - A multimedia server
• seafile - Self-hosted cloud storage system

Internal

• nzbget - A Usenet download platform
• radarr - Automatically search, download, and manage movies
• sonarr - Automatically search, download, and manage television series
• smtp - A local SMTP relay to centralize a point in the cluster from which to send emails
• tdarr - An automatic multimedia transcoder
• unifi - The Uniquiti Unifi controller for managing Ubiquiti network devices

Bootstrapping

ArgoCD needs to be manually bootstrapped before it can self-manage. The only pre-requisite is a Kubernetes cluster with a CNI installed. All other required components will be install after bootstrapping.

kubectl apply -k configs/setup/argocd/
kubectl apply -f argocd/app-of-apps.yaml -n argocd

The above commands will deploy ArgoCD and the app-of-apps application which will be used to discover and deploy all other applications out of this repository. From this point forward, ArgoCD will also self-manage. Any updates to configs/setup/argocd/ will be automatically discovered and applied.

Secrets

All secrets are encrypted and stored in this repository using sealed-secrets by Bitnami. Only I hold the decryption keys for the secrets in this repository. If you are using this repository as the basis for you own homelab or Kubernetes cluster, be aware that none of the sealed secrets here will unseal for you. You will need seal your own secrets and replace mine. As a result, if you try to deploy the applications contained in this repository using my configurations, the application will most likely be broken.