bjw-s / home-ops Goto Github PK
View Code? Open in Web Editor NEWMy home or for-home infrastructure written as code, adhering to GitOps practices
Home Page: https://bjw-s.github.io/home-ops
License: Apache License 2.0
My home or for-home infrastructure written as code, adhering to GitOps practices
Home Page: https://bjw-s.github.io/home-ops
License: Apache License 2.0
Describe the solution you'd like:
Currently there is some hackery going on to download/update/make available a template chart based on the KaH common library.
Now that there is an upstream version of that (k8s-at-home/charts#1501), use that.
Describe the solution you'd like:
When moving away from Sidero PXE booting I need a way to (securely) store the machineConfig definitions in this git repo.
Status | Count |
---|---|
๐ Total | 31 |
โ Successful | 28 |
โณ Timeouts | 0 |
๐ Redirected | 0 |
๐ป Excluded | 0 |
โ Unknown | 0 |
๐ซ Errors | 3 |
Context:
Currently I mostly rely on service built-in authentication mechanisms. It would be better / easier to set up a separate authentication mechanism so that I can centralise my user accounts, and possibly even implement SSO.
Related issues:
Describe the solution you'd like:
Deploy https://github.com/GilbN/theme.park/ in the cluster to add themes to apps.
Relevant links
Additional Information:
Run on port 8080 because the container runs as non-root
Depends on #2494
The fluxv2 multitenancy example folder structure looks pretty neat. Investigate if refactoring is worth it.
Resources:
Status | Count |
---|---|
๐ Total | 31 |
โ Successful | 28 |
โณ Timeouts | 0 |
๐ Redirected | 0 |
๐ป Excluded | 0 |
โ Unknown | 0 |
๐ซ Errors | 3 |
Errors were reported while checking the availability of links.
๐ Summary
---------------------
๐ Total..........115
โ
Successful.....114
โณ Timeouts.........0
๐ Redirected.......0
๐ป Excluded.........0
๐ซ Errors...........1
Errors in networking/dns/index.html
โ https://opnsense.org/ (error sending request for url (https://opnsense.org/): error trying to connect: dns error: failed to lookup address information: Temporary failure in name resolution)
Errors were reported while checking the availability of links.
๐ Summary
---------------------
๐ Total..........132
โ
Successful.....120
โณ Timeouts.........0
๐ Redirected.......0
๐ป Excluded.........0
๐ซ Errors..........12
Errors in networking/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in home/tools/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in storage/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in storage/backups/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in gitops/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in networking/dns/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in networking/multus/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in networking/podgateway/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in 404.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in home/repo_structure/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in home/cluster_overview/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Describe the solution you'd like:
I currently use iCloud Drive to store my personal documents archive. I want to investigate moving that over to paperless-ngx
Additional Information:
Application repo: https://github.com/paperless-ngx/paperless-ngx
Describe the solution you'd like:
With Traefik there was a middleware in place to whitelist internal Ingress objects to RFC1918 IP ranges.
Add nginx.ingress.kubernetes.io/whitelist-source-range
to these Ingresses to reimplement this whitelist.
Additional Information:
Depends on #2502
After Kured drained and rebooted my worker nodes, zigbee2mqtt would no longer actually perform any commands even though it seemed to be up and running.
The error message was as follows:
Error while starting zigbee-herdsman
Error: Failed to connect to adapter (Error: SRSP - SYS - ping after 6000ms)
Resolution:
zigbee-herdsman
now succesfully started and the zigbee network was now reachable again.
Since having the lights not respond once every two weeks (current Kured schedule) is not acceptable, I've decided to remove Kured from the cluster for now.
It turns out that Calico has built-in support for BGP. This would make running MetalLB no longer necessary, as that's basically all I'm using it for.
Links:
Status | Count |
---|---|
๐ Total | 31 |
โ Successful | 28 |
โณ Timeouts | 0 |
๐ Redirected | 0 |
๐ป Excluded | 0 |
โ Unknown | 0 |
๐ซ Errors | 3 |
Describe the solution you'd like:
Replace the current Traefik ingress controller with Nginx
Currently there are a number of services with seperate manifest files.These should be migrated to Helm charts.
Either in my own charts repo, or preferably in @billimek's charts repo
What steps did you take and what happened:
I have a few CronJobs that run in my cluster periodically. They run fine, but randomly throw an error stating that a volume was not registered.
What did you expect to happen:
They run fine and don't raise any errors.
Additional Information:
The error is harmless otherwise, but wanted to document it here otherwise.
Upstream issue: kubernetes/kubernetes#105204
Describe the solution you'd like:
Do something similar to the home-assistant
deployment:
database
and application
(with application
depending on database
)pg_dump
from the existing database and pg_restore
into the new oneCurrently I have a few places where a hpa is used to enforce min/max replicas. This is less then ideal for a number of reasons:
In order to remedy this, I should probably look into something like Open Policy Agent
Links:
Describe the solution you'd like:
Rename the root k8s
folder to kubernetes
. This means that a lot of Flux resources need to be updated as well, and potentially CI configuration.
Anything else you would like to add:
Additional Information:
Describe the solution you'd like:
Add theme.park themes to applications that support it:
Additional Information:
See https://github.com/GilbN/theme.park/ for available themes / apps
Errors were reported while checking the availability of links.
๐ Summary
---------------------
๐ Total..........115
โ
Successful.....114
โณ Timeouts.........0
๐ Redirected.......0
๐ป Excluded.........0
๐ซ Errors...........1
Errors in networking/dns/index.html
โ https://opnsense.org/ (error sending request for url (https://opnsense.org/): error trying to connect: dns error: failed to lookup address information: Temporary failure in name resolution)
Due to the old cluster going down while I was still migrating stuff into this repo, not everything is in place yet.
The following services still need to be migrated:
Describe the solution you'd like:
A lot of the Renovate config snippets in this repo can be broken out into a separate repository for improved reusability.
Currently all backups are on the local network. For additional security I want to add a cloud backup of this data in the mix.
Should look at how @onedr0p does this with rclone to Backblaze B2
https://github.com/onedr0p/k3s-gitops/tree/master/deployments/default/rclone
Status | Count |
---|---|
๐ Total | 31 |
โ Successful | 28 |
โณ Timeouts | 0 |
๐ Redirected | 0 |
๐ป Excluded | 0 |
โ Unknown | 0 |
๐ซ Errors | 3 |
Describe the solution you'd like:
Instead of adding the same custom annotation anywhere, implement a mutating policy with Kyverno.
Can you explain a bit on the server side options of NFS ?
Are you using root_squash ?
If yes then how are you managing all the user permissions ? A lot of containers/pods chown to different users:groups and it becomes a bit hectic to keep track of all of them.
Status | Count |
---|---|
๐ Total | 31 |
โ Successful | 28 |
โณ Timeouts | 0 |
๐ Redirected | 0 |
๐ป Excluded | 0 |
โ Unknown | 0 |
๐ซ Errors | 3 |
Context:
Currently my rook-ceph stuff lives in the cluster-apps
Kustomization. I should move these to the cluster-requirements
Kustomization so that any errors in apps
don't potentially nuke the cluster storage.
Tasks
rook-ceph
folder from apps
to requirements
prune: false
on cluster-requirements
KustomizationCurrently, I have a system for variables in place, but I don't use those variables enough in my secrets yet.
Hi,
i'd like to use your work to create my first home cluster (zero experience on that).
I first tried k8s-at-home/template-cluster-k3s, i followed all the steps and it worked but i'd like to use yours so i'm "yelling" for a little help. Actually is a big please.
Hardware that i have:
Things that confuses me:
Could you lease help me with some hints to deploy the cluster, set networks, storages, lb, dns ? :)
Thank you
Benji seems to be a lot more light-weight, and covers my use case: backup PVC content to an NFS share.
Reference materials:
Don't forget to change your renovate config to catch the repo rename.
home-ops/.github/renovate.json5
Line 161 in 6cd9d82
Describe the solution you'd like:
I should be using the full device UUID path when consuming drives in rook-ceph
Implement kustomize.yaml
files to manage dependency ordering.
Resources:
Describe the solution you'd like:
Remove the Kubegres Kustomization from the cluster
Additional Information:
Depends on #2492
Sometimes there is a race condition between Flux deploying and the correct sealed-secrets being applied.
One solution could be to explicitly apply all sealed-secrets from the pipeline, so that the correct values are in place before Flux comes along.
Currently there is overlap between the setup script and the fact that there is Ansible code present. Therefore the setup script should somehow converge into an Ansible role
Currently there is nothing in place for collecting metrics, and presenting them.
Add something like a Prometheus / Grafana stack for this.
Currently I have a single Runner (actions-runner-controller) for this repo. Maybe I should modify this to a RunnerDeployment so I can have two parallel runners.
Because of the impending rate limits on Docker Hub I need to set up a pull-through cache.
Most likely solution: run the Nexus as a docker container on my NAS and add that as a mirror repository to the k3s config
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Location: .github/renovate.json5
Error type: The renovate configuration file contains some invalid settings
Message: Invalid configuration option: flux
Errors were reported while checking the availability of links.
๐ Summary
---------------------
๐ Total..........132
โ
Successful.....120
โณ Timeouts.........0
๐ Redirected.......0
๐ป Excluded.........0
๐ซ Errors..........12
Errors in index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in networking/dns/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in storage/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in storage/backups/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in networking/multus/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in networking/podgateway/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in 404.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in networking/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in gitops/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in home/cluster_overview/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in home/tools/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Errors in home/repo_structure/index.html
โ https://fonts.gstatic.com/ (HTTP status client error (404 Not Found) for url (https://fonts.gstatic.com/))
Status | Count |
---|---|
๐ Total | 31 |
โ Successful | 28 |
โณ Timeouts | 0 |
๐ Redirected | 0 |
๐ป Excluded | 0 |
โ Unknown | 0 |
๐ซ Errors | 3 |
Describe the solution you'd like:
Now that I only have one cluster to manage it makes sense to roll the global
folder back in to the cluster-0
folder.
Additional Information:
Depends on #2514
Currently some critical (prometheus, certmanager) CRD's are installed by Helm charts. In order to prevent chicken/egg situations when (re)deploying the cluster I should probably separate these and add them to the bootstrap script/role.
K3s seems to be a more lightweight approach to initialize a cluster. Should try implementing this during the next cluster iteration
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.