Bare-metal Kubernetes Homelab

A complete guide to building and managing a Kubernetes cluster at home using bare-metal hardware, covering installation, configuration, and advanced features.

1. Bare-metal Kubernetes for your Homelab — An overview of Kubernetes, some motivation and common hardware choices for such projects.
2. Installing Fedora CoreOS — Learn how to install Fedora CoreOS, a minimal, container-optimized Linux distribution, as the base operating system for your Kubernetes cluster with Butane and Ignition.
3. Deploying bare-metal Kubernetes with Kubespray — How to use Kubespray, an automation tool based on Ansible, to deploy Kubernetes on your bare-metal setup, providing detailed steps for configuring and launching a multi-node cluster.
4. Using Flux for GitOps — How to integrate Flux, a GitOps tool, into your Kubernetes cluster, enabling automated deployment from Git repositories and streamlining your CI/CD processes.
5. Fleetlock for automatic updates — A short article on how to use Fleetlock and Zincati to coordinate updates for your nodes.
6. Persistent storage with Rook-Ceph — We need to be able to save data in our cluster. We use Rook-Ceph, the cloud native to use the Ceph distributed filesystem to make storage available in our cluster.
7. Observability — Learn how to monitor and log your cluster's performance and health for better insights and troubleshooting.
   1. Metrics: Prometheus and Grafana — Using the prometheus-stack, we set up observability for the cluster, by scraping metrics and displaying them in Grafana Dashboards.
   2. Metrics: Centralized Logging with ElasticSearch — The other part of observability, centralized logging. We’ll discover how to set-up FluentBit to scrape logs from all parts of your cluster and use ElasticSearch and Kibana to analyze them.
8. Cert-Manager for automatic TLS certificates — We use Cert-Manager to automatically create and rotate TLS certificates in our cluster that we acquire using ACME and Let's Encrypt.
9. Ingress — Guide to configuring ingress for your cluster, using various tools to manage traffic routing and external access.
   1. Setting up MetalLB — Setting up MetalLB as a load balancer for bare-metal Kubernetes clusters, providing an essential component for external service access.
   2. Ingress with Traefik — Learn how to deploy Traefik as an ingress controller for dynamic routing and load balancing across your services.
   3. Ingress with cloudflared (Cloudflare Tunnels) — Discover how to use Cloudflared/ Cloudflare Tunnels as a secure ingress solution that integrates easily with Cloudflare’s edge network for added protection and performance.
   4. Ingress with TailScale — Finally, we can also integrate our Kubernetes cluster into our tailscale network.
10. Cloud-Native Postgres — This project allows you to manage PostgreSQL Databases in a cloud-native way.
11. Service Meshes — Explore the benefits of service meshes for secure and efficient communication between your services.
    1. Service Meshes: linkerd — An introduction to Linkerd, a lightweight and secure service mesh for your Kubernetes cluster.
    2. Service Meshes: Istio — A detailed guide to Istio, a robust service mesh offering advanced traffic management and security features.
12. Security — Here, we discuss how to harden the cluster.
    1. Automatic K8s cluster scanning with Trivy — Trivy can scan clusters for vulnerabilities and misconfigurations.
    2. Use Renovate Bot for GitOps with Flux — We can use renovate bot to automatically update our Flux Deployments.