Bare-metal Kubernetes Homelab

A complete guide to building and managing a Kubernetes cluster at home using bare-metal hardware, covering installation, configuration, and advanced features.

  1. Bare-metal Kubernetes for your Homelab — An overview of Kubernetes, some motivation and common hardware choices for such projects.
  2. Installing Fedora CoreOS — Learn how to install Fedora CoreOS, a minimal, container-optimized Linux distribution, as the base operating system for your Kubernetes cluster with Butane and Ignition.
  3. Deploying bare-metal Kubernetes with Kubespray — How to use Kubespray, an automation tool based on Ansible, to deploy Kubernetes on your bare-metal setup, providing detailed steps for configuring and launching a multi-node cluster.
  4. Using Flux for GitOps — How to integrate Flux, a GitOps tool, into your Kubernetes cluster, enabling automated deployment from Git repositories and streamlining your CI/CD processes.
  5. Persistent storage with Rook-Ceph — We need to be able to save data in our cluster. We use Rook-Ceph, the cloud native to use the Ceph distributed filesystem to make storage available in our cluster.
  6. Observability — Learn how to monitor and log your cluster's performance and health for better insights and troubleshooting.
    1. Metrics: Prometheus and Grafana — Using the prometheus-stack, we set up observability for the cluster, by scraping metrics and displaying them in Grafana Dashboards.
    2. Logging: Centralized Logging with ElasticSearch — The other part of observability, centralized logging. We'll discover how to set-up FluentBit to scrape logs from all parts of your cluster and use ElasticSearch and Kibana to analyze them.
  7. Cert-Manager for automatic TLS certificates — We use Cert-Manager to automatically create and rotate TLS certificates in our cluster that we acquire using ACME and Let's Encrypt.
  8. Ingress — Guide to configuring ingress for your cluster, using various tools to manage traffic routing and external access.
    1. Ingress with Traefik — Learn how to deploy Traefik as an ingress controller for dynamic routing and load balancing across your services.
    2. Ingress with cloudflared (Cloudflare Tunnels) — Discover how to use Cloudflared/ Cloudflare Tunnels as a secure ingress solution that integrates easily with Cloudflare’s edge network for added protection and performance.
    3. Ingress with TailScale — Finally, we can also integrate our Kubernetes cluster into our tailscale network.
  9. Cloud-Native Postgres — This project allows you to manage PostgreSQL Databases in a cloud-native way.
  10. Service Meshes — Explore the benefits of service meshes for secure and efficient communication between your services.
    1. Service Meshes: linkerd — An introduction to Linkerd, a lightweight and secure service mesh for your Kubernetes cluster.
    2. Service Meshes: Istio — A detailed guide to Istio, a robust service mesh offering advanced traffic management and security features.
  11. Security — Here, we discuss how to harden the cluster.
    1. Automatic K8s cluster scanning with Trivy — Trivy can scan clusters for vulnerabilities and misconfigurations.
    2. Use Renovate Bot for GitOps with Flux — We can use renovate bot to automatically update our Flux Deployments.

Photo by Athanasios Papazacharias on Unsplash