A GitOps-managed Kubernetes homelab built on Talos Linux, featuring specialized nodes for storage, GPU compute, and application workloads.
This repository contains the complete infrastructure-as-code configuration for a multi-node Kubernetes cluster running various applications including media servers, AI/ML platforms, game servers, and development tools.
┌─────────────────────────────────────────────────────────────────────────────┐
│ APPLICATIONS │
├─────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Jellyfin │ │ LLM │ │ AzerothCore │ │ Atuin │ │
│ │ Media Stack │ │ Platform │ │ WoW │ │ Shell Sync │ │
│ │ │ │ │ │ Server │ │ │ │
│ │ ┌──────────┐ │ │ ┌──────────┐ │ │ ┌──────────┐ │ │ ┌──────────┐ │ ... │
│ │ │Jellyfin │ │ │ │OpenWebUI │ │ │ │Auth/World│ │ │ │PostgreSQL│ │ │
│ │ │Jellyseerr│ │ │ │LlamaStack│ │ │ │Servers │ │ │ │Server │ │ │
│ │ │Radarr │ │ │ │vLLM │ │ │ │MySQL DB │ │ │ │ │ │ │
│ │ │Sonarr │ │ │ │ComfyUi │ │ │ │PHPMyAdmin│ │ │ │ │ │ │
│ │ │ │ │ │ │Sigstore │ │ │ │ │ │ │ │ │ │ │
│ │ └──────────┘ │ │ └──────────┘ │ │ └──────────┘ │ │ └──────────┘ │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │
├─────────────────────────────────────────────────────────────────────────────┤
│ CORE SERVICES │
├─────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Gateway │ │ Observability│ │ Storage │ │ Security │ │
│ │ │ │ │ │ │ │ │ │
│ │ ┌──────────┐ │ │ ┌──────────┐ │ │ ┌──────────┐ │ │ ┌──────────┐ │ │
│ │ │Envoy │ │ │ │SigNoz │ │ │ │OpenEBS │ │ │ │Cert-Mgr │ │ │
│ │ │Gateway │ │ │ │Clickhouse│ │ │ │Mayastor │ │ │ │Tailscale │ │ │
│ │ │Nginx │ │ │ │Kepler │ │ │ │Cache │ │ │ │SOPS │ │ │
│ │ │Ingress │ │ │ │OTEL │ │ │ │Replicated│ │ │ │Age │ │ │
│ │ └──────────┘ │ │ └──────────┘ │ │ └──────────┘ │ │ └──────────┘ │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Networking │ │ GPU │ │ MetalLB │ │ KubeVirt │ │
│ │ │ │ │ │ │ │ │ │
│ │ ┌──────────┐ │ │ ┌──────────┐ │ │ ┌──────────┐ │ │ ┌──────────┐ │ │
│ │ │Cilium │ │ │ │AMD GPU │ │ │ │L2/BGP │ │ │ │VM │ │ │
│ │ │CNI │ │ │ │Plugin │ │ │ │LoadBal. │ │ │ │Platform │ │ │
│ │ │No Proxy │ │ │ │Intel GPU │ │ │ │Address │ │ │ │CDI │ │ │
│ │ │Mesh │ │ │ │Plugin │ │ │ │Pool │ │ │ │ │ │ │
│ │ └──────────┘ │ │ └──────────┘ │ │ └──────────┘ │ │ └──────────┘ │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │
├─────────────────────────────────────────────────────────────────────────────┤
│ KUBERNETES LAYER │
├─────────────────────────────────────────────────────────────────────────────┤
│ ┌────────────────────────────┐ │
│ │ Flux CD │ │
│ │ GitOps │ │
│ │ ┌────────────────────┐ │ │
│ │ │ Git Repository │ │ │
│ │ │ SOPS Encryption │ │ │
│ │ │ Kustomization │ │ │
│ │ │ Auto Sync │ │ │
│ │ └────────────────────┘ │ │
│ └────────────────────────────┘ │
├─────────────────────────────────────────────────────────────────────────────┤
│ NODE TOPOLOGY │
├─────────────────────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │Control Plane│ │ Storage │ │ Worker │ │ GPU │ │
│ │ Nodes │ │ Nodes │ │ Nodes │ │ Nodes │ │
│ │ │ │ │ │ │ │ │ │
│ │ ┌─────────┐ │ │ ┌─────────┐ │ │ ┌─────────┐ │ │ ┌─────────┐ │ │
│ │ │master1 │ │ │ │storage1 │ │ │ │worker1 │ │ │ │gpu1 │ │ │
│ │ │master2 │ │ │ │storage2 │ │ │ │worker2 │ │ │ │gpu2 │ │ │
│ │ │master3 │ │ │ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │ │ │ │Bonded │ │ │ │General │ │ │ │AMD/Intel│ │ │
│ │ │Mixed HW │ │ │ │Network │ │ │ │Workload │ │ │ │GPU │ │ │
│ │ │Schedul. │ │ │ │Hugepage │ │ │ │ │ │ │ │ML/AI │ │ │
│ │ └─────────┘ │ │ └─────────┘ │ │ └─────────┘ │ │ └─────────┘ │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │
├─────────────────────────────────────────────────────────────────────────────┤
│ TALOS LINUX │
├─────────────────────────────────────────────────────────────────────────────┤
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Security Features │ │
│ │ • LUKS2 Disk Encryption │ │
│ │ • Secure Boot Support │ │
│ │ • Immutable OS │ │
│ │ • API-driven Configuration │ │
│ │ • No SSH/Shell Access │ │
│ └─────────────────────────────────────────────────────┘ │
├─────────────────────────────────────────────────────────────────────────────┤
│ PHYSICAL HARDWARE │
└─────────────────────────────────────────────────────────────────────────────┘
- Operating System: Talos Linux with secure boot support
- Kubernetes Distribution: Vanilla Kubernetes managed by Talos
- GitOps: Flux CD for continuous deployment
- Networking: Cilium CNI with Tailscale mesh networking
- Storage: OpenEBS with Mayastor for high-performance storage
- Observability: SigNoz for logs/metrics/tracing, Kepler for power monitoring
The cluster consists of specialized node types:
- 3 Control Plane Nodes (master1-3): Mixed hardware for control plane workloads
- 2 Storage Nodes (storage1-2): Dedicated storage with bonded networking and hugepages
- 2 Worker Nodes (worker1-2): General application workloads
- 2 GPU Nodes (gpu1-2): ML/AI compute with AMD and Intel GPU support
- Talos Linux nodes configured and running
kubectlconfigured for cluster accesssops-key.txtfile for secret decryption
# Bootstrap Flux CD and initial configuration
make bootstrap-k8s-homelabThis command sets up Flux CD and creates the necessary secrets for GitOps operations.
Contains the core Talos configuration:
talconfig.yaml: Complete cluster and node definitionstalenv.yaml: Environment variables for Talos configurationtalsecret.sops.yaml: Encrypted secrets (disk encryption, Tailscale auth)
GitOps configuration organized by environment:
- Flux CD installation and Git repository setup
- Shared Kustomization bases
Bootstrap (bootstrap/): Initial Flux setup and bootstrapping
Core Infrastructure (core/): → View Core Components Documentation
- Networking: Cilium, MetalLB, Envoy Gateway, Nginx Ingress
- Storage: OpenEBS, persistent volume configurations
- Security: Cert-manager, Tailscale
- Observability: SigNoz, OpenTelemetry, Kepler
- GPU support: Device plugins and Node Feature Discovery
Applications (apps/): → View Applications Documentation
Custom container builds:
acore/: AzerothCore image for WOTLK World of Warcraft serverdesktop/: Custom Fedora desktop bootc image with development toolsganesha-nfs/: NFS Ganesha server image
Enterprise-grade ML infrastructure →
- vLLM deployment with IBM Granite models →
- Sigstore model validation and integrity verification
- OpenWebUI for LLM interaction
- Llama Stack for AI agent development
- Atuin shell history sync →
- Nextcloud for file sharing and collaboration
- Testing namespace for experimental deployments
Complete media automation and streaming setup →
- Jellyfin media server with hardware transcoding
- Jellyseerr for media requests
- Sonarr/Radarr for content management
- Steam game cache and game streaming server →
- Disk Encryption: LUKS2 encryption for all system and ephemeral storage
- Secret Management: SOPS with age encryption for GitOps secrets
- Network Security: Tailscale mesh networking for secure external access
- Model Integrity: Sigstore-based verification for ML models
- Secure Boot: Support for UEFI secure boot on Talos nodes
- Modify configurations in the appropriate
clusters/homelab/directory - Commit and push changes to the main branch
- Flux CD automatically applies changes to the cluster
- Monitor reconciliation with
kubectl get kustomizations -A
- Create a new directory under
clusters/homelab/apps/ - Add Kubernetes manifests with appropriate namespace, storage, and networking
- Include ServiceMonitor for observability if applicable
- Update
clusters/homelab/apps/kustomization.yamlto include the new app
Build and push custom images from the images/ directory. Each subdirectory contains a Containerfile and any necessary build context.
Renovate automatically creates pull requests for:
- Kubernetes manifest updates
- Helm chart version bumps
- Container image updates
- Flux CD component updates
- Cluster Health: SigNoz dashboards for infrastructure metrics
- Application Logs: Centralized logging through observability stack
- Power Consumption: Kepler for energy monitoring
- Storage Performance: OpenEBS metrics and alerts
This repository includes comprehensive documentation for all components:
- Core Components Overview → - Complete infrastructure component documentation
- Gateway API Configuration → - Modern ingress with automatic DNS and TLS
- GPU Support Infrastructure → - AMD and Intel GPU device plugins
- Storage Infrastructure → - OpenEBS with Mayastor high-performance storage
- Observability Stack → - SigNoz monitoring and tracing platform
- Tailscale Networking → - Secure mesh networking and zero-trust access
- MetalLB Load Balancer → - Bare-metal load balancing
- KubeVirt Virtualization → - Virtual machine platform
- Applications Overview → - Complete application portfolio
- Jellyfin Media Stack → - Media server with automation
- LLM Platform → - AI/ML inference platform
- AzerothCore WoW Server → - World of Warcraft private server
- Enshrouded Game Server → - Survival game dedicated server
- Steam Game Cache- and Streaming Platform → - Steam cache- and streaming server