Skip to content
/ homelab Public

A production-grade, self-hosted Kubernetes platform powered by k3s and FluxCD, built for GitOps, observability, and secure app delivery.

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HYP3R00T/homelab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

134 Commits
.vscode
.vscode
 
 
apps
apps
 
 
assets
assets
 
 
cluster/lab
cluster/lab
 
 
infrastructure
infrastructure
 
 
monitoring
monitoring
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

🏡 homelab

A production-grade, self-hosted Kubernetes homelab powered by k3s and FluxCD, running declarative infrastructure with secrets management, monitoring, and a curated suite of personal apps.

⚙️ Built for reliability, automation, and modular GitOps workflows.

🧰 Stack Overview

Layer Tooling
Kubernetes k3s
GitOps FluxCD
Secrets Mgmt HashiCorp Vault + ESO
Networking Cloudflared + Traefik (in-built)
Monitoring kube-prometheus-stack
App Packaging Helm, Kustomize
OS Environment Ubuntu 24.04.2 LTS on Lenovo Legion Y540

📁 Repository Structure

.
├── apps/                # Application manifests (base/lab overlays)
├── cluster/             # Cluster-level definitions, Flux bootstrap
├── docs/                # Documentation site (MkDocs)
├── infrastructure/      # Infrastructure components (Vault, ESO, Cloudflared)
├── monitoring/          # Monitoring stack (Prometheus, Grafana)
├── mkdocs.yml           # MkDocs config for documentation site
└── README.md

base/ holds reusable blueprints. 🧪 lab/ contains environment-specific overlays.

🚀 Deployed Applications

App Purpose
Homepage Custom home dashboard
Linkding Bookmark manager
Mealie Recipe management
Vault Secrets management backend
ESO Sync Vault secrets to K8s
Cloudflared Secure tunneling to cluster
Prometheus + Grafana Monitoring + Dashboards

All apps are declaratively managed using Helm & Kustomize via FluxCD.

🔐 Secrets & Security

Secrets are managed using:

  • HashiCorp Vault (deployed in-cluster)
  • External Secrets Operator (ESO) using the Kubernetes auth method
  • Cloudflared tunnels expose apps securely without port forwarding or public IPs

📦 GitOps Workflow

This homelab follows a pure GitOps model:

  1. All manifests are committed to Git
  2. FluxCD watches the repo and applies changes
  3. Secrets are synced via ESO from Vault
  4. Each component is modular, reusable, and declaratively configured

🖥️ Host Specs

Spec Value
OS Ubuntu 24.04.2 LTS
Machine Lenovo Legion Y540 (i5-9300H)
Memory 16 GB
GPU NVIDIA GTX 1650 Mobile
Cluster Bare-metal, single-node (k3s)

🧠 Philosophy

This setup is built for:

  • Learning Kubernetes, GitOps, and security best practices
  • Running production-grade self-hosted tools
  • Keeping everything declarative, minimal, and portable

Inspired by the principles of GitOps, Platform Engineering, and Zero Trust Access.

🤝 License

MIT - feel free to fork, clone, and adapt for your own lab!

About

A production-grade, self-hosted Kubernetes platform powered by k3s and FluxCD, built for GitOps, observability, and secure app delivery.

Topics

kubernetes homelab k3s fluxcd

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository