Welcome to KC02, my personal Kubernetes homelab cluster! KC02 leverages Talos Linux and is managed through a GitOps workflow using FluxCD.
Key Features of KC02
- Lightweight Kubernetes powered by Talos and Omni
Talos provides a minimal, hardened, and immutable Linux distribution designed specifically for Kubernetes. This significantly reduces the attack surface and ensures a consistent, secure baseline for all nodes. Omni simplifies deployment, Cluster Access Control, and lifecycle management of Kubernetes clusters powered by Talos. - Bare-metal deployment on mini PCs
Running directly on used, energy-efficient hardware gives me full control over the environment while keeping operational costs low. - GitOps workflow with FluxCD
All cluster components are defined declaratively in Git and automatically reconciled, ensuring reliable, version-controlled infrastructure updates. - Secrets Management using Mozilla SOPS with Age encryption
Sensitive information is securely encrypted and version-controlled alongside configuration data. - Persistent storage using Synology CSI Driver Persistent storage for applications requiring state is automatically provisioned within a Network Attached Storage (NAS) device.
- CloudNative PostgreSQL for highly available databases CloudNativePG provides highly available postgres clusters with self-healing, scale up/down of read-only replicas, backups & recovery.
- Observability with Prometheus and Grafana A full observability stack captures metrics and visualizes them in real time, allowing me to monitor cluster health, optimize performance, and troubleshoot issues quickly.
- Modular and fully declarative configuration
The cluster is composed of loosely coupled, declarative modules in a public git repository. https://github.com/simonyjung/homelab - Cloudflare Tunnel for securely exposing services to the internet
Services are accessible remotely via encrypted tunnels, allowing secure access without the risks of exposing ports directly to the public internet.
Documentation
Cluster Architecture
External Access via Cloudflare Tunnel