My Homelab (with Kubernetes inside)
- Infrastructure (used by components if required)
- postgres (singleton)
- redis (singleton)
- Envoy Proxy (serve as edge proxy)
- Grafana (monitoring)
- (WIP) Kubernetes (with
istio,gVisor) and application services- Nextcloud
- Prometheus
- GitLab (with CI)
0. Get this project using git (include submodules)
git clone --recurse-submodules https://github.com/jeffreystoke/homelab.git1. A cheap server/laptop/PC with hypervisor (e.g. ESXI, XEN, ...) installed or serval bare-metal servers
I got the second-hand DELL R710 rack server at about $200, and installed ESXI 6.7 on itUseful Tutorial for ESXI Installation: Create a Bootable ESXi Installer USB Flash Drive
2. A firewall redirecting all ingress traffic to the envoy proxy
I used a OpenWRT router (awesome and stable) and configured internal firewall with
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '443'
option dest_ip '10.0.0.254'
option dest_port '10000'
option name 'envoy-proxy'
3. X509 Certifications for edge-proxy https
It's 2018, always use tls when talking through the Internet! I made it with the help of mkcert, a great tool for creating self signed certifications
You have to run the following command inside the porject root directory
# install local CA
mkcert -install
# replace example.com with your own domain name
mkcert '*.example.com'
# move your certification and key to cert dir
mkdir -p cert && mv *-key.pem cert/key.pem && mv *.pem cert/cert.pem
1. Setup your Kubernetes cluster with kube
cd kube