Skip to content

Latest commit

 

History

History
76 lines (62 loc) · 2.55 KB

README.md

File metadata and controls

76 lines (62 loc) · 2.55 KB

Homelab (WIP)

My Homelab (with Kubernetes inside)

Components

  • Infrastructure (used by components if required)
    • postgres (singleton)
    • redis (singleton)
  • Envoy Proxy (serve as edge proxy)
  • Grafana (monitoring)
  • (WIP) Kubernetes (with istio, gVisor) and application services
    • Nextcloud
    • Prometheus
    • GitLab (with CI)

Setup

Network topology

Prerequisite

0. Get this project using git (include submodules)
git clone --recurse-submodules https://github.com/jeffreystoke/homelab.git
1. A cheap server/laptop/PC with hypervisor (e.g. ESXI, XEN, ...) installed or serval bare-metal servers I got the second-hand DELL R710 rack server at about $200, and installed ESXI 6.7 on it

Useful Tutorial for ESXI Installation: Create a Bootable ESXi Installer USB Flash Drive
2. A firewall redirecting all ingress traffic to the envoy proxy I used a OpenWRT router (awesome and stable) and configured internal firewall with
config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '443'
        option dest_ip '10.0.0.254'
        option dest_port '10000'
        option name 'envoy-proxy'
3. X509 Certifications for edge-proxy https It's 2018, always use tls when talking through the Internet! I made it with the help of mkcert, a great tool for creating self signed certifications

You have to run the following command inside the porject root directory

# install local CA
mkcert -install
# replace example.com with your own domain name
mkcert '*.example.com'
# move your certification and key to cert dir
mkdir -p cert && mv *-key.pem cert/key.pem && mv *.pem cert/cert.pem

Steps

1. Setup your Kubernetes cluster with kube
cd kube