Compare commits
47 Commits
46c4e7b50f
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
d36dd7735f
|
|||
|
1a0aeb0e64
|
|||
|
e6e63b5b2c
|
|||
|
0fcb071122
|
|||
|
e0f4fc71af
|
|||
|
e747bbe519
|
|||
| 067c3cbc59 | |||
| 27fcdd6bac | |||
|
67a7c32675
|
|||
|
c352c07f7b
|
|||
|
3397d80865
|
|||
|
39548b9b31
|
|||
|
9b75b8d4bf
|
|||
|
8d29dd8bd1
|
|||
| 4090830d95 | |||
|
21790a5a41
|
|||
|
4ab5ecdd6f
|
|||
|
c11f7897d7
|
|||
|
8839dd6eb1
|
|||
|
cc57178974
|
|||
| 3d95158244 | |||
|
141f05c6ae
|
|||
|
3651f23c72
|
|||
|
b4cbbd97a6
|
|||
| ede26d9c1d | |||
|
cc14ef66ed
|
|||
|
35b3f6cc42
|
|||
|
033a3b95ad
|
|||
|
f90060e366
|
|||
| 1f074a7087 | |||
|
c6cf3b7d84
|
|||
|
e611c68342
|
|||
|
d828d88078
|
|||
|
8fa00efc16
|
|||
|
fbe2274182
|
|||
|
bf4985040a
|
|||
|
ce3a367ec9
|
|||
|
6006e75db9
|
|||
| db590d1d2c | |||
|
7b6f92646f
|
|||
|
6bbd9748a2
|
|||
|
b22ff17c1d
|
|||
96900bea0c
|
|||
|
0f84c335de
|
|||
|
5e1b5dc007
|
|||
| f0f1b45c93 | |||
|
db9aa7c99d
|
37
README.md
Normal file
37
README.md
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
# Main Infrastructure: weyma-talos
|
||||||
|
|
||||||
|
**Production Kubernetes infrastructure with disaster recovery capabilities**
|
||||||
|
|
||||||
|
This repository contains the foundational infrastructure for my Kubernetes homelab, designed with reliability and rapid recovery as core principles.
|
||||||
|
|
||||||
|
## Architecture
|
||||||
|
|
||||||
|
My infrastructure follows a layered "black start" approach - essential services run outside the Kubernetes cluster to enable cluster bootstrapping and recovery from total failures.
|
||||||
|
|
||||||
|
### Black Start Layer
|
||||||
|
Static services (Docker Compose on TrueNAS/Proxmox) that provide cluster dependencies:
|
||||||
|
- Image cache for faster deployments and offline capability
|
||||||
|
- Talos discovery server for node bootstrapping
|
||||||
|
- HashiCorp Vault for secrets management (external to cluster)
|
||||||
|
- Future: Self-hosted Sidero Omni server (migrating from SaaS)
|
||||||
|
|
||||||
|
### System Apps Layer
|
||||||
|
Applications running within Kubernetes that provide core cluster functionality, managed via ArgoCD with GitOps principles.
|
||||||
|
|
||||||
|
## Repository Structure
|
||||||
|
|
||||||
|
- **`black-start/`** - Docker Compose services for cluster dependencies
|
||||||
|
- **`config-patches/`** - Talos Linux configuration patches for cluster and individual machines
|
||||||
|
- **`omni/`** - Sidero Omni [cluster template](https://docs.siderolabs.com/omni/reference/cluster-templates)
|
||||||
|
- **`system-apps/`** - System applications (ArgoCD projects) - monitoring, ingress, certificates, storage
|
||||||
|
|
||||||
|
## Tech Stack
|
||||||
|
|
||||||
|
**OS:** Talos Linux | **Orchestration:** Kubernetes | **GitOps:** ArgoCD | **Secrets:** Vault | **Storage:** Rook-Ceph
|
||||||
|
|
||||||
|
## Recovery Process
|
||||||
|
|
||||||
|
The "black start" architecture enables ~15-20 minute automated recovery from complete infrastructure failure:
|
||||||
|
1. Start black-start services → 2. Bootstrap Talos → 3. Deploy system apps → 4. Deploy core apps
|
||||||
|
|
||||||
|
For application deployments, see [core-apps](https://git.dubyatp.xyz/core-apps).
|
||||||
@@ -2,7 +2,7 @@ version: "3.8"
|
|||||||
services:
|
services:
|
||||||
discovery:
|
discovery:
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
image: ghcr.io/siderolabs/discovery-service:v1.0.13
|
image: ghcr.io/siderolabs/discovery-service:v1.0.15
|
||||||
ports:
|
ports:
|
||||||
- 10.105.6.215:3000:3000
|
- 10.105.6.215:3000:3000
|
||||||
- 10.105.6.215:3001:3001
|
- 10.105.6.215:3001:3001
|
||||||
@@ -52,6 +52,7 @@ patches:
|
|||||||
bind-address: 0.0.0.0
|
bind-address: 0.0.0.0
|
||||||
proxy:
|
proxy:
|
||||||
extraArgs:
|
extraArgs:
|
||||||
|
proxy-mode: ipvs
|
||||||
metrics-bind-address: 0.0.0.0:10249
|
metrics-bind-address: 0.0.0.0:10249
|
||||||
scheduler:
|
scheduler:
|
||||||
extraArgs:
|
extraArgs:
|
||||||
|
|||||||
@@ -24,5 +24,5 @@ appVersion: "1.0"
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: argo-cd
|
- name: argo-cd
|
||||||
version: 9.4.1
|
version: 9.4.6
|
||||||
repository: https://argoproj.github.io/argo-helm
|
repository: https://argoproj.github.io/argo-helm
|
||||||
@@ -24,5 +24,5 @@ appVersion: "1.0"
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: cert-manager
|
- name: cert-manager
|
||||||
version: v1.19.3
|
version: v1.19.4
|
||||||
repository: https://charts.jetstack.io
|
repository: https://charts.jetstack.io
|
||||||
@@ -24,5 +24,5 @@ appVersion: "1.0"
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: external-secrets
|
- name: external-secrets
|
||||||
version: 2.0.0
|
version: 2.0.1
|
||||||
repository: https://charts.external-secrets.io
|
repository: https://charts.external-secrets.io
|
||||||
@@ -24,5 +24,5 @@ appVersion: "1.0"
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: kubernetes-replicator
|
- name: kubernetes-replicator
|
||||||
version: 2.12.2
|
version: 2.12.3
|
||||||
repository: https://helm.mittwald.de
|
repository: https://helm.mittwald.de
|
||||||
@@ -24,5 +24,5 @@ appVersion: "1.0"
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: kube-prometheus-stack
|
- name: kube-prometheus-stack
|
||||||
version: 81.5.0
|
version: 82.4.3
|
||||||
repository: https://prometheus-community.github.io/helm-charts
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
@@ -24,5 +24,5 @@ appVersion: "1.0"
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: rook-ceph
|
- name: rook-ceph
|
||||||
version: v1.19.1
|
version: v1.19.2
|
||||||
repository: https://charts.rook.io/release
|
repository: https://charts.rook.io/release
|
||||||
@@ -24,5 +24,5 @@ appVersion: "1.0"
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: traefik
|
- name: traefik
|
||||||
version: 39.0.0
|
version: 39.0.2
|
||||||
repository: https://traefik.github.io/charts
|
repository: https://traefik.github.io/charts
|
||||||
@@ -37,7 +37,7 @@ traefik:
|
|||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
additionalContainers:
|
additionalContainers:
|
||||||
- name: cloudflared
|
- name: cloudflared
|
||||||
image: cloudflare/cloudflared:2026.1.2
|
image: cloudflare/cloudflared:2026.2.0
|
||||||
command:
|
command:
|
||||||
- cloudflared
|
- cloudflared
|
||||||
- tunnel
|
- tunnel
|
||||||
|
|||||||
@@ -24,5 +24,5 @@ appVersion: "1.0"
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: velero
|
- name: velero
|
||||||
version: 11.3.2
|
version: 11.4.0
|
||||||
repository: https://vmware-tanzu.github.io/helm-charts
|
repository: https://vmware-tanzu.github.io/helm-charts
|
||||||
Reference in New Issue
Block a user