Skip to content


beryl  obsidian  cloudflare  cloudflare pages  wrangler  container  registry  harbor  wip  docker  Dockerfile  kaniko  bytebase  gitops  os  debian  preseed  automation  git  github  credentials  gh  git tag  tips  gitlab  cicd  gitlab runner  glab  kubernetes  calico  flux  sops  gateway  nginx  nginx-gateway-fabric  certmanager  gitlab-runner  minio  s3  monitoring  kube-prometheus  prometheus  alertmanager  grafana  node-exporter  memcached  loki  promtail  operator  keycloak  postgres  testbed  Kubernetes  index  k9s  krew  postgres-operator  hyper-v  helm  metallb  kubernetes gateway  ngf  directpv  logging  lab  reverse proxy  mfa  markdown  mise  python  venv  go  node  npm  nvim  lazyvim  poetry  regex  freenginx  mercurial  tls  tls passthrough  tls offload  bash  zsh  linux  ssg  hugo  mkdocs  tmux  tpm  pomodoro  vagrant  windows  virtualization  ansible  winget  windows terminal  windows 11 pro  oh-my-posh  nerdfonts  scoop 


homelab

Table of Content

Home Lab

Here is the mindmap-style illustration of my home lab. There are always changes made, but the build steps and details for my Kubernetes cluster is available in the following pages under this homelab section.

Kroki

I have baremetal machines running Linux in headless, and some of them running services using Docker and some consisting Kubernetes cluster.

I use Ansible to run repetitive tasks to manage my machines.

I use Docker Compose to run all the services that are running as Docker containers. I have separate repositories and docker-compose.yml files for every services, and I have systemd service unit files for them to boot up automatically whenever machines have to reboot. I have DNS service running on two different machines, and they use the same repository to be in sync.

My Kubernetes cluster is managed through flux and I am using self-managed GitLab to bootstrap the cluster and the repository. The core infrastructure services are described (and deployed by k8s & flux) in the main flux repository, and I have other gitrepo references (also hosted on my GitLab) to manage services.

I have deployed Bytebase which handles GitOps for databases. This is also integrated with my self-managed GitLab, and the DDL and DML files on the connected repo will spin out the automated change job to be applied to the concerned databases managed by Bytebase.

My GitLab is playing very important role in my home lab and I have backups taken regularly to places including public cloud service. I used to use Google Cloud Storage and I currently use Cloudflare R2.

Service Access

Reverse Proxy and Kubernetes Gateway

When I am on LAN, at home, my DNS points me to either a reverse proxy running as Docker container or Kubernetes gateway depending on where the service I'm accessing is hosted on. Both reverse proxy and Kubernetes gateway is doing TLS offload.

When I am outside, my traffic always reaches the reverse proxy which then TLS pass-through to Kubernetes gateway if the service is hosted on Kubernetes cluster, otherwise TLS offload and reverse proxy to the serves running as Docker containers.

Private and Public Sites

This very website, , is being hosted on a cloud, but I have my personal sites hosted on GitLab Pages, some of which is accessible from the Internet and some not. This control is being done using simple DNS record availability. I register DNS record for sites I want to expose to public network.

MFA

There are services I want to make them publicly accessible so that I can use them when I am outside, but not really open to anonymous users out in the Internet.

For services such as GitLab that have built-in MFA, I let reverse proxy just pass through, and for services that don't, I have reverse proxy to include multi-factor authentication service to limit who can access those services.

Monitoring and Logging

Kube-prometheus stack is implemented for monitoring purpose, using PV served through DirectPV to store data. Grafana Loki is implemented for logging purpose, using DirectPV and also Minio S3 to process and store data. Both monitoring and logging data and visualization can be queried and viewed through Grafana.