| Tool | Purpose |
|---|---|
| ansible | Preparing Ubuntu for Kubernetes and installing k3s |
| flux | Operator that manages your k8s cluster based on your Git repository |
| go-task | A task runner / simpler Make alternative written in Go |
| sops | Encrypts k8s secrets with GnuPG |
| Node | Hostname | RAM | Storage | Function | Operating System |
|---|---|---|---|---|---|
| Raspberry Pi 4 Model B | w1 | 8GB | 250GB SSD | Kube Worker | Debian 12 |
| Raspberry Pi Compute Module 4 | w7 | 8GB | 2TB SSD | Kube Worker | Debian 12 |
| Lenovo ThinkCentre M910q Tiny | w-amd-1 | 32GB | 1TB Kingston DC SSD + 256GB SSD | Kube Worker | Debian 12 |
| Custom Haswell mATX system | w-amd-2 | 32GB | 480GB Transcend SSD, 275GB Crucial SSD + 320GB HDD | Kube Worker | Debian 12 |
| VM on Synology | w-amd-storage-1 | 4GB | 400GB NVME | Longhorn storage | Debian 12 |
| HP EliteDesk 800 G2 | w-amd-3 | 32GB | 256GB SSD | Kube Worker | Debian 12 |
| Lenovo ThinkCentre M910q Tiny | m1 | 16GB | 256GB SSD x 2 | Kube Master | Debian 12 |
| Node | Hostname | RAM | Storage | Function | Operating System |
|---|---|---|---|---|---|
| Synology NAS | NAS | 16GB | 2 x 3TB HDD (SMR for backups), 2 x 8TB HDD, 1 TB NVME, 256GB NVME for storage pool cache | NFS Server | DSM 7 |
| Vendor | Model | Function |
|---|---|---|
| Juniper | EX2200-48P-4g | Hallway switch with PoE+ and fiber uplinks to rack |
| Juniper | EX3300-48P | Rack switch with PoE++ and 10G SFP+ |
| Ubiquiti | Unifi USW-Flex-Mini | Bedroom switching (gaming iTX system, Apple TV 4K and Steam Deck) |
| Qotom | TLSense C3758 (TekLager.se) | Main router |
All nodes are connected to a dual-stack network, with private IPv4 and public IPv6. Kubernetes nodes are on their own VLAN which has access to the NAS.
While most of my infrastructure and workloads are self-hosted I do rely upon the cloud for certain key parts of my setup. This saves me from having to worry about two things. (1) Dealing with chicken/egg scenarios and (2) services I critically need whether my cluster is online or not.
The alternative solution to these two problems would be to host a Kubernetes cluster in the cloud and deploy applications like HCVault, Vaultwarden, ntfy, and Gatus. However, maintaining another cluster and monitoring another group of workloads is a lot more time and effort than I am willing to put in.
| Service | Use | Cost |
|---|---|---|
| Doppler | Secrets with External Secrets | Free (student) |
| Cloudflare | Domain(s) and S3 | ~$20/yr |
| GCP | Voice interactions with Home Assistant over Google Assistant | Free |
| GitHub | Hosting this repository and continuous integration/deployments | Free |
| Fastmail | Email hosting | ~$99/yr |
| NextDNS | My router DNS server which includes AdBlocking | ~$20/yr |
| Kapsi internet-users association | Hosts my off-site backup aka minio (S3), Bitwarden and own website | 40€/yr |
| updown.io | External monitoring (IPv4/IPv6) | ~€5/yr |
| Bilance | Budgeting app for iOS and Android | ~30€/yr |
| Total: ~40€/mo |