Kubernetes
My main cluster is Talos provisioned on bare-metal using the official talosctl CLI tool. I render my Talos configuration using the talhelper CLI tool. This allows me to keep the Talos configuration as DRY as possible.
This is a semi hyper-converged cluster, workloads and block storage are sharing the same available resources on my nodes while I have a separate server for (NFS) file storage.
Core Components
- actions-runner-controller: Self-hosted Github runners.
- cilium: Internal Kubernetes networking plugin.
- cert-manager: Creates SSL certificates for services in my Kubernetes cluster.
- external-dns: Automatically manages DNS records from my cluster in a cloud DNS provider.
- external-secrets: Managed Kubernetes secrets using 1Password Connect.
- ingress-nginx: Ingress controller to expose HTTP traffic to pods over DNS.
- multus: Allows multi-homing Kubernetes pods.
- rook: Distributed block storage for peristent storage.
- sops: Managed secrets for Kubernetes, Ansible and Terraform which are commited to Git.
- tf-controller: Additional Flux component used to run Terraform from within a Kubernetes cluster.
- volsync and snapscheduler: Backup and recovery of persistent volume claims.