Enterprise Kubernetes Homelab

Welcome to my Homelab

This repository contains the complete configuration and documentation of my enterprise-grade Kubernetes homelab.

Repository Structure

.
├──  kubernetes/          # All Kubernetes manifests
│   ├──  sets/           # App-of-Apps bootstrap
│   ├──  security/       # Zero-trust foundation & RBAC
│   ├──  infrastructure/ # Core cluster services & operators
│   ├──  platform/       # Databases & middleware services
│   └──  apps/          # End-user applications
├──  tofu/               # OpenTofu infrastructure
│   ├──  talos/         # Talos configuration
│   └──  bootstrap/     # Initial setup
└──  renovate.json      # Dependency automation

---

Applications

End-user applications deployed in dev, staging, and production environments:

Logo	Name	Description
	n8n	Secure, AI-native workflow automation
	Audiobookshelf	Self-hosted audiobook and podcast server
	Kafka Email Consumer	Real-time email notification system consuming Kafka messages
	Kafka User Producer	Kafka message producer for user registration events
🍔	OMS	Order Management System - Go microservices with distributed tracing (gateway, orders, payments, stock, kitchen)
	CloudBeaver	Web-based database management UI for PostgreSQL, MongoDB and more

Kubernetes Operators

Enterprise operators managing lifecycle, scaling, and HA for complex stateful workloads:

Logo	Name	Description
	Cilium Operator	CNI networking operator with eBPF dataplane for pod networking and Hubble observability
	Rook-Ceph Operator	Storage orchestration operator managing CephCluster with block, object and file storage
	Sail Operator	Istio service mesh lifecycle operator managing control plane, gateways and mTLS
	Cert-Manager	TLS certificate automation operator with Let's Encrypt integration
	Prometheus Operator	Metrics collection operator managing Prometheus, AlertManager and ServiceMonitors
	Grafana Operator	Dashboard lifecycle operator managing Grafana instances and datasources
	Jaeger Operator	Distributed tracing operator managing Jaeger instances and collectors
	Elastic Operator	Elasticsearch and Kibana orchestration operator managing clusters and indices
	OpenTelemetry Operator	Observability data collection operator managing collectors and instrumentation
	Strimzi Operator	Kafka operator for managing Kafka clusters, topics and users on Kubernetes
	Redis Operator	Redis lifecycle operator managing standalone, sentinel and replication instances
	Tailscale Operator	VPN connectivity operator managing connectors and subnet routes
	Argo Rollouts	Progressive delivery controller with blue-green and canary deployments
	CloudNativePG Operator	PostgreSQL HA operator managing clusters, backups and point-in-time recovery
	PSMDB Operator	MongoDB operator managing replica sets, sharding, backups and automated failover
	RabbitMQ Cluster Operator	Message broker operator managing RabbitMQ clusters, users and policies

Infrastructure

Core cluster services including GitOps, networking, storage, backup, and observability:

Logo	Name	Description
	ArgoCD	Declarative GitOps continuous delivery for Kubernetes with HA Redis backend
	Gateway API	Next-generation ingress API for Kubernetes with vendor-neutral traffic routing
	Envoy Gateway	High-performance Gateway API implementation with TLS termination and advanced routing
	Cloudflare Tunnel	Zero-Trust secure tunnel for external access without port forwarding
	Istio	Service mesh with mTLS, traffic management and advanced observability (Sail Operator)
	Hubble UI	Network observability interface for visualizing service dependencies and network flows
	Rook-Ceph	Distributed storage with block, object and file storage (Rook Operator)
	Proxmox CSI	Container Storage Interface for Proxmox VE with ZFS backend
	Velero	Kubernetes backup and disaster recovery with Ceph Object Storage backend
	Prometheus	Metrics collection with AlertManager and ServiceMonitor resources (Prometheus Operator)
	Grafana	Visualization platform with dashboards and datasources (Grafana Operator)
	Loki	Log aggregation system designed for cloud-native applications
🦀	Vector	Rust-based observability data pipeline with intelligent log collection and routing
	Fluentd	Data collector for unified logging layer with flexible routing
	Fluent Bit	Lightweight log processor optimized for containerized environments
	Tempo	High-scale distributed tracing backend with cost-efficient object storage
	Jaeger	Distributed tracing with collectors and query services (Jaeger Operator)
	Elasticsearch	Search and analytics engine with Kibana (Elastic Operator)
	OpenTelemetry	Observability data collection with collectors and instrumentation (OTel Operator)
	Robusta	AI-powered alert enrichment with automated troubleshooting and root cause analysis
	Ollama	Self-hosted LLM inference engine for AI troubleshooting (DSGVO-compliant)
	Telegram Bot	Mobile alerting - receives all Alertmanager notifications (P0-P4) via private bot

🗄️ Platform Services

Databases, messaging platforms, and identity management:

Logo	Name	Description
	PostgreSQL	High-availability PostgreSQL with automated backups and PITR (CloudNativePG Operator)
	InfluxDB	Time series database for high-performance metrics and event storage
	Redis	In-memory data store with sentinel and replication (Redis Operator)
	Kafka	Event streaming platform with KRaft mode and cluster operators (Strimzi)
	MongoDB	Document database with replica sets and automated backups (PSMDB Operator)
	RabbitMQ	Message broker with clustering and queue management (RabbitMQ Cluster Operator)
	Keycloak	Enterprise identity and access management with OIDC and SAML provider
	LLDAP	Lightweight LDAP server for authentication and user directory services

Security

Zero Trust foundation and policy enforcement:

Logo	Name	Description
	Kyverno	Kubernetes-native policy engine for security, compliance and governance automation
	Sealed Secrets	Kubernetes controller for one-way encrypted secrets in Git

---