@@ -26,70 +26,94 @@ Admittedly, both usages of "all" describe the end goal of this repo, not the cur
2626
2727## 🎨 Components
2828
29- ### Infrastructure management
30-
31- - [ Terraform] ( https://github.com/hashicorp/terraform ) : Bootstraps and manages infrastructure needed for Kubernetes.
32- - [ Crossplane] ( https://crossplane.io ) : Kubernetes-native infrastructure management.
33-
34- ### Cluster management
29+ ### Core
3530
31+ - [ KCL] ( https://www.kcl-lang.io/ ) : Configuration language; with Helm support via [ kclipper] ( https://github.com/MacroPower/kclipper ) .
3632- [ Talos] ( https://www.talos.dev ) : Immutable Kubernetes OS; built using [ talhelper] ( https://github.com/budimanjojo/talhelper ) .
37- - [ Argo CD] ( https://github.com/argoproj/argo-cd ) : Reconciles kubernetes clusters with this repository.
38- - [ Kyverno] ( https://kyverno.io ) : Policy engine supporting validate, mutate, generate, and cleanup rules.
39- - [ Harbor] ( https://goharbor.io ) : Artifact registry with pull-through cache and vulnerability scanning.
40- - [ KCL] ( https://www.kcl-lang.io/ ) : Configuration language I use to describe Argo applications.
33+ - [ TrueNAS] ( https://www.truenas.com/ ) : Big ZFS storage; runs small Talos containers for direct I/O.
34+ - [ Terraform] ( https://github.com/hashicorp/terraform ) : Declares any infrastructure not managed by Kubernetes.
4135- [ Renovate] ( https://github.com/renovatebot/renovate ) : Automatic updates for applications via pull requests.
4236
43- ### Secrets
37+ ### Cluster management
4438
45- - [ Doppler] ( https://www.doppler.com/ ) : Hosted secrets management platform.
46- - [ External Secrets] ( https://external-secrets.io ) : Synchronizes secrets from Doppler into Kubernetes.
39+ - [ Argo CD] ( https://github.com/argoproj/argo-cd ) : Reconciles Kubernetes clusters with this repository.
40+ - [ Spegel] ( https://goharbor.io ) : Stateless, fully transparent pull-through image cache.
41+ - [ Reloader] ( https://docs.stakater.com/reloader/ ) : Automatic rollouts on ConfigMap/Secret updates.
42+ - [ Descheduler] ( https://sigs.k8s.io/descheduler ) : Evicts Pods to maintain zone and node balance.
4743
4844### Networking
4945
50- - [ Cilium] ( https://cilium.io ) : eBPF-based CNI & service mesh .
51- - [ Traefik ] ( https://traefik.io ) : Ingress controller & reverse proxy .
46+ - [ Cilium] ( https://cilium.io ) : eBPF-based CNI, BGP control plane, firewall, and more .
47+ - [ Envoy Gateway ] ( https://gateway.envoyproxy.io/ ) : Implements the Kubernetes Gateway API .
5248- [ Cert Manager] ( https://cert-manager.io ) : Automatic Let's Encrypt certificates.
49+ - [ External DNS] ( https://kubernetes-sigs.github.io/external-dns/ ) : Automatic DNS record management.
5350- [ AdGuard Home] ( https://github.com/AdguardTeam/AdguardHome ) : DNS server with ad-blocking.
54- - [ Wireguard] ( https://www.wireguard.com ) : Modern VPN tunnels; implemented using [ wireguard-operator ] ( https://github.com/jodevsa/wireguard-operator ) .
51+ - [ Wireguard] ( https://www.wireguard.com ) : Modern VPN tunnels.
5552
5653### Security
5754
58- - [ Authentik ] ( https://goauthentik .io ) : Identity Provider .
55+ - [ External Secrets ] ( https://external-secrets .io ) : Synchronizes secrets from [ Doppler ] ( https://www.doppler.com/ ) into Kubernetes .
5956- [ Tetragon] ( https://tetragon.io/ ) : eBPF-based security observability and runtime enforcement.
6057- [ SecureCodeBox] ( https://www.securecodebox.io/ ) : Continuous and automated security testing with familiar tools like Nmap, ZAP.
61- - [ Trivy] ( https://aquasecurity.github.io/trivy ) : Kubernetes and container vulnerability scanner.
6258
6359### Observability
6460
65- - [ Prometheus] ( https://prometheus.io ) : Monitoring system & TSDB.
66- - [ Jaeger] ( https://www.jaegertracing.io ) : Distributed tracing system.
6761- [ Loki] ( https://grafana.com/oss/loki/ ) : Log aggregation system.
68- - [ Vector] ( https://vector.dev ) : Log collector, transformer, and router.
69- - [ OTEL Collector] ( https://opentelemetry.io/docs/collector/ ) : Trace/metric collector, transformer, and router.
7062- [ Grafana] ( https://grafana.com ) : Visualization platform.
71- - [ Robusta] ( https://home.robusta.dev ) : Alerts / notifications and runbook automation.
72- - [ Inspektor Gadget] ( https://www.inspektor-gadget.io/ ) : eBPF-based gadgets to debug and inspect Kubernetes apps and resources.
63+ - [ Tempo] ( https://grafana.com/oss/tempo/ ) : Distributed tracing system.
64+ - [ Mimir] ( https://grafana.com/oss/mimir/ ) : Prometheus-compatible monitoring system and TSDB.
65+ - [ Alloy] ( https://grafana.com/oss/alloy/ ) : Grafana's distribution of OpenTelemetry collector.
66+ - [ Beyla] ( https://grafana.com/oss/beyla-ebpf/ ) : Zero-touch eBPF auto-instrumentation (part of Alloy).
67+ - [ Robusta] ( https://home.robusta.dev ) : Alert and notification management.
7368
7469### Storage
7570
76- - [ Rook] ( https://rook.io ) : Storage operator for Ceph.
77- - [ Ceph] ( https://ceph.io ) : Distributed object, block, and file storage.
71+ - [ OpenEBS] ( https://openebs.io/ ) : Manages local and replicated persistent volumes.
72+ - [ CloudNativePG] ( https://cloudnative-pg.io/ ) : Manages highly-available, cloud-native Postgres clusters.
73+ - [ Dragonfly] ( https://www.dragonflydb.io ) : Highly-available, cloud-native Redis and Memcached implementation.
7874
7975---
8076
8177## 📂 Repository structure
8278
83- Overview of this repo's structure, there's more info in the README files for each:
79+ This repository implements a ** GitOps architecture** , primarily orchistrated by ** Argo CD ApplicationSets** defined as [ KCL] ( https://www.kcl-lang.io/ ) with [ kclipper] ( https://github.com/MacroPower/kclipper ) . The repo's structure directly informs ApplicationSet behavior via matrix generators. The libraries used are based on KCL's [ konfig] ( https://github.com/kcl-lang/konfig ) .
80+
81+ This structure enables a readable application hierarchy where each tenant can effectively function independently, i.e. somewhat mirroring an actual production multi-tenant platform. However, what would be individual repositories with their own access controls, releases, and so on, are instead represented as folders in this monorepo.
8482
85- ``` sh
83+ ``` py
8684.
87- ├─📁 apps # ArgoCD Applications
88- ├─📁 appsets # ArgoCD ApplicationSets
89- ├─📁 bootstrap # Bootstrapping for ArgoCD
90- ├─📁 clusters # Cluster-specific data for reference
91- ├─📁 konfig # KCL libraries
92- └─📁 terraform # IaC defined via Terraform
85+ ├─📁 apps # KCL-based applications organized by tenants
86+ │ ├─📁 argo # Tenant: argo project
87+ │ │ ├─📁 _tenant # Tenant-level shared configuration
88+ │ │ │ ├─📁 base # Base tenant resources
89+ │ │ │ │ └─📄 .tenant.yaml # Configures this tenant's "apps" ApplicationSet
90+ │ │ │ └─📁 shared # Shared tenant resources
91+ │ │ │ └─📄 .tenant.yaml # Configures this tenant's "shared" ApplicationSet
92+ │ │ └─📁 cd # Application: argo-cd namespace
93+ │ │ ├─📁 base # Base app configuration
94+ │ │ └─📁 mgmt # Management cluster environment
95+ │ │ └─📄 .app.yaml # Configures this cluster's Argo CD Application
96+ │ └─📁 ... # Additional tenants
97+ ├─📁 appsets # ArgoCD ApplicationSets for multi-cluster deployment
98+ │ └─📄 tenants.yaml # Matrix generator deploying tenant ApplicationSets
99+ ├─📁 bootstrap # Cluster bootstrap configurations
100+ │ └─📁 core # Essential components (Cilium, ArgoCD)
101+ ├─📁 charts # Kclipper wrappers for Helm charts
102+ │ ├─📁 argo_cd # Auto-generated ArgoCD kclipper wrapper
103+ │ ├─📁 ... # Additional auto-generated chart wrappers
104+ │ └─📄 charts.k # Kclipper chart definitions
105+ ├─📁 clusters # Cluster configuration (Talos, KCL constants)
106+ │ ├─📁 main # Main cluster config
107+ │ └─📁 mgmt # Management cluster config
108+ └─📁 konfig # Custom KCL library for Kubernetes abstractions
109+ ├─📁 models # Core data models
110+ │ ├─📁 backend # Low-level Kubernetes resource models
111+ │ ├─📁 frontend # High-level application abstractions
112+ │ ├─📁 mixins # Reusable configuration mixins
113+ │ ├─📁 protocol # Interface definitions
114+ │ ├─📁 render # Rendering logic for YAML output
115+ │ └─📁 templates # Model templates
116+ └─📁 ... # Utility packages, etc.
93117```
94118
95119---
@@ -98,18 +122,19 @@ Overview of this repo's structure, there's more info in the README files for eac
98122
99123### Cloud Services
100124
101- | Service | Use | Cost |
102- | ---------------------------------------------------- | -------------------------------------------------------------- | ------------- |
103- | [ Hetzner Cloud] ( https://www.hetzner.com/ ) | Cloud compute and storage | $40/mo |
104- | [ Google Cloud] ( https://cloud.google.com/ ) | Cloud storage | $20/mo |
105- | [ Cloudflare] ( https://www.cloudflare.com/ ) | DNS, Certs, Proxy, WAF | Free |
106- | [ Doppler] ( https://doppler.com/ ) | Secrets with [ External Secrets] ( https://external-secrets.io/ ) | Free |
107- | [ GitHub] ( https://github.com/ ) | Hosting this repository and continuous integration/deployments | Free |
108- | [ Renovate] ( https://github.com/renovatebot/renovate ) | Automatic updates for applications via pull requests | Free |
109- | [ Robusta] ( https://home.robusta.dev/ ) | Alerts / notifications and runbook automation | Free |
110- | [ Terraform Cloud] ( https://www.terraform.io/ ) | Storing Terraform state | Free |
111- | [ Grafana Cloud] ( https://grafana.com/products/cloud/ ) | Hosted Grafana & Prometheus, used for misc public projects | Free |
112- | | | Total: $60/mo |
125+ | Service | Use | Cost |
126+ | ---------------------------------------------------- | ------------------------------------------------------------- | ------------- |
127+ | [ Hetzner Cloud] ( https://www.hetzner.com/ ) | Cloud compute and storage | $40/mo |
128+ | [ Google Cloud] ( https://cloud.google.com/ ) | Cloud storage | $20/mo |
129+ | [ Cloudflare] ( https://www.cloudflare.com/ ) | DNS, Certs, Proxy, WAF | Free |
130+ | [ Doppler] ( https://doppler.com/ ) | Secrets with [ External Secrets] ( https://external-secrets.io/ ) | Free |
131+ | [ GitHub] ( https://github.com/ ) | Hosting this repository and CI/CD workflows | Free |
132+ | [ Robusta] ( https://home.robusta.dev/ ) | Alerts and notifications | Free |
133+ | [ Terraform Cloud] ( https://www.terraform.io/ ) | Storing Terraform state | Free |
134+ | [ Grafana Cloud] ( https://grafana.com/products/cloud/ ) | Hosted Grafana / LGTM Stack | Free |
135+ | [ Auth0] ( https://auth0.com/ ) | IDP / Authentication and authorization platform | Free |
136+ | [ Unifi Site Manager] ( https://ui.com/ ) | Multi-site Unifi gateway management | Free |
137+ | | | Total: $60/mo |
113138
114139### Internet
115140
@@ -130,18 +155,28 @@ Overview of this repo's structure, there's more info in the README files for eac
130155
131156## 🔧 Hardware
132157
133- ### Computing
134-
135- | Count | Device | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |
136- | ----- | -------------------------- | ------------ | ------------------- | ----- | ---------------- | ------------------------------ |
137- | 3 | Turing Pi 2 | 1GB NAND | 32GB SD Card | 128MB | TPi BMC Firmware | 4-Node Cluster Board |
138- | 3 | Raspberry Pi CM4 | 32GB eMMC | N/A | 8GB | Talos Linux | K8s Management Control Plane |
139- | 3 | Turing RK1 | 32GB eMMC | 1TB SSD | 32GB | Talos Linux | K8s Management Workers (arm64) |
140- | 3 | Turing RK1 | 1TB SSD | N/A | 32GB | Talos Linux | K8s Control Plane |
141- | 3 | Supermicro M11SDV-8C+-LN4F | 64GB SATADOM | 4TB SSD | 128GB | Talos Linux | K8s Workers (x86) |
142- | 3 | Turing RK1 | 32GB eMMC | 1TB SSD | 32GB | Talos Linux | K8s Workers (arm64) |
143- | 1 | TrueNAS Mini R | 500GB SSD | 200TB HDD + 2TB SSD | 64GB | TrueNAS SCALE | Storage Server |
144- | 1 | Raspberry Pi 4B | 32GB SD Card | N/A | 4GB | PiKVM | Network KVM |
158+ ### Core
159+
160+ | Count | Device | Memory | Disk | OS | Purpose |
161+ | ----- | --------------- | ------ | ------------ | ------- | -------------------- |
162+ | 3 | Turing Pi 2 | 128MB | 1GB NAND | TPi BMC | 4-Node Cluster Board |
163+ | 1 | Raspberry Pi 4B | 4GB | 32GB SD Card | PiKVM | Network KVM |
164+
165+ ### Management Cluster
166+
167+ | Count | Device | Memory | Disk | OS | Purpose |
168+ | ----- | ---------------- | ------ | --------- | ----- | --------------- |
169+ | 3 | Raspberry Pi CM4 | 8GB | 32GB eMMC | Talos | Control Plane |
170+ | 3 | Turing RK1 | 32GB | 1TB NVMe | Talos | Workers (arm64) |
171+
172+ ### Main Cluster
173+
174+ | Count | Device | Memory | Disk | OS | Purpose |
175+ | ----- | -------------------------- | ------ | --------- | ----- | ---------------- |
176+ | 3 | Turing RK1 | 32GB | 1TB NVMe | Talos | Control Plane |
177+ | 3 | Supermicro M11SDV-8C+-LN4F | 128GB | 4TB SSD | Talos | Workers (x86) |
178+ | 3 | Turing RK1 | 32GB | 1TB NVMe | Talos | Workers (arm64) |
179+ | 1 | TrueNAS Mini R | 64GB | 200TB HDD | SCALE | Storage + Worker |
145180
146181### Networking
147182
0 commit comments