Shared Kubernetes infrastructure for the homelab cluster.
homelab-platform/
├── argocd/ # ArgoCD App-of-Apps configuration
│ ├── projects/ # AppProject definitions
│ └── applications/ # Application manifests for all repos
├── namespaces/ # Namespace definitions with PSS
├── monitoring/ # Prometheus, Grafana, Loki, Alertmanager
├── ingress/ # Cloudflared tunnel, WireGuard, DNS failover
├── tenant-templates/ # Reusable network policies and quotas
├── storage/ # NFS provisioner, PDBs
├── dns/ # NodeLocal DNS cache
└── docs/ # Infrastructure documentation
This repo uses the App-of-Apps pattern. The root application manages all other applications:
- Sync Wave -2: Namespaces (must exist first)
- Sync Wave -1: Platform components (monitoring, ingress)
- Sync Wave 0: Applications (mirai, static-sites)
-
Bootstrap ArgoCD with the root application:
kubectl apply -f argocd/projects/ kubectl apply -f argocd/applications/root-app.yaml
-
Create required secrets (not in git):
# Alertmanager SMTP kubectl create secret generic alertmanager-smtp \ --namespace=monitoring \ --from-literal=smtp-password='$SMTP_PASSWORD' # Cloudflared credentials kubectl create secret generic cloudflared-credentials \ --namespace=ingress \ --from-file=credentials.json
Apply tenant isolation templates to any app namespace:
kubectl apply -f tenant-templates/ -n <app-namespace>- mirai-app - Mirai Next.js application
- static-sites - Static HTML sites
- homelab-talos - Talos Linux cluster config