fix nginx LB -> kube-vip, mermaid labels, abstract VPN details
This commit is contained in:
Tuan-Dat Tran
53
README.md
53
README.md
@@ -14,46 +14,45 @@ A production-grade homelab running on bare-metal Proxmox, with a 17-node Kuberne
|
|||||||
```mermaid
|
```mermaid
|
||||||
graph TB
|
graph TB
|
||||||
subgraph ext[" External"]
|
subgraph ext[" External"]
|
||||||
CF["Cloudflare\nCDN + DNS"]
|
CF["Cloudflare CDN"]
|
||||||
Admin["Remote Admin"]
|
Admin["Remote Admin"]
|
||||||
end
|
end
|
||||||
|
|
||||||
subgraph vps["Edge VPS"]
|
subgraph vps["Edge VPS"]
|
||||||
WG["WireGuard\nVPN Gateway"]
|
WG["WireGuard VPN Gateway"]
|
||||||
TraefikVPS["Traefik\nReverse Proxy"]
|
TraefikVPS["Traefik"]
|
||||||
Pangolin["Pangolin\nTunnel Server"]
|
Pangolin["Pangolin Tunnel Server"]
|
||||||
end
|
end
|
||||||
|
|
||||||
subgraph proxmox["Proxmox Cluster — 5 physical nodes"]
|
subgraph proxmox["Proxmox Cluster — 5 physical nodes"]
|
||||||
subgraph cp["Control Plane ×3 (HA etcd)"]
|
subgraph cp["Control Plane x3 — HA etcd + kube-vip"]
|
||||||
S["k3s-server"]
|
S["k3s-server"]
|
||||||
end
|
end
|
||||||
LB["nginx\nLoad Balancer"]
|
subgraph workers["Worker Nodes x14"]
|
||||||
subgraph workers["Worker Nodes ×14"]
|
|
||||||
W["k3s-agent"]
|
W["k3s-agent"]
|
||||||
end
|
end
|
||||||
DH["docker-host\nIntel QuickSync GPU"]
|
DH["docker-host — Intel QuickSync GPU"]
|
||||||
NFS["NFS Server\nDedicated storage node"]
|
NFS["NFS Server — dedicated storage node"]
|
||||||
end
|
end
|
||||||
|
|
||||||
subgraph k8s["Kubernetes"]
|
subgraph k8s["Kubernetes"]
|
||||||
subgraph platform["Platform layer"]
|
subgraph platform["Platform"]
|
||||||
direction LR
|
direction LR
|
||||||
MetalLB["MetalLB"]
|
MetalLB
|
||||||
Traefik["Traefik"]
|
Traefik
|
||||||
Longhorn["Longhorn"]
|
Longhorn
|
||||||
ArgoCD["ArgoCD"]
|
ArgoCD
|
||||||
Prometheus["Prometheus\n+ Grafana"]
|
Prometheus
|
||||||
ECK["Elastic Stack\n(ECK)"]
|
ECK["Elastic Stack"]
|
||||||
Istio["Istio\nAmbient"]
|
Istio["Istio Ambient"]
|
||||||
end
|
end
|
||||||
subgraph apps["Applications"]
|
subgraph apps["Applications"]
|
||||||
direction LR
|
direction LR
|
||||||
Immich["Immich"]
|
Immich
|
||||||
VW["Vaultwarden"]
|
VW["Vaultwarden"]
|
||||||
HA["Home Assistant"]
|
HA["Home Assistant"]
|
||||||
Media["Arr Stack\n+ Jellyfin"]
|
Media["Arr Stack + Jellyfin"]
|
||||||
Other["Paperless · N8n\nNtfy · Gitea · …"]
|
Other["Paperless, N8n, Ntfy ..."]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -62,11 +61,10 @@ graph TB
|
|||||||
CF -->|Cloudflare tunnel| k8s
|
CF -->|Cloudflare tunnel| k8s
|
||||||
TraefikVPS --> Pangolin
|
TraefikVPS --> Pangolin
|
||||||
Pangolin -->|Newt client| k8s
|
Pangolin -->|Newt client| k8s
|
||||||
LB --> cp
|
|
||||||
cp --- workers
|
cp --- workers
|
||||||
workers --- Longhorn
|
workers --- Longhorn
|
||||||
NFS -->|NFS mount| Media
|
NFS -->|NFS mount| Media
|
||||||
DH -->|Jellyfin\nDocker| Media
|
DH -->|Docker| Media
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -78,12 +76,11 @@ graph TB
|
|||||||
| Physical | `aya01` | Proxmox node + NFS server | Dedicated storage — no VMs |
|
| Physical | `aya01` | Proxmox node + NFS server | Dedicated storage — no VMs |
|
||||||
| Physical | `lulu` | Proxmox node | k3s agents |
|
| Physical | `lulu` | Proxmox node | k3s agents |
|
||||||
| Physical | `inko01` | Proxmox node | k3s server + agents + docker host |
|
| Physical | `inko01` | Proxmox node | k3s server + agents + docker host |
|
||||||
| Physical | `naruto01` | Proxmox node | k3s server + agents + LB |
|
| Physical | `naruto01` | Proxmox node | k3s server + agents |
|
||||||
| Physical | `mii01` | Proxmox node | k3s server + agents |
|
| Physical | `mii01` | Proxmox node | k3s server + agents |
|
||||||
| VM | `k3s-server-{10,11,12}` | K3s control plane (HA etcd) | 2 vCPU · 4 GB RAM · 64 GB |
|
| VM | `k3s-server-{10,11,12}` | K3s control plane (HA etcd + kube-vip VIP) | 2 vCPU · 4 GB RAM · 64 GB |
|
||||||
| VM | `k3s-agent-{10…23}` | K3s worker nodes ×14 | 2 vCPU · 4 GB RAM · 128 GB |
|
| VM | `k3s-agent-{10…23}` | K3s worker nodes ×14 | 2 vCPU · 4 GB RAM · 128 GB |
|
||||||
| VM | `docker-host11` | Docker host w/ GPU passthrough | 2 vCPU · 4 GB RAM · 192 GB · Intel QuickSync |
|
| VM | `docker-host11` | Docker host w/ GPU passthrough | 2 vCPU · 4 GB RAM · 192 GB · Intel QuickSync |
|
||||||
| VM | `k3s-loadbalancer` | nginx LB fronting control plane | 1 vCPU · 2 GB RAM |
|
|
||||||
| VM | `docker-lb` | Caddy reverse proxy (LAN only) | 1 vCPU · 2 GB RAM |
|
| VM | `docker-lb` | Caddy reverse proxy (LAN only) | 1 vCPU · 2 GB RAM |
|
||||||
| VPS | `mii` | Edge node (Netcup) | WireGuard · Traefik · Pangolin |
|
| VPS | `mii` | Edge node (Netcup) | WireGuard · Traefik · Pangolin |
|
||||||
|
|
||||||
@@ -97,6 +94,7 @@ All VMs run **Debian 12** on `virtio` network bridges, provisioned from cloud-in
|
|||||||
|-----------|-------------|---------|
|
|-----------|-------------|---------|
|
||||||
| **ArgoCD** | Helm (App-of-Apps) | GitOps CD — all cluster state driven from Git |
|
| **ArgoCD** | Helm (App-of-Apps) | GitOps CD — all cluster state driven from Git |
|
||||||
| **ArgoCD Image Updater** | Helm | Watches registries, commits updated image tags back to Git |
|
| **ArgoCD Image Updater** | Helm | Watches registries, commits updated image tags back to Git |
|
||||||
|
| **kube-vip** | DaemonSet on control plane | HA VIP for the K8s API server |
|
||||||
| **Traefik** | k3s built-in | Ingress controller, fronted by MetalLB |
|
| **Traefik** | k3s built-in | Ingress controller, fronted by MetalLB |
|
||||||
| **MetalLB** | Helm (ArgoCD) | Bare-metal load balancer, assigns IPs from reserved pool |
|
| **MetalLB** | Helm (ArgoCD) | Bare-metal load balancer, assigns IPs from reserved pool |
|
||||||
| **Cert-Manager** | Helm (ArgoCD) | Automated TLS via Let's Encrypt DNS-01 (Cloudflare API) |
|
| **Cert-Manager** | Helm (ArgoCD) | Automated TLS via Let's Encrypt DNS-01 (Cloudflare API) |
|
||||||
@@ -130,7 +128,7 @@ All VMs run **Debian 12** on `virtio` network bridges, provisioned from cloud-in
|
|||||||
| **Gitea Runner** | CI/CD runner | – |
|
| **Gitea Runner** | CI/CD runner | – |
|
||||||
| **Zeroclaw** | Per-user instances (×3) via Kustomize overlays | – |
|
| **Zeroclaw** | Per-user instances (×3) via Kustomize overlays | – |
|
||||||
| **Arr Stack** | Media automation suite | Prowlarr · Sonarr · Radarr · Unpackarr |
|
| **Arr Stack** | Media automation suite | Prowlarr · Sonarr · Radarr · Unpackarr |
|
||||||
| **qBittorrent** | Torrent clients (×2) | Gluetun VPN sidecar · ProtonVPN |
|
| **qBittorrent** | Torrent clients (×2) with VPN isolation | Gluetun sidecar |
|
||||||
| **Jellyfin** | Media server with hardware transcoding | Docker · Intel QuickSync |
|
| **Jellyfin** | Media server with hardware transcoding | Docker · Intel QuickSync |
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -159,8 +157,7 @@ ansible-homelab/ # Ansible roles + playbooks for all VM provisioning
|
|||||||
│ ├── common/ # Base OS config, SSH hardening, node-exporter
|
│ ├── common/ # Base OS config, SSH hardening, node-exporter
|
||||||
│ ├── k3s_server/ # HA control plane install + taint config
|
│ ├── k3s_server/ # HA control plane install + taint config
|
||||||
│ ├── k3s_agent/ # Worker node install
|
│ ├── k3s_agent/ # Worker node install
|
||||||
│ ├── k3s_loadbalancer/ # nginx LB config
|
│ ├── kube_vip/ # HA VIP (kube-vip DaemonSet on control plane nodes)
|
||||||
│ ├── kube_vip/ # VIP setup
|
|
||||||
│ ├── docker_host/ # Docker + GPU passthrough
|
│ ├── docker_host/ # Docker + GPU passthrough
|
||||||
│ ├── proxmox/ # Proxmox node config
|
│ ├── proxmox/ # Proxmox node config
|
||||||
│ └── edge_vps/ # VPS services (WireGuard, Traefik, Pangolin)
|
│ └── edge_vps/ # VPS services (WireGuard, Traefik, Pangolin)
|
||||||
|
|||||||
Reference in New Issue
Block a user