Deployment files for my Kubernetes cluster "Artemis-Cluster"
- YAML 66.6%
- MARKDOWN 26.2%
- Python 3.7%
- JUST 1.3%
- JSON5 0.8%
- Other 1.4%
dusk-bot
e2980f97ab
All checks were successful
kustomization/unpoller/df4687d1 reconciliation succeeded
kustomization/echo/7269528b reconciliation succeeded
kustomization/victoria-logs/df4687d1 reconciliation succeeded
kustomization/blackbox-exporter/df4687d1 reconciliation succeeded
kustomization/flaresolverr/6d67e041 reconciliation succeeded
kustomization/grafana/df4687d1 reconciliation succeeded
kustomization/rook-ceph-operator/65b2e497 reconciliation succeeded
kustomization/external-secrets/eb6ce560 reconciliation succeeded
kustomization/openebs/2935a6ab reconciliation succeeded
kustomization/artemis-cluster/b15f4d5a reconciliation succeeded
kustomization/text-embeddings-inference/880984c4 reconciliation succeeded
kustomization/toolhive/880984c4 reconciliation succeeded
kustomization/flux-operator/b15f4d5a reconciliation succeeded
kustomization/forgejo-runner/ccc4516f reconciliation succeeded
kustomization/toolhive-crds/880984c4 reconciliation succeeded
kustomization/certificates-import/7269528b reconciliation succeeded
kustomization/pve-exporter/df4687d1 reconciliation succeeded
kustomization/rook-ceph-csi-drivers/65b2e497 reconciliation succeeded
kustomization/cert-manager/5f9a1f3c reconciliation succeeded
kustomization/smartctl-exporter/df4687d1 reconciliation succeeded
kustomization/tuppr/d23b6d26 reconciliation succeeded
kustomization/certificates-export/7269528b reconciliation succeeded
kustomization/volsync/4821fe54 reconciliation succeeded
kustomization/paperless-gotenberg/6d67e041 reconciliation succeeded
kustomization/truenas-exporter/df4687d1 reconciliation succeeded
kustomization/paperless-tika/6d67e041 reconciliation succeeded
kustomization/victoria-logs-collector/df4687d1 reconciliation succeeded
kustomization/etcd-defrag/cd8e3795 reconciliation succeeded
kustomization/cloudflare-tunnel/7269528b reconciliation succeeded
kustomization/unifi-dns/7269528b reconciliation succeeded
kustomization/flux-instance/b15f4d5a reconciliation succeeded
kustomization/tuppr-upgrades/d23b6d26 reconciliation succeeded
kustomization/envoy-gateway/7269528b reconciliation succeeded
kustomization/cloudflare-dns/7269528b reconciliation succeeded
kustomization/k8tz/cd8e3795 reconciliation succeeded
kustomization/external-endpoints/da18bfa0 reconciliation succeeded
kustomization/flux-webhook/b15f4d5a reconciliation succeeded
kustomization/forgesync/ccc4516f reconciliation succeeded
kustomization/onepassword-connect/eb6ce560 reconciliation succeeded
kustomization/volsync-maintenance/4821fe54 reconciliation succeeded
kustomization/kopia/4821fe54 reconciliation succeeded
kustomization/searxng/880984c4 reconciliation succeeded
kustomization/jellyfin/6d67e041 reconciliation succeeded
kustomization/xbrowsersync/d61ba267 reconciliation succeeded
kustomization/autopulse/6d67e041 reconciliation succeeded
kustomization/agentmemory/880984c4 reconciliation succeeded
kustomization/home-assistant/d26781c6 reconciliation succeeded
kustomization/rook-ceph-cluster/65b2e497 reconciliation succeeded
kustomization/komga/d61ba267 reconciliation succeeded
kustomization/matter-server/d26781c6 reconciliation succeeded
kustomization/thelounge/6d67e041 reconciliation succeeded
kustomization/kapowarr/6d67e041 reconciliation succeeded
kustomization/toolhive-config/880984c4 reconciliation succeeded
kustomization/dispatcharr/6d67e041 reconciliation succeeded
kustomization/pocket-id/7871a86d reconciliation succeeded
kustomization/sabnzbd/6d67e041 reconciliation succeeded
kustomization/bazarr/6d67e041 reconciliation succeeded
kustomization/autobrr/6d67e041 reconciliation succeeded
kustomization/bookboss/6d67e041 reconciliation succeeded
kustomization/lldap/7871a86d reconciliation succeeded
kustomization/homebridge/d26781c6 reconciliation succeeded
kustomization/kube-prometheus-stack/df4687d1 reconciliation succeeded
kustomization/esphome/d26781c6 reconciliation succeeded
kustomization/streamystats/6d67e041 reconciliation succeeded
kustomization/grafana-mcp/880984c4 reconciliation succeeded
kustomization/github-mcp/880984c4 reconciliation succeeded
kustomization/kaizoku/6d67e041 reconciliation succeeded
kustomization/mosquitto/d26781c6 reconciliation succeeded
kustomization/prowlarr/6d67e041 reconciliation succeeded
kustomization/zigbee/d26781c6 reconciliation succeeded
kustomization/paperless-database/6d67e041 reconciliation succeeded
kustomization/context7-mcp/880984c4 reconciliation succeeded
kustomization/gatus/df4687d1 reconciliation succeeded
kustomization/minecraft/c4178113 reconciliation succeeded
kustomization/ha-mcp/880984c4 reconciliation succeeded
kustomization/silence-operator/df4687d1 reconciliation succeeded
kustomization/forgejo-mcp/880984c4 reconciliation succeeded
kustomization/pipelines/880984c4 reconciliation succeeded
kustomization/k8s-mcp/880984c4 reconciliation succeeded
kustomization/immich-database/d61ba267 reconciliation succeeded
kustomization/prometheus-adapter/df4687d1 reconciliation succeeded
kustomization/searxng-mcp/880984c4 reconciliation succeeded
kustomization/silence-operator-silences/df4687d1 reconciliation succeeded
kustomization/shelfmark/6d67e041 reconciliation succeeded
kustomization/kromgo/df4687d1 reconciliation succeeded
kustomization/arr-mcp/880984c4 reconciliation succeeded
kustomization/sonarr/6d67e041 reconciliation succeeded
kustomization/node-red/d26781c6 reconciliation succeeded
kustomization/komf/6d67e041 reconciliation succeeded
kustomization/agentmemory-mcp/880984c4 reconciliation succeeded
kustomization/immich-microservices/d61ba267 reconciliation succeeded
kustomization/recyclarr/6d67e041 reconciliation succeeded
kustomization/qbittorrent/6d67e041 reconciliation succeeded
kustomization/seerr/6d67e041 reconciliation succeeded
kustomization/open-webui/880984c4 reconciliation succeeded
kustomization/radarr/6d67e041 reconciliation succeeded
kustomization/qui/6d67e041 reconciliation succeeded
kustomization/paperless-app/6d67e041 reconciliation succeeded
kustomization/grafana-instance/df4687d1 reconciliation succeeded
kustomization/seerr-mcp/880984c4 reconciliation succeeded
kustomization/immich-app/d61ba267 reconciliation succeeded
kustomization/immich-machine-learning/d61ba267 reconciliation succeeded
kustomization/flux-system/b15f4d5a reconciliation succeeded
kustomization/snapshot-controller/cd8e3795 reconciliation succeeded
kustomization/renovate-operator/cd8e3795 reconciliation succeeded
kustomization/spegel/cd8e3795 reconciliation succeeded
kustomization/renovate-operator-jobs/cd8e3795 reconciliation succeeded
kustomization/coredns/cd8e3795 reconciliation succeeded
kustomization/metrics-server/cd8e3795 reconciliation succeeded
kustomization/multus/cd8e3795 reconciliation succeeded
kustomization/intel-gpu-resource-driver/cd8e3795 reconciliation succeeded
kustomization/reflector/cd8e3795 reconciliation succeeded
kustomization/multus-networks/cd8e3795 reconciliation succeeded
kustomization/reloader/cd8e3795 reconciliation succeeded
kustomization/descheduler/cd8e3795 reconciliation succeeded
kustomization/cilium/cd8e3795 reconciliation succeeded
|
||
|---|---|---|
| .agents | ||
| .claude/commands | ||
| .forgejo | ||
| .vscode | ||
| bootstrap | ||
| docs | ||
| kubernetes | ||
| scripts | ||
| talos | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .justfile | ||
| .lefthook.toml | ||
| .mcp.json | ||
| .mcp.json.example | ||
| .minijinja.toml | ||
| .mise.toml | ||
| .oxfmtrc.json | ||
| .renovaterc.json5 | ||
| .shellcheckrc | ||
| .yamlls.yaml | ||
| AGENTS.md | ||
| CLAUDE.md | ||
| entities.json | ||
| LICENSE | ||
| mempalace.yaml | ||
| mise.lock | ||
| README.md | ||
The Artemis Cluster
... where YAML is law, Renovate never sleeps, and 2am
is just debugging hours.
📖 Overview
Artemis is my homelab Kubernetes cluster, built on Talos Linux and managed entirely through Git. Three bare-metal control planes, three VM workers (one with a GPU), all reconciled automatically by Flux CD — push to main, it shows up in the cluster.
⛵ Kubernetes
Directories
📁 kubernetes
├── 📁 apps
│ ├── 📁 actions-runner-system # Self-hosted GitHub Actions runners for CI workflows
│ ├── 📁 cert-manager # Automated TLS certificates via Let's Encrypt
│ ├── 📁 cortex # AI stack — Open WebUI, SearXNG, text-embeddings-inference, ToolHive (9 MCP servers)
│ ├── 📁 default # Personal apps — Immich (photos), Komga (comics), Bookboss (books)
│ ├── 📁 external-endpoints # ExternalName services bridging off-cluster resources into the mesh
│ ├── 📁 external-secrets # 1Password-backed ExternalSecret operator for all cluster secrets
│ ├── 📁 flux-system # Flux Operator, FluxInstance, and GitOps sync entrypoint
│ ├── 📁 home-automation # Home Assistant, Frigate, Zigbee2MQTT, Mosquitto, Matter Server, ESPHome
│ ├── 📁 kube-system # Cilium (CNI/BGP), CoreDNS, Multus, Intel GPU driver, cluster utilities
│ ├── 📁 media # Arr stack, Jellyfin, SABnzbd, qBittorrent+Gluetun, Prowlarr, Bazarr
│ ├── 📁 network # Envoy Gateway ingress, ExternalDNS (Cloudflare + UniFi), Cloudflare Tunnel
│ ├── 📁 observability # Prometheus, Grafana, VictoriaLogs, Fluent Bit, Gatus, Kromgo, KEDA
│ ├── 📁 openebs-system # Local-path storage provisioner for single-node PVCs
│ ├── 📁 rook-ceph # Distributed block storage across 3 OSD nodes (one per control plane)
│ ├── 📁 security # Pocket-ID OIDC provider for cluster-wide SSO
│ ├── 📁 system-upgrade # Tuppr — automated Talos and Kubernetes version upgrades
│ └── 📁 volsync-system # PVC backup and restore via Kopia snapshots
├── 📁 components # Reusable Kustomize components (volsync, etc.)
└── 📁 flux # Flux sync entrypoint → kubernetes/apps
🔧 Hardware
| Device | Count | Disk | RAM | OS | Purpose |
|---|---|---|---|---|---|
Lenovo M710q (talos-cp-01/02/03) |
3 | 256GB NVMe (boot) + 256GB SATA SSD (Ceph OSD) | 16GB | Talos Linux | Kubernetes Control Plane |
Proxmox VM on pantheon (talos-w-01/02) |
2 | Virtualized | 32GB | Talos Linux | Kubernetes Worker |
Proxmox VM on pantheon (talos-gpu-01) |
1 | Virtualized | 32GB | Talos Linux | Kubernetes GPU Worker (ASRock Arc A380 6GB passthrough) |
HPE ML150 G9 (pantheon) |
1 | T-FORCE 1TB SSD | 192GB | Proxmox | Virtualization Host |
Supermicro (atlas) |
1 | 3× RAIDZ2 6-wide (~41TB usable) | 94.3GB ECC | TrueNAS SCALE | NAS / Media Storage |
🌐 Networking
| Device | Role |
|---|---|
| UniFi Cloud Gateway Max | WAN/NAT, L3 gateway, DHCP, BGP (FRR), DNS, UniFi controller |
| Mikrotik CRS309-1G-8S+ | L2 switch only — downstream of UCG-Max on VLAN 1099 (LAB) |
| UniFi US-48 PoE 500W | L2 switch (upstream: UCG-Max) |
| UniFi US-16 PoE 150W | L2 switch (upstream: US-48) |
🤝 Acknowledgments
Thanks to the following for their work and shared knowledge:
- onedr0p/home-ops
- bjw-s-labs/home-ops
- joryirving/home-ops
- Christian Lempa
- TechnoTim
- Home Operations Discord community
📝 License
This repository is available under the WTFPL License. See LICENSE for details.