This repo contains all of the configuration and documentation of my homelab.
The purpose of my homelab is to learn and to have fun. Being a Cloud Native Engineer by trade, I work with Kubernetes every day, and my homelab is the place where I can try out and learn new things. On the other hand, by self-hosting some applications, it makes me feel responsible for the entire process of deploying and maintaining an application from A to Z. It forces me to think about backup strategies, security, scalability and the ease of deployment and maintenance.
I use K3s to set up my cluster. I prefer K3s because it is lightweight and minimal, optimized for edge and IoT environments while still providing production-grade capabilities.
I use Raspberry Pi computers for my cluster, which offer great performance in a small form factor with minimal power consumption.
- Raspberry Pi 5 8GB RAM (Master Node)
- Raspberry Pi 5 8GB RAM (Worker Node)
- Raspberry Pi 5 16GB RAM (Worker Node/Data Node)
End User Applications
| Logo | Name | Description |
|---|---|---|
 |
Linkding | Self-hosted bookmark manager with browser extensions |
 |
Audiobookshelf | Self-hosted audiobook and podcast server |
 |
pgAdmin | Web-based PostgreSQL database management tool with credentials securely fetched from AWS Secrets Manager |
 |
Homepage | A modern dashboard for self-hosted applications |
Everything needed to run my cluster & deploy my applications
| Logo | Name | Description |
|---|---|---|
 |
Cilium | eBPF-based networking, observability and security for Kubernetes |
 |
Cloudflare Zero Trust | Used for private tunnels to expose public services (without requiring a public IP). |
| Cert Manager | X.509 certificate management for Kubernetes with Let's Encrypt integration | |
 |
CloudNativePG | Database operator for running PostgreSQL clusters with AWS S3 backups |
 |
Flux CD | My GitOps solution of choice for managing cluster resources |
 |
Grafana | The open observability platform |
 |
Prometheus | An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach |
 |
Renovate | Automated dependency updates |
 |
AWS S3 | Cloud object storage for database backups and disaster recovery |
| External Secrets Operator | Kubernetes operator that integrates external secret management systems like AWS Secrets Manager | |
 |
AWS Secrets Manager | Centralized cloud-based secrets management service for storing and retrieving application credentials |
| Elasticsearch | Search engine and analytics |
My homelab is orchestrated using a combination of GitOps tools that ensure all configurations remain declarative and consistent. I use Flux CD for continuous deployment and Renovate for automated dependency updates. This central interface, accessible via Homepage, provides a complete overview of cluster health, installed apps, and infrastructure status.
I use K3s with its built-in networking capabilities, which provides a simple yet powerful solution for container networking.
My storage strategy revolves around persistent volumes managed by K3s with local paths. For backups, I use CloudNativePG's integration with AWS S3 to ensure data durability.
I use a multi-layered approach to secret management:
- AWS Secrets Manager - Stores sensitive credentials like database passwords and service access keys
- External Secrets Operator - Pulls secrets from AWS Secrets Manager and creates corresponding Kubernetes secrets
- SOPS - Encrypts sensitive configuration files directly in the Git repository
- Flux - Handles decryption of SOPS-encrypted files during GitOps operations