finds.dev← search

// the find

billimek/k8s-gitops

★ 772 · YAML · Apache-2.0 · updated Jul 2026

GitOps principles to define kubernetes cluster state via code

A personal homelab Kubernetes cluster managed entirely through GitOps with Flux v2 and Talos Linux. It's a real production-ish setup running 30+ workloads including Plex, Home Assistant, Frigate, and a Minecraft server — not a tutorial repo, but someone's actual living infrastructure. Most useful as a reference for people standing up their own k8s-at-home cluster and wanting to see how all the pieces actually fit together.

The Renovate configuration is genuinely well-structured — split into focused files (allowedVersions, autoMerge, groups, customManagers) rather than one 500-line monolith, and the Claude-assisted Renovate review workflow in `.github/workflows/renovate-review.yaml` is a clever way to get automated sanity checks on dependency PRs. Secret management is done properly: External Secrets Operator pulling from 1Password, with ExternalSecret manifests committed to git and actual credentials never in the repo. The observability stack (Victoria Metrics, Victoria Logs, Grafana Operator, per-workload PrometheusRules and GrafanaDashboards as CRDs) is more mature than most homelab setups — this is closer to how you'd instrument a real cluster than the typical 'just install kube-prometheus-stack and forget it' approach. Storage strategy using both Rook/Ceph for block storage and VolumeSync for backup replication is a real solution, not a afterthought.

This is one person's homelab, which means the setup docs assume you have the same hardware, the same 1Password account, the same Cloudflare zone, and the same network topology. There's no abstraction or templating that would let someone else adopt this without significant surgery. The CLAUDE.md and AGENTS.md files suggest AI agents are being used to manage parts of this cluster, but there's no documentation of what those agents are actually doing or what guardrails exist — that's a meaningful operational risk for something managing real infrastructure. The etcd backup setup is a CronJob but there's no alerting visible for backup failures specifically, which is the one thing you really need to know broke. Duplicate Grafana dashboard files (both `grafana-dashboard-*.yaml` and `grafanadashboard-*.yaml` patterns coexist) suggest a migration in progress that never got cleaned up.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →