// the find
onedr0p/cluster-template
A template for deploying a Talos Kubernetes cluster including Flux for GitOps
A GitHub template for bootstrapping a home/bare-metal Kubernetes cluster on Talos Linux, wired up with Flux GitOps from day one. The stack is opinionated: Cilium for networking, SOPS for secrets, Cloudflare for ingress and DNS, Envoy Gateway instead of ingress-nginx. Target audience is homelabbers who want a production-grade setup without building it from scratch.
The single TOML config file validated by CUE is a genuinely good idea — it catches misconfiguration (duplicate IPs, overlapping CIDRs) before anything touches a node, as evidenced by the test fixtures in .github/tests/. Renovate is pre-configured and scoped correctly, so dependency drift is handled automatically rather than left as an exercise for the reader. The choice of Talos (immutable, API-driven OS) over a general-purpose Linux distro is correct for this use case — no SSH, no config drift, reproducible upgrades. The Flux-operator approach with HelmReleases and OCI repositories is cleaner than the old source-controller-plus-git-repo pattern.
Hard dependency on Cloudflare for both tunnel and DNS makes this unusable without a Cloudflare account and domain — that's a real constraint that the README buries. No persistent storage is included; the README lists options but leaves the entire stateful workload problem as an exercise, which is the hardest part for most people adopting this. The template generates all config locally then commits it, meaning secrets flow through the local machine before SOPS encrypts them — fine if you know what you're doing, a footgun if you don't. Bootstrap is a 6-stage manual process with multiple shell commands that must run in order; one interruption requires a full cluster reset, which the README notes but doesn't make easier to recover from.