// self-hosted · gitops · k3s

One server.
A whole cloud,
run from a Git repo.

Field notes and reference docs for my home Kubernetes cluster — how it's built, why it's built that way, and how to rebuild the whole thing from scratch. Reproducible, documented, and honest about the trade-offs.

Explore the cluster → How to rebuild

1k3s node

14argo apps

56pods

100%gitops-managed

↑auto-recovers

aly@homelab: ~

aly@homelab:~$ kubectl get nodes

NAME STATUS ROLES VERSION

homelab Ready control-plane,master v1.36.1+k3s1

aly@homelab:~$ argocd app list -o name

✔ vault longhorn cert-manager ingress-nginx

✔ external-secrets db monitor argocd

✔ auth cloud immich whoami aly

aly@homelab:~$ git push origin main

// topology

How everything connects

From the public internet down to a pod. Traffic enters through the firewall, hits the ingress controller, and every workload is reconciled continuously from Git.

full network docs →

Edge vlan 20

InternetWAN

UDR7router · firewall

internal DNSdns

│
▼

Ingress

ingress-nginx:443

cert-managerTLS

k3s cluster ubuntu 26.04 · single-node

argocd

vault

longhorn

external-secrets

postgres

immich

nextcloud

grafana

Argo CD ◀── reconciles ─── github.com/AlyBadawy/hl-beta · app-of-apps

healthy / synced workload edge / wan ◀── = GitOps reconciliation loop

// two domains

Where to go next

The docs split into the software that runs on the cluster, and the physical & network layer underneath it.

01 — CLUSTER

The Homelab Cluster

A single-node k3s cluster running the full self-hosted stack, delivered entirely through GitOps. Per-component docs for everything that runs in-cluster.

ArgoCD
Vault
Longhorn
cert-manager
Ingress
ESO
Monitoring
Apps

Open cluster docs → 02 — INFRASTRUCTURE

The Broader Setup

Everything beneath the cluster: physical hardware, VLAN segmentation, DNS, NAS storage, and the firewall rules that tie the whole house network together.