GitOps with ArgoCD
Declarative cluster management. Push to Git, ArgoCD deploys.
Bare Metal Kubernetes Homelab - Complete Setup Guide
Production-ready Kubernetes on bare metal with GitOps automation. Go from blank Ubuntu nodes to a fully operational cluster with one streamlined workflow.
What You’ll Build
Section titled “What You’ll Build”A production-ready Kubernetes cluster with these services accessible via HTTPS on your Tailnet:
| Service | URL | Purpose |
|---|---|---|
| ArgoCD | argocd.yourdomain.com | GitOps dashboard |
| Grafana | grafana.yourdomain.com | Metrics and dashboards |
| Prometheus | prometheus.yourdomain.com | Metrics collection |
| Alertmanager | alertmanager.yourdomain.com | Alert routing |
| Vault | vault.yourdomain.com | Secrets management |
| Longhorn | longhorn.yourdomain.com | Storage dashboard |
| Headlamp | headlamp.yourdomain.com | Kubernetes UI |
| Hubble | hubble.yourdomain.com | Network observability |
| Home | home.yourdomain.com | Dashboard with links |
Architecture
Section titled “Architecture”flowchart TB
subgraph Workstation["Your Workstation"]
Ansible["Ansible Playbooks"]
Git["Git Push"]
end
subgraph Nodes["Ubuntu 24.04 Nodes"]
CP["Control Plane"]
W1["Worker 1"]
W2["Worker N"]
end
subgraph Cluster["Kubernetes Cluster"]
ArgoCD["ArgoCD"]
Cilium["Cilium CNI"]
Envoy["Envoy Gateway"]
Vault["Vault"]
Longhorn["Longhorn"]
Apps["Your Apps"]
end
subgraph External["External Services"]
TS["Tailscale"]
CF["Cloudflare DNS"]
B2["Backblaze Backup"]
end
Ansible -->|provision| Nodes
Git -->|GitOps| ArgoCD
ArgoCD -->|deploys| Cluster
Envoy -->|ingress via| TS
CF -->|DNS records| TS
Longhorn -->|backups| B2
Prerequisites
Section titled “Prerequisites”- 1+ Ubuntu 24.04 nodes (bare metal or VMs)
- Minimum 2 CPU, 4GB RAM, 20GB disk per node
- Nodes can reach each other over the network
- Optional: GPU for transcoding (Intel iGPU or NVIDIA)
- Tailscale - Free account at tailscale.com
- Cloudflare - Domain with API token for DNS management
- Backblaze B2 (optional) - For Longhorn backup storage
- GitHub - For ArgoCD Image Updater write-back
- macOS, Linux, or WSL2
- Ansible, kubectl, Helm, Cilium CLI installed
- SSH access to all nodes
Choose Your Path
Section titled “Choose Your Path” Bare Metal Setup Production deployment on real hardware. Full guide from blank nodes to running cluster.
Local Development Test everything locally with Multipass VMs before touching hardware.
What’s Included
Section titled “What’s Included”Ansible Automation
One-command node provisioning. Reproducible and version controlled.
Cilium CNI
eBPF networking with Gateway API via Envoy Gateway.
Tailscale Ingress
Secure ingress with split-horizon DNS and automatic certificates.
Vault Secrets
HashiCorp Vault with External Secrets Operator. No secrets in Git.
Longhorn Storage
Distributed block storage with S3 backups.
Component Stack
Section titled “Component Stack”| Layer | Components |
|---|---|
| Bootstrap | kubeadm, Ansible playbooks |
| Networking | Cilium, Envoy Gateway, Tailscale Operator |
| GitOps | ArgoCD, ApplicationSets, Image Updater |
| Secrets | Vault, External Secrets Operator |
| Storage | Longhorn, Backblaze B2 backup |
| DNS/TLS | ExternalDNS, cert-manager, Cloudflare |
| Monitoring | Prometheus, Grafana, Alertmanager, ntfy |
| Security | Kubescape scanning |
Quick Links
Section titled “Quick Links” Tutorials Step-by-step cluster setup guides
How-To Guides Task-specific procedures
Architecture GitOps automation model
GitHub Source code