The Bed Time Problem
😱 k8s at home 😵
Who's this guy?
The Issue
The Solution
Swarm, why didn't you win
What I settled for
What does it look like
What this looks like
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: home-assistant
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://github.com/Softyy/adkins-cluster
targetRevision: HEAD
path: apps/home-assistant/resources/
destination:
name: "in-cluster"
namespace: home-assistant
syncPolicy:
automated:
enabled: true
syncOptions:
- CreateNamespace=true
App of Apps
Oh no, my secrets!
apiVersion: isindir.github.com/v1alpha3
kind: SopsSecret
metadata:
name: grafana-k8s-monitoring
namespace: grafana
spec:
suspend: false
secretTemplates:
- name: grafana-k8s-monitoring
stringData:
API_TOKEN: ENC[AES256_GCM,data:P+KJAptu7ssNVjkOxR9kpAYGE4Yo9Tzg0v86Try4BzcVy7JskYmiHRjiujXDCSYCSz4I1paTmxCdcpVoVmvzqxlosIVFlENzhD8W2ydMGUTqxXZ1ydPzzm2OjyeQRRGem/jbOqqZ4kuY0CltvIMRLbCjTAGNu3f8pjrF5jgqD+LJESLF5WKm3kgVHVWx5NRvUOCtDIUiew+A0LGpjyEhi9W/JzZ68OWVFOY3AKCiw+efLL2R/nCER7u1wj8=,iv:Dx4ObGdffMq3UEmpOr8QRerzsR0QAIof6glTDH9IDlE=,tag:48nUCWGIcb66w6Yd492lkw==,type:str]
PROM_USERNAME: ENC[AES256_GCM,data:GsABC/Hueg==,iv:+pLoa2X7FxQbLEbU2MCDNzdNKvCk+v26mQfKhdk2IRQ=,tag:LHEaLAM6hLN79RfYM+6I7A==,type:str]
PROM_HOST: ENC[AES256_GCM,data:9BOGYlO2DXKltZgusi6ddH3/nYAbz4EwjN2j89WZsNqlWHJZ5qKiDp/nW69JDCtGJIGxhEc=,iv:6ZIeb4Zq/i8qbst8ubE0Mv9PNZsIA8zfHUmaJNDIVf8=,tag:fgIwG7AgiF1NuAZwXIvV8Q==,type:str]
LOKI_USERNAME: ENC[AES256_GCM,data:EYO1Y1BY7A==,iv:2LG7l29tm7v3IkJ6Wk5/j3sivNzhjPGn5V77TcRsfQA=,tag:R/Z9ta0likd4jJjzSIM9JQ==,type:str]
LOKI_HOST: ENC[AES256_GCM,data:gsOZ8QaJO9rVaHLdGwqfGUSBrVFeLUEzovwerII+ho9c,iv:2KLXCWJ93MxfidkY4dmOJfRTeDwOVqhlRHuADLnhBTE=,tag:se5gDH9WwYDEUOg6ru+w6Q==,type:str]
OTLP_USERNAME: ENC[AES256_GCM,data:EzSIgztw7Q==,iv:qajhyguDxmSu5irlCkbxrWgNIEelqDjY6mE6ego4qs4=,tag:NTawcyMrdPbNZrtwOHSWlA==,type:str]
OTLP_HOST: ENC[AES256_GCM,data:58Zbssulu6wpyuPXx/g9wMdEnHdXgaiUOi4TliamA6R47RYwIliF1IvwKD8iT7c=,iv:ua2uBI5xChNPFOe1D/HQiYr7rsod5ZouPEFM1W2SC/8=,tag:YO49IWhOgRpnrwzPylMW5A==,type:str]
sops:
age:
- recipient: age1qqca3tgp3suzgspun8prklyqpjjnzluqjqqfdahmgn0dvupnzvzqs46egd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYlJlL2ZBb2FWcEd0aFps
WTJweWhTVDdpMW1kMEhpNzVNcXVtNUxrRm44CkxlMjIrc1lFNVBwTjVpeU5JS0FW
N1ZLTEp1RmlhTm9sM0k1eWZTc2kxM3MKLS0tIEY2YWdJTVRmSVloS1hqZUM2OHpH
dlhtUURvdmFYcnRrbFJNVDBKMC8vcEEK5aCvLmVOw0W4qrRpp0n3WkYHU9D8KHI+
y1pE3BCOTYuL6aR30JIQIkdZ/Ctgox6IKAhSGYLzZRmBfWj2sFVz8A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-04T21:40:53Z"
mac: ENC[AES256_GCM,data:FDJYihrQp+FAAql6i1AEKlw6IIw/C/pmBaIiNR6x6dsd/rrctvUY2awIcSZq2dV1hDexj5MbSfNUjA/8B0eBiDBb7MYb+UzW+kuCOykALebl+uLD3yPIYz+x0F/w7qA32ipkkbBZl3aAWQk3AgAVCr9GwOnHCnIw0FmPRfWa6iE=,iv:e/5BNHbENLSmN7uA5O+dQ4z0loL5QYIiFgSKUkMK7Z4=,tag:QTWJXr1PsaDz9gybyZnoeg==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.11.0
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: home-assistant
namespace: home-assistant
labels:
app.kubernetes.io/name: home-assistant
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`iot.adkins.in`)
priority: 10
services:
- name: home-assistant
port: 8123
tls:
secretName: wildcard-cert
What this looks like
apiVersion: argoproj.io/v1alpha1
kind: Application
...
spec:
...
syncPolicy:
automated:
enabled: true
Home Tour
Success!
Questions?
Thanks for listening
- f ~ fullscreen
- o ~ navigation view
- arrow keys ~ navigation
