Configuration Files
This section contains important configuration files used throughout the homelab.
Kubernetes Manifests
Namespace Template
Deployment Template
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
namespace: my-app-namespace
labels:
app: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
imagePullSecrets:
- name: harbor-secret
containers:
- name: my-app
image: 192.168.1.206:30002/project/my-app:latest
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
livenessProbe:
httpGet:
path: /health
port: 80
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 80
initialDelaySeconds: 5
periodSeconds: 5
Service Templates
NodePort Service
apiVersion: v1
kind: Service
metadata:
name: my-app-service
namespace: my-app-namespace
spec:
type: NodePort
selector:
app: my-app
ports:
- port: 80
targetPort: 80
nodePort: 30080
ClusterIP Service
apiVersion: v1
kind: Service
metadata:
name: my-app-internal
namespace: my-app-namespace
spec:
type: ClusterIP
selector:
app: my-app
ports:
- port: 80
targetPort: 80
LoadBalancer Service
apiVersion: v1
kind: Service
metadata:
name: my-app-lb
namespace: my-app-namespace
spec:
type: LoadBalancer
selector:
app: my-app
ports:
- port: 80
targetPort: 80
Ingress Template
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ingress
namespace: my-app-namespace
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: my-app.homelab.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-service
port:
number: 80
ConfigMap Template
apiVersion: v1
kind: ConfigMap
metadata:
name: my-app-config
namespace: my-app-namespace
data:
app.properties: |
database.host=postgres.default.svc.cluster.local
database.port=5432
database.name=myapp
config.yaml: |
server:
port: 8080
host: 0.0.0.0
logging:
level: INFO
Secret Template
apiVersion: v1
kind: Secret
metadata:
name: my-app-secrets
namespace: my-app-namespace
type: Opaque
data:
database-password: <base64-encoded-password>
api-key: <base64-encoded-api-key>
Docker Configurations
Dockerfile Template
FROM python:3.11-slim
# Set working directory
WORKDIR /app
# Copy requirements first (for better caching)
COPY requirements.txt .
# Install dependencies
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code
COPY . .
# Create non-root user
RUN useradd --create-home --shell /bin/bash app \
&& chown -R app:app /app
USER app
# Expose port
EXPOSE 8000
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
# Start application
CMD ["python", "main.py"]
Docker Compose for Development
version: '3.8'
services:
app:
build: .
ports:
- "8000:8000"
environment:
- DATABASE_URL=postgresql://user:pass@db:5432/myapp
depends_on:
- db
volumes:
- ./app:/app
restart: unless-stopped
db:
image: postgres:15
environment:
POSTGRES_DB: myapp
POSTGRES_USER: user
POSTGRES_PASSWORD: pass
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "5432:5432"
volumes:
postgres_data:
Helm Charts
Basic Chart Structure
my-chart/
├── Chart.yaml
├── values.yaml
├── templates/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── configmap.yaml
│ └── ingress.yaml
└── charts/
Chart.yaml
apiVersion: v2
name: my-app
description: A Helm chart for my homelab application
type: application
version: 0.1.0
appVersion: "1.0.0"
values.yaml
replicaCount: 1
image:
repository: 192.168.1.206:30002/project/my-app
pullPolicy: IfNotPresent
tag: "latest"
imagePullSecrets:
- name: harbor-secret
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
hosts:
- host: my-app.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
nodeSelector: {}
tolerations: []
affinity: {}
Network Policies
Default Deny All
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: my-app-namespace
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
Allow Specific Traffic
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-app-traffic
namespace: my-app-namespace
spec:
podSelector:
matchLabels:
app: my-app
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress-controller
ports:
- protocol: TCP
port: 80
egress:
- to:
- namespaceSelector:
matchLabels:
name: database
ports:
- protocol: TCP
port: 5432
Monitoring Configurations
Prometheus ServiceMonitor
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: my-app-metrics
namespace: my-app-namespace
spec:
selector:
matchLabels:
app: my-app
endpoints:
- port: metrics
interval: 30s
path: /metrics
Storage Configurations
PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: my-app-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
hostPath:
path: /data/my-app
PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-app-pvc
namespace: my-app-namespace
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-storage
resources:
requests:
storage: 10Gi
Usage Notes
- Replace
my-app,my-app-namespace, andprojectwith your actual names - Update Harbor registry URL if different:
192.168.1.206:30002 - Adjust resource limits based on your application needs
- Always use specific image tags instead of
latestin production