Project
OpenShift Homelab
Production-grade container platform on bare metal - single-node OpenShift with full Operator lifecycle, internal DNS, and GitOps.
Overview
Running OpenShift at home is not the most resource-efficient choice - it's a deliberate one. The goal is hands-on familiarity with the platform as it behaves in enterprise environments: immutable OS, Operator-managed day-2 operations, MachineConfig for node customization, and ArgoCD for GitOps-driven workload delivery. All on a single R720 node with no cloud dependency.
Architecture
Platform
- OKD - upstream OpenShift, community-supported
- RHCOS / FCOS - immutable, rpm-ostree OS
- SNO - Single Node OpenShift install profile
- Ignition - declarative node bootstrapping
Networking
- OVN-Kubernetes - CNI with network policies
- MetalLB - bare-metal LoadBalancer via BGP
- CoreDNS - internal DNS with wildcard ingress
- HAProxy - API + ingress VIP on local network
Storage
- Local Storage Operator - NVMe-backed PVs
- NFS provisioner - TrueNAS-backed shared storage
- ODF (lite) - single-node Ceph for RWX volumes
- Velero - scheduled PV and namespace backups
Operators
- ArgoCD - GitOps, app-of-apps pattern
- cert-manager - internal CA + Let's Encrypt
- Prometheus / Grafana - cluster and workload metrics
- Tekton - in-cluster CI pipeline runs
Key Features
Capabilities
- MachineConfig - kernel args, sysctl tuning, and chrony config as code
- ImageContentSourcePolicy - mirror all pulls through the internal airgapped registry
- SCC hardening - custom SecurityContextConstraints for every workload
- Route TLS - edge-terminated routes auto-cert via cert-manager
- GitOps - every namespace, RBAC binding, and workload lives in git
- Upgrade path - OKD nightly → stable channel, in-place cluster upgrades tested
Bootstrap Quick Start
Generate install config and Ignition files:
openshift-install create single-node-ignition-config \
--dir=./install-configCheck cluster operator status post-install:
oc get clusteroperators
oc get nodes
oc get mcp