Skip to content



Notable changes:

  • build: run post install scripts by default
  • build: set KUBECONFIG from global Makefile
  • feat(external-dns)!: add cluster name as owner ID
  • feat(tools): install yamllint, ansible-lint and k9s
  • feat(tools): set KUBECONFIG by default
  • feat: add pre-commit hooks
  • feat: add script to setup Gitea tokens and OAuth apps
  • perf(argocd): turning on selective sync
  • refactor(docs): migrate to mkdocs
  • refactor(metal): migrate to Fedora 36 for newer packages
  • refactor(pxe)!: combine dhcpd and tftpd to dnsmasq
  • Many bug fixes

Please see git log for full change log.


  • Replace standard Vault with Vault Operator
  • Automatically initialize and unseal Vault
  • Declarative secret generation and management
  • Declarative Gitea configuration with YAML
  • Automatic OS rolling upgrade
  • Automatic Kubernetes rolling upgrade
  • Automatic application updates using Renovate (still require manual token generation)
  • Add script to wait for essential services after deployment
  • Add icons and bookmarks to the home page
  • Deploy Matrix chat
  • Replace Authentik with Dex for SSO (still require manual token generation)
  • Switch to Mermaid for diagrams in documentation
  • Replace Vagrant with k3d for development environment
  • Use domain for development environment
  • Remove Backblaze (S3 Glacier and/or Minio will be added in future version)
  • Enable monitor for the majority of applications
  • Many code refactorings and bug fixes


  • Upgrade to Kubernetes 1.23
  • Support external resources:
    • Cloudflare DNS and Tunnel
    • Backblaze for backup
    • Auto inject secrets to required namespaces
  • Replace self-signed certificates with Let's Encrypt production (with API token injected from the external layer)
  • Add DNS records automatically using external-dns
  • Easy Cloudflare Tunnel configuration with annotations
  • Offsite backup to Backblaze B2 bucket using k8up-operator
  • Add private container registry
  • Remove Knative to save resources (temporarily)
  • Enable encryption at rest for Kubernetes Secrets
  • Add more Tekton tasks and pipelines
  • Initialize GitOps repository on Gitea automatically after install
  • Generate MetalLB address pool automatically (default to the last /27 subnet)
  • Some bug fixes


  • Add convenience scripts
  • Add Loki for logging
  • Add custom health check for Application and ApplicationSet
  • Use Vault with dev mode on (temporarily until we hit beta)
  • Replace Authelia with Authentik
  • Upgrade to Kubernetes 1.22
  • Upgrade most services to the latest version
  • Set ingress class and storage class explicitly
  • Initial Linkerd and Knative setup (not working yet)
  • Set up Hajimari for home page with automatic ingress discovery
  • Add dev VM for local development or evaluation
  • Optimize bare metal provisioning performance
  • Replace Syncthing with Seafile (may use both in the feature)
  • Enable Gitea SSH cloning via Ingress
  • Various code clean up
  • Add more documents


  • Switch to Rocky Linux
  • Some optimization for bare metal provisioning
  • Switch to k3s and combine Kubernetes cluster config in ./infra layer to ./metal layer (because k3s is also configured using Ansible)
  • Split boostrap Helm charts in ./infra layer to ./bootstrap layer (with new ArgoCD pattern) and ./system layer
  • Add ./platform layer for some applications like Gitea, Tekton...
  • User only need to provision ./metal and bootstrap layer, the ./bootstrap layer will deploy the remaining layers
  • Provisioning time from empty disk to running services is significantly reduced (thanks to k3s and new bootstrap pattern)
  • Use mdBook for documents
  • Replace Drone CI with Tekton
  • Enable TLS on all Ingresses (using cert-manager)
  • Add some new applications


  • Generate Terraform backend config automatically
  • Switch to CoreOS
  • Better PXE boot setup
  • Diagrams as code


  • Ensure idempotency for bare metal provisioning
  • Extract instead of mounting the OS ISO file
  • Easy initial controller setup (with only Docker)
  • Switch to Fedora
  • Remove LXD
  • Move etcd (Terraform state backend) back to Docker


  • Bare metal provisioning with PXE
  • LXD cluster
  • Terraform state backend (etcd)
  • RKE cluster
  • Core services (Vault, Gitea, ArgoCD,...)
  • Public services to the internet (via port forwarding or Cloudflare Tunnel)