Welcome

Sky Palette Infra Tutorial

A guided walkthrough of the Sky Palette homelab — single-node Kubernetes, GitOps with ArgoCD, full observability, self-hosted Forgejo with AI code review, and the application patterns that run on top of it.

Who this is for

  • You, weeks from now. Most of this exists because future-you will forget how present-you wired things together. The site is a memory aid with executable commands.
  • A new collaborator. Enough context to onboard without a screen share.
  • Anyone curious how a homelab can dogfood a real GitOps loop, complete with PR review bots, encrypted secrets, and a path to commercial scale.

What’s here

Each chapter follows the same pattern: what it does · why it’s there · how it’s wired · what fails and how you’d notice. Where helpful, the exact kubectl / gh / shell incantation is included so you can run it against the live cluster.

The site itself is served by the stack it documents.
That means: every break in the deploy pipeline shows up here first.

A 30-second tour

The homelab is one Ubuntu box (k8s-worker-3090 at 192.168.1.253) running:

  • A kubeadm-bootstrapped Kubernetes control plane + node, with kube-flannel for pod networking.
  • ArgoCD continuously reconciling cluster state from git.skypalette.ai/skyadmin/gitops.
  • Forgejo + Actions runner + OCI registry + PR-Agent (AI reviewer), all in a Docker Compose stack on the same host.
  • A Cloudflare tunnel terminating *.skypalette.ai → in-cluster ingress-nginx, plus a separate tunnel inside the Forgejo stack for git.skypalette.ai.
  • kube-prometheus-stack (Prometheus + Grafana + Alertmanager) + Loki
    • Alloy for telemetry, with alerts pushed to ntfy.sh.
  • Velero for cluster backups, Vaultwarden for secrets the operator needs interactively, and SOPS + KSOPS for secrets ArgoCD applies.

If you only read one page after this one, make it Overview & Architecture.

Overview & Architecture