Prerequisites

What needs to be in place before starting Layer 0.

Hardware

The lab runs on a small cluster of low-power x86_64 mini PCs. They are quiet and cheap to run, and comfortably handle a single household’s workload. Two of the nodes in my lab are Intel N150 mini PCs (GMKtec NucBox G3 Plus); Layer 0 covers how to prepare the hardware.

The build assumes:

Three or more nodes. Three keeps the control plane highly available.
An x86_64 CPU with hardware virtualisation enabled.
Wired Ethernet on each node, into a switch or router.
Spare drives for storage, passed through to a TrueNAS VM. A dedicated HBA or per-disk passthrough both work.
A UPS is recommended, but optional.

Kubernetes runs on VMs here rather than bare metal, so the setup scales down: the whole stack can be prototyped on a single capable node before adding more. The design decisions page explains why.

External accounts

The build needs accounts with four services. Only the Cloudflare domain registration costs money; the rest run on free tiers.

Service	Used for
Cloudflare	Domains, DNS, Cloudflare Tunnels and R2 buckets for OpenTofu state.
Bitwarden Secrets Manager	Backing store for cluster secrets, synced in by External Secrets Operator.
Tailscale	WireGuard mesh for reaching nodes without exposing them.
GitHub	Hosts this repository, which Argo CD syncs into the cluster.

The first three need scoped API tokens. The variables they map to, and the *.example files that hold them, are in the Environment Variables reference.

Workstation

Everything runs inside a containerised runner, so the workstation only needs:

Docker or Podman, to run the runner image.
Git, to clone the repository.
An SSH client and key, for node access and VM provisioning.

The lab makes more sense with some comfort at the command line and Git, and some familiarity with Kubernetes, Ansible, and OpenTofu. None of that is strictly required to follow the layers.

Next steps

Start with Layer 0: Hardware.