Using this specific coredns deployment to manage an internal DNS zone for support split-brain DNS for the home network (so that the same host will resolve properly for clients on the internal network as well as the external network). This issue explored the problem and landed on this solution.
Leveraging descheduler to automatically evict pods that no longer satisfy their NodeAffinity constraints. This is used to work in concert with node-feature-discovery such that when USB devices are moved from one node to a different node, the pods requiring the USB devices will be properly forced to reschedule to the new location
Using external-secrets & 1Password connect to reference secrets housed in 1Password
Leverage Intel-based iGPU via the gpu plugin DaemonSet for serving-up GPU-based workloads (e.g. Plex) via the gpu.intel.com/i915 node resource
Automatically drain and reboot nodes when a reboot is required (e.g. a kernel update was applied): https://github.com/weaveworks/kured
Run your own on-prem LoadBalancer
Using the nfs-client storage type
nfs-based persistent mounts for various pod access (media mount & data mount)
ingress-nginx controller leveraging cert-manager as the central cert store for the wildcard certificate
Using the USB feature of node-feature-discovery to dynamically label nodes that contain specific USB devices we care about
OAuth2 authenticating proxy leveraging Auth0
registry-creds: Automate Kubernetes registry credentials, to extend Docker Hub limits. This is (sadly) necessary to have cluster-wide imagePulls use an authenticated Docker account so that the cluster doesn't get rate-limited and become unable to schedule workloads. This has already happened once.
reloader: A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig
snapshot-controller: Sidecar container that watches Kubernetes Snapshot CRD objects and triggers CreateSnapshot/DeleteSnapshot against a CSI endpoint. Used in conjunction with volsync.
volsync: Asynchronous data replication for Kubernetes volumes. Leveraging storage CSI snapshotting and restic, this enables the backing-up of persistent volumes to an S3 bucket.