{"id":51043789,"url":"https://github.com/corridor/kubernetes-ggx","last_synced_at":"2026-06-22T12:30:41.909Z","repository":{"id":351265914,"uuid":"1204647488","full_name":"corridor/kubernetes-ggx","owner":"corridor","description":"Kubernetes manifests for deploying GenGuardX with Kustomize.","archived":false,"fork":false,"pushed_at":"2026-05-26T12:18:02.000Z","size":28,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-26T14:18:02.475Z","etag":null,"topics":["aks","deployment","devsecops","eks","gcp","ggx","kubernetes"],"latest_commit_sha":null,"homepage":"https://ggx.corridorplatforms.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/corridor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-08T07:42:31.000Z","updated_at":"2026-05-26T12:18:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/corridor/kubernetes-ggx","commit_stats":null,"previous_names":["corridor/kubernetes-genguardx","corridor/kubernetes-ggx"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/corridor/kubernetes-ggx","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corridor%2Fkubernetes-ggx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corridor%2Fkubernetes-ggx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corridor%2Fkubernetes-ggx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corridor%2Fkubernetes-ggx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/corridor","download_url":"https://codeload.github.com/corridor/kubernetes-ggx/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/corridor%2Fkubernetes-ggx/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34649816,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-22T02:00:06.391Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aks","deployment","devsecops","eks","gcp","ggx","kubernetes"],"created_at":"2026-06-22T12:30:41.047Z","updated_at":"2026-06-22T12:30:41.901Z","avatar_url":"https://github.com/corridor.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kubernetes-ggx\n\nKubernetes manifests for deploying GenGuardX with Kustomize.\n\n## Quickstart\n\n1. Get the docker credentials from the Corridor Team - Contact \u003csupport@corridorplatforms.com\u003e\n2. Create a kubernetes secret with the docker credentials\n3. Deploy the services (Note: For more customized setups, check the Configurations section below)\n4. Verify the rollout\n\n```bash\n# 1. Copy the provided docker credentials json file to /tmp/corridor-registry-key.json (or a preferred path)\n\n# 2. Create a kubernetes secret with the docker credentials\nkubectl create secret docker-registry corridor-registry-secret \\\n  --docker-server=us-central1-docker.pkg.dev \\\n  --docker-username=_json_key \\\n  --docker-password=\"$(cat /tmp/corridor-registry-key.json)\" \\\n  --namespace ggx\n\n# 3. Deploy the services (NOTE: Use --dry-run=server for safety)\nkubectl apply -k overlays/example\n\n# 4. Verify rollout\nkubectl get pods -n ggx\nkubectl get svc -n ggx\nkubectl get ingress -n ggx\n```\n\n## Architecture\n\nThe deployment architecture is based on the existing Corridor GenGuardX setup:\n\n- `corridor-app`: Primary API and Web application which serves the GGX platform\n- `corridor-worker`: Background worker process for heavy execution tasks\n- `corridor-jupyter`: Jupyter/JupyterHub-facing service for ad-hoc analytics\n- Shared persistent volumes for data, uploads, notebooks, Jupyter state, and backups\n- A single ingress routing `/` to the app and `/jupyter` to jupyter-service\n\n## Cloud Compatibility\n\nThis repo is cloud agnostic.\n\nIt can be used on any Kubernetes cluster, including managed Kubernetes offerings such as GKE, EKS, AKS, Openshift, etc.\n\n## Layout\n\n```text\nbase/               Reusable application manifests\noverlays/example/   Minimal deployable overlay with placeholder configuration\n```\n\nIt is possible to host multiple instances of GenGuardX - for example: `overlays/prod`, `overlays/staging`, `overlays/dev`. Or `overlays/team1` and `/overlays/team2`\n\n## Configure\n\nFeel free to configure the kubernetes setup based on your needs. Some common configurations are:\n\n- By default the `kustomization.yaml` uses the `latest` tag. To use a older version of Corridor GenGaurdX,\n  set the docker image tag in `overlays/example/kustomization.yaml` \u003e `newTag` variable.\n- Set the public hostname based on your egress domain name in\n  `overlays/example/kustomization.yaml`\n- Set database and application-specific settings in\n  `overlays/example/configs/api_config.py`\n- If your cluster uses a different RWX storage class, update the PVC patches in\n  `overlays/example/kustomization.yaml`.\n- Configure TLS secret keys etc in `base/ingress.yaml`\n- Configure other nginx configs like gzip/timeout etc. in `base/ingress.yaml`\n- Change Memory requests and limits in the respective `base/*.yaml` files for that service.\n\n## Recommended Cluster Configuration\n\nThe following configuration is a good starting point for managed Kubernetes clusters.\n\n| Provider | Cluster type | Region / Zone | Initial nodes | Autoscaling | Node size | Disk | Notes |\n|---|---|---|---|---|---|---|---|\n| GKE | Standard | zonal (e.g. `us-central1-f`) | 1 | min 1, max 3 | `e2-standard-8` | 100 GB | Enable IP aliasing; use approved infra VPC/subnet |\n| EKS | Standard | one availability zone or multi-AZ | 1 | min 1, max 3 | `m5.xlarge` or similar | 100 GB | Attach to approved VPC/subnet; use AWS VPC CNI or Cilium |\n| AKS | Standard | one region | 1 | min 1, max 3 | `Standard_D8s_v3` | 100 GB | Use Azure CNI and approved virtual network |\n\n### Why this configuration\n\n- A single node is sufficient for typical POC usage.\n- A maximum of 3 nodes gives headroom for blue/green-style upgrades or temporary capacity spikes.\n- A 100 GB node disk supports application storage needs.\n- Choose a machine type with 8 vCPUs and around 32 GB RAM for balanced performance.\n\n## FAQs\n\n**My pod is showing `ImagePullBackOff`**\n\nIf your pod events show `ImagePullBackOff` or registry authorization errors -\u003e The\nimage authentication is likely the culprit. Double check if the correct docker credentials\nare added to the kubernetes secret\n\n**App is taking a long time to start**\n\nThe app deployment runs a database migration in an init container before the main API starts.\nThis can be decoupled to reduce restart time.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcorridor%2Fkubernetes-ggx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcorridor%2Fkubernetes-ggx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcorridor%2Fkubernetes-ggx/lists"}