{"id":15722912,"url":"https://github.com/soerenschneider/k8s-gitops","last_synced_at":"2026-03-08T23:30:56.547Z","repository":{"id":256984453,"uuid":"847202851","full_name":"soerenschneider/k8s-gitops","owner":"soerenschneider","description":"GitOps repository for managing my Kubernetes clusters at home","archived":false,"fork":false,"pushed_at":"2026-03-02T05:29:43.000Z","size":2453,"stargazers_count":0,"open_issues_count":51,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-02T09:52:03.437Z","etag":null,"topics":["argocd","flux2","gitops","homeops","istio","kubernetes","kubernetes-cluster","kustomize","opentofu","servicemesh","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/soerenschneider.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-25T06:27:27.000Z","updated_at":"2026-03-02T05:16:30.000Z","dependencies_parsed_at":"2025-12-24T18:08:55.191Z","dependency_job_id":null,"html_url":"https://github.com/soerenschneider/k8s-gitops","commit_stats":null,"previous_names":["soerenschneider/k8s-gitops"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/soerenschneider/k8s-gitops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fk8s-gitops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fk8s-gitops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fk8s-gitops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fk8s-gitops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/soerenschneider","download_url":"https://codeload.github.com/soerenschneider/k8s-gitops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fk8s-gitops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30276896,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-08T20:45:49.896Z","status":"ssl_error","status_checked_at":"2026-03-08T20:45:49.525Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","flux2","gitops","homeops","istio","kubernetes","kubernetes-cluster","kustomize","opentofu","servicemesh","terraform"],"created_at":"2024-10-03T22:09:41.020Z","updated_at":"2026-03-08T23:30:56.530Z","avatar_url":"https://github.com/soerenschneider.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# k8s-gitops\n\n![security](https://github.com/soerenschneider/k8s-gitops/actions/workflows/security-scanners.yaml/badge.svg)\n![lint](https://github.com/soerenschneider/k8s-gitops/actions/workflows/lint.yaml/badge.svg)\n![validate](https://github.com/soerenschneider/k8s-gitops/actions/workflows/validate.yaml/badge.svg)\n\n## Key Technologies\n\n- **Kubernetes**: Orchestrates the deployment, scaling, and operations of containerized applications.\n- **Flux CD**: GitOps continuous delivery solution for Kubernetes.\n- **Istio**: A service mesh that provides advanced networking capabilities such as traffic management, security, and observability.\n- **Cert-Manager**: Manages the issuance and renewal of TLS certificates.\n- **External Secrets**: Integrates external secret stores (AWS Secrets Manager, HashiCorp Vault, etc.) with Kubernetes.\n- **External DNS**: Dynamically updates DNS records based on Kubernetes resources.\n- **Renovatebot**: Keeps track of updated versions for the manifests.\n\n## Repository Structure\n\nThis repository is structured to follow GitOps principles, with Kubernetes manifests for different environments (e.g., development, staging, production) stored here and managed via Flux CD.\n\n```bash\n├── apps/\n│   ├── app1/\n│   ├── app2/\n│   └── app3/\n├── clusters/\n│   ├── cluster-1/\n│   ├── cluster-2/\n│   ├── cluster-.../\n│   ├── cluster-n/\n├── contrib/\n│   ├── flux/\n│   ├── istio/\n│   ├── terraform/\n├── infra/\n│   ├── app1/\n│   ├── app2/\n```\n\n### Folder Overview:\n\n- **apps/**: Application manifests for various services.\n- **clusters/**: Environment-specific configurations for different Kubernetes clusters.\n- **contrib/**: Tools to help boostrapping clusters.\n- **infra/**: Low-level platform apps and configurations.\n\n## Bootstrapping a New Cluster\n\n### Flux\nNavigate to `contrib/flux/$CLUSTER_NAME` and run\n\n```shell\nbash ../flux2/new-deploy-key.sh\nkubectl apply -k .\n```\n\n### Route53 hosted zone\nNavigate to `contrib/terraform/envs/$CLUSTER_NAME`.\nTerraform creates a new (sub) hosted zone, IAM credentials and policies for cert-manager and external-dns.\n\n### Istio\n```shell\nsh contrib/istio/install.sh $CLUSTER_NAME\n```\n\n### Vault authentication integration\n```shell\nkubectl apply -k clusters/$CLUSTER_NAME/infra/vault-auth\n```\n\nRetrieve token reviewer JWT value. Handle this value with care!\n```shell\nkubectl get secrets -n vault-auth vault-kubernetes-auth-secret -o=jsonpath='{.data.token}' | base64 -d\n```\n\n```shell\nkubectl get secrets -n vault-auth vault-kubernetes-auth-secret -o=jsonpath=\"{.data['ca\\.crt']}\" | base64 -d\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoerenschneider%2Fk8s-gitops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoerenschneider%2Fk8s-gitops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoerenschneider%2Fk8s-gitops/lists"}