{"id":47994839,"url":"https://github.com/stxkxs/eks-gitops","last_synced_at":"2026-04-04T11:53:25.468Z","repository":{"id":345857942,"uuid":"1185875801","full_name":"stxkxs/eks-gitops","owner":"stxkxs","description":"ArgoCD GitOps repository for Kubernetes addon lifecycle management — ApplicationSets with sync-wave ordering, Kustomize overlays, and multi-environment Helm values layering","archived":false,"fork":false,"pushed_at":"2026-03-21T06:31:46.000Z","size":82,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-21T17:30:12.203Z","etag":null,"topics":["applicationsets","argocd","cilium","eks","gitops","helm","kubernetes","kustomize","kyverno","observability","platform-engineering"],"latest_commit_sha":null,"homepage":null,"language":"Mustache","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stxkxs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-19T03:01:11.000Z","updated_at":"2026-03-21T06:31:49.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/stxkxs/eks-gitops","commit_stats":null,"previous_names":["stxkxs/eks-gitops"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/stxkxs/eks-gitops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stxkxs%2Feks-gitops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stxkxs%2Feks-gitops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stxkxs%2Feks-gitops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stxkxs%2Feks-gitops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stxkxs","download_url":"https://codeload.github.com/stxkxs/eks-gitops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stxkxs%2Feks-gitops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31398770,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["applicationsets","argocd","cilium","eks","gitops","helm","kubernetes","kustomize","kyverno","observability","platform-engineering"],"created_at":"2026-04-04T11:53:24.954Z","updated_at":"2026-04-04T11:53:25.458Z","avatar_url":"https://github.com/stxkxs.png","language":"Mustache","funding_links":[],"categories":[],"sub_categories":[],"readme":"# EKS GitOps Repository\n\nGitOps configuration for EKS cluster addons, managed by ArgoCD. Part of a multi-cloud GitOps strategy (`eks-gitops`, `gke-gitops`, `aks-gitops`).\n\n## Features\n\n- **App-of-Apps pattern** with ArgoCD ApplicationSets for multi-cluster deployment\n- **ArgoCD multi-source Helm values** — base values with flat environment-specific deltas\n- **Matrix generators** — environment selection from cluster secret labels\n- **Sync wave ordering** — deterministic deployment order across addon categories\n- **Three environments** — dev, staging, production with appropriate sizing and policies\n- **CI validation** — automated YAML lint and Kustomize build on every PR\n\n## Companion Repository\n\nThis repository is the EKS variant of a multi-cloud GitOps strategy. Infrastructure is provisioned by [aws-eks](https://github.com/stxkxs/aws-eks) (CDK), which deploys ArgoCD and creates the App-of-Apps Application pointing to this repository.\n\n## Architecture\n\n```\n┌─────────────────────────────────────────────────────────────────────┐\n│ ArgoCD (deployed by CDK) │\n├─────────────────────────────────────────────────────────────────────┤\n│ App-of-Apps Application │\n│ (points to this repository) │\n└─────────────────────────────────────────────────────────────────────┘\n │\n ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│ ApplicationSets (10) │\n├─────────────────────────────────────────────────────────────────────┤\n│ ├── addons-bootstrap (cert-manager, external-secrets, ...) │\n│ ├── addons-bootstrap-kustomize (storage-classes, priority-classes) │\n│ ├── addons-networking (Cilium, ALB Controller, External DNS) │\n│ ├── addons-security (Kyverno, Trivy, Falco) │\n│ ├── addons-observability (Loki, Tempo, Grafana Agent, OpenCost) │\n│ ├── addons-operations-helm (Velero, VPA, Goldilocks, ...) │\n│ ├── addons-operations-kustomize (Karpenter Resources) │\n│ ├── addons-argo-platform (Rollouts, Events, Workflows) │\n│ ├── kyverno-policies (PSS, Best Practices) │\n│ └── druid-tenants │\n└─────────────────────────────────────────────────────────────────────┘\n```\n\n## Directory Structure\n\n```\neks-gitops/\n├── applicationsets/ # ArgoCD ApplicationSets (10)\n│ ├── addons-bootstrap.yaml\n│ ├── addons-bootstrap-kustomize.yaml\n│ ├── addons-networking.yaml\n│ ├── addons-security.yaml\n│ ├── addons-observability.yaml\n│ ├── addons-operations-helm.yaml\n│ ├── addons-operations-kustomize.yaml\n│ ├── addons-argo-platform.yaml\n│ ├── kyverno-policies.yaml\n│ └── druid-tenants.yaml\n│\n├── addons/ # Addon configurations\n│ ├── bootstrap/{cert-manager,external-secrets,metrics-server,\n│ │ prometheus-operator-crds,reloader,storage-classes,\n│ │ priority-classes}/\n│ ├── networking/{cilium,aws-load-balancer-controller,external-dns}/\n│ ├── security/{kyverno,trivy-operator,falco}/\n│ ├── observability/{loki,tempo,grafana-agent,opencost}/\n│ ├── operations/{velero,vpa,goldilocks,descheduler,karpenter,\n│ │ karpenter-resources,keda}/\n│ └── argo-platform/{argo-rollouts,argo-events,argo-workflows}/\n│\n├── policies/ # Kyverno policies (pure Kustomize)\n│ └── kyverno/{pod-security-standards,best-practices}/\n│\n├── environments/ # Cluster-config ConfigMaps\n│ ├── dev/\n│ ├── staging/\n│ └── production/\n│\n├── catalog/ # Platform-specific workloads\n│ └── druid/\n│\n└── docs/ # Documentation\n```\n\n## Sync Wave Ordering\n\n| Wave | Components | Rationale |\n|------|------------|-----------|\n| -1 | App-of-Apps | Root application |\n| 0 | Bootstrap Helm (cert-manager, external-secrets, prometheus-operator-crds) | Foundational CRDs |\n| 1 | Networking (Cilium, ALB Controller, External DNS) | CNI and ingress |\n| 2 | Bootstrap continued (metrics-server, reloader, storage-classes, priority-classes) | Cluster essentials |\n| 5 | Karpenter | Nodes must be ready before workloads |\n| 10-12 | Security (Kyverno, Trivy, Falco) | Policy engine before policies |\n| 20-21 | Kyverno Policies | After Kyverno is ready |\n| 30-33 | Observability (Loki, Tempo, Grafana Agent, OpenCost) | After security |\n| 40-44 | Operations (Velero, VPA, Goldilocks, Descheduler, Karpenter Resources, KEDA) | After everything |\n| 50-52 | Argo Platform (Rollouts, Events, Workflows) | Application layer |\n\n## Environment Differences\n\n| Setting | Dev | Staging | Production |\n|---------|-----|---------|------------|\n| Replicas | 1 | 2-3 | 2-3 |\n| Kyverno Mode | Audit | Enforce | Enforce |\n| Velero | Disabled | Enabled | Enabled |\n| Karpenter CPU | 50 | 75 | 200 |\n| Loki Retention | 7d | 14d | 90d |\n| Falco Memory Limit | 1Gi | 2Gi | 4Gi |\n\n## Prerequisites\n\nTools required for local development:\n\n- [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) \u003e= 5.0\n- [helm](https://helm.sh/docs/intro/install/) \u003e= 3.0\n- [yamllint](https://yamllint.readthedocs.io/) \u003e= 1.0\n\nInfrastructure prerequisites (deployed by CDK):\n\n- ArgoCD and App-of-Apps root Application\n- EKS cluster with IRSA and cluster secret labels\n\n## Commands\n\n```bash\nmake help # Show all available targets\nmake lint-yaml # Lint all YAML files\nmake kustomize-build # Build all overlays (all environments)\nmake kustomize-build-env # Build overlays for ENVIRONMENT (default: dev)\nmake validate # Run all validations (lint + build)\nmake render # Render manifests to rendered/ directory\nmake clean # Remove rendered output\n```\n\n## Documentation\n\n- [Architecture Overview](docs/architecture/overview.md)\n- [Environment Configuration](docs/configuration/environments.md)\n- [Adding Addons](docs/configuration/adding-addons.md)\n- [Contributing](docs/development/contributing.md)\n- [Troubleshooting](docs/runbooks/troubleshooting.md)\n\n## License\n\n[MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstxkxs%2Feks-gitops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstxkxs%2Feks-gitops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstxkxs%2Feks-gitops/lists"}