{"id":29723673,"url":"https://github.com/thatmlopsguy/dokaseca-control-plane","last_synced_at":"2026-05-19T03:05:03.239Z","repository":{"id":279379418,"uuid":"931117107","full_name":"thatmlopsguy/dokaseca-control-plane","owner":"thatmlopsguy","description":"Framework for bootstrapping cloud-native platforms using Kubernetes in Docker (Kind)","archived":false,"fork":false,"pushed_at":"2026-02-25T15:36:21.000Z","size":8981,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-25T19:12:03.060Z","etag":null,"topics":["argocd","devops","dokaseca","gitops","gitops-bridge","homelab","k8s","kubernetes","platform-engineering","terraform"],"latest_commit_sha":null,"homepage":"https://thatmlopsguy.github.io/dokaseca-control-plane/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thatmlopsguy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-11T18:39:26.000Z","updated_at":"2026-02-25T15:40:15.000Z","dependencies_parsed_at":"2025-04-17T21:41:36.364Z","dependency_job_id":"8913d1f0-5ff8-41a5-88b5-86e0092161ba","html_url":"https://github.com/thatmlopsguy/dokaseca-control-plane","commit_stats":null,"previous_names":["thatmlopsguy/k8s-homelab","thatmlopsguy/dokaseca-terraform","thatmlopsguy/dokaseca-control-plane"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/thatmlopsguy/dokaseca-control-plane","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thatmlopsguy%2Fdokaseca-control-plane","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thatmlopsguy%2Fdokaseca-control-plane/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thatmlopsguy%2Fdokaseca-control-plane/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thatmlopsguy%2Fdokaseca-control-plane/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thatmlopsguy","download_url":"https://codeload.github.com/thatmlopsguy/dokaseca-control-plane/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thatmlopsguy%2Fdokaseca-control-plane/sbom","scorecard":{"id":385170,"data":{"date":"2025-08-12T04:51:11Z","repo":{"name":"github.com/thatmlopsguy/dokaseca-control-plane","commit":"b21bf273a733c33cb7a5932018a3652779cb93f6"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":5.4,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Code-Review","score":0,"reason":"Found 0/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/label-pull-request.yml:17","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release_drafter.yml:25","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/check-semantic-prs.yml:12","Warn: topLevel 'contents' permission set to 'write': .github/workflows/docs.yml:22","Warn: no topLevel permission defined: .github/workflows/label-pull-request.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/pre-commit.yml:35","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pre-commit.yml:36","Info: topLevel 'contents' permission set to 'read': .github/workflows/release_drafter.yml:19","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/thatmlopsguy/dokaseca-control-plane/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/thatmlopsguy/dokaseca-control-plane/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-pull-request.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/thatmlopsguy/dokaseca-control-plane/label-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/thatmlopsguy/dokaseca-control-plane/pre-commit.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/thatmlopsguy/dokaseca-control-plane/scorecard.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/docs.yml:61","Warn: pipCommand not pinned by hash: .github/workflows/pre-commit.yml:84","Warn: pipCommand not pinned by hash: .github/workflows/pre-commit.yml:85","Info:   9 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   3 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"2 out of 2 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-18T16:25:15.349Z","repository_id":279379418,"created_at":"2025-08-18T16:25:15.350Z","updated_at":"2025-08-18T16:25:15.350Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29994618,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T01:47:34.672Z","status":"online","status_checked_at":"2026-03-02T02:00:07.342Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","devops","dokaseca","gitops","gitops-bridge","homelab","k8s","kubernetes","platform-engineering","terraform"],"created_at":"2025-07-24T19:35:54.428Z","updated_at":"2026-05-19T03:05:03.224Z","avatar_url":"https://github.com/thatmlopsguy.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"https://raw.githubusercontent.com/thatmlopsguy/dokaseca-control-plane/main/docs/assets/logos/banner.svg\" alt=\"DoKa Seca - Kubernetes Platform Engineering Framework\" width=\"600\"/\u003e\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n*Just as ships are built in dry docks, platforms are crafted in DoKa Seca*\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://img.shields.io/badge/status-alpha-orange\"\u003e\u003cimg src=\"https://img.shields.io/badge/status-alpha-orange\" alt=\"Project Status\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/thatmlopsguy/dokaseca-control-plane?style=flat\u0026label=GitHub%20%E2%AD%90\" alt=\"GitHub\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane/commits/main\"\u003e\u003cimg src=\"https://img.shields.io/github/last-commit/thatmlopsguy/dokaseca-control-plane.svg\" alt=\"GitHub last commit\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane/graphs/commit-activity\"\u003e\u003cimg src=\"https://img.shields.io/github/commit-activity/w/thatmlopsguy/dokaseca-control-plane\" alt=\"Commit activity\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/thatmlopsguy/dokaseca-control-plane.svg\" alt=\"GitHub issues\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane/pulls\"\u003e\u003cimg src=\"https://img.shields.io/github/issues-pr/thatmlopsguy/dokaseca-control-plane\" alt=\"GitHub PRs\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane/releases/latest\"\u003e\u003cimg src=\"https://img.shields.io/github/release/thatmlopsguy/dokaseca-control-plane.svg\" alt=\"GitHub release\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane/blob/dev/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-blue.svg\" alt=\"License\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://thatmlopsguy.github.io/dokaseca-control-plane/\"\u003e\u003cimg src=\"https://img.shields.io/website-up-down-green-red/http/shields.io.svg\" alt=\"Website\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane/actions/workflows/pre-commit.yml\"\u003e\u003cimg src=\"https://github.com/thatmlopsguy/dokaseca-control-plane/workflows/Pre-commit%20Checks/badge.svg\" alt=\"Pre-commit\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://scorecard.dev/viewer/?uri=github.com/thatmlopsguy/dokaseca-control-plane\"\u003e\u003cimg src=\"https://img.shields.io/ossf-scorecard/github.com/thatmlopsguy/dokaseca-control-plane?label=openssf+scorecard\u0026style=flat\" alt=\"Pre-commit\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/thatmlopsguy/dokaseca-control-plane/discussions\"\u003e\u003cimg src=\"https://img.shields.io/github/discussions/thatmlopsguy/dokaseca-control-plane\" alt=\"GitHub Discussions\"\u003e\u003c/a\u003e\n\u003c/div\u003e\n\n\u003e⚠️ Note\n\u003e\n\u003e DoKa Seca is still in relatively early development. At this time, **do not use** Doka Seca for critical production systems. Current version is intended for learning, experimentation, and as a reference implementation for platform engineering best practices. Use at your own risk.\n\n## Overview\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/thatmlopsguy/dokaseca-control-plane/main/docs/assets/figures/images/internal-developer-platform.png\" alt=\"Internal Developer Platform\" width=\"600\"/\u003e\n  \u003cp\u003e\u003cem\u003eBased on the Humanitec Reference Architectures for Internal Developer Platforms.\u003c/p\u003e\n  \u003cp\u003eSource: \u003ca href=\"https://platformengineering.org/platform-tooling\"\u003eplatformengineering.org\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003c/div\u003e\n\n## Introduction\n\n[![Kubernetes](https://img.shields.io/badge/Kubernetes-v1.35-blue?style=for-the-badge\u0026logo=kubernetes\u0026logoColor=white)](https://kubernetes.io/)\n\nWelcome to **DoKa Seca** (Distributed Orchestration Kubernetes Automation with Scalable Edge Computing Applications) - an opinionated\ninfrastructure framework that combines the power of Cloud Native Computing Foundation (CNCF) projects for bootstrapping cloud-native\nplatforms using Kubernetes in Docker (Kind)!\n\nDoKa Seca provides a production-ready framework that automates the entire platform bootstrap process using Kind clusters. Rather than\njust being a collection of configurations, it's a complete platform engineering solution that provisions infrastructure, installs\nessential tooling, configures GitOps workflows, and sets up observability - all with a single command, in your local \"dry dock\" environment.\n\nThis project serves as both a personal learning journey into modern DevOps practices and a comprehensive resource for platform engineers\nand developers interested in rapidly spinning up production-grade Kubernetes environments. Here you'll find real-world implementations of\nGitOps workflows, infrastructure as code, observability stacks, and cloud-native security practices - all designed to run efficiently in\nlocal development or homelab environments while following enterprise-grade patterns and best practices.\n\nDoKa Seca consists of 5 GitHub repositories:\n\n| Repository                                                                         | Description                                         |\n|------------------------------------------------------------------------------------|-----------------------------------------------------|\n| [dokaseca-control-plane](https://github.com/thatmlopsguy/dokaseca-control-plane)   | Control plane infrastructure and cluster management |\n| [dokaseca-addons](https://github.com/thatmlopsguy/dokaseca-addons)                 | Platform addons and Kubernetes extensions           |\n| [dokaseca-workloads](https://github.com/thatmlopsguy/dokaseca-workloads)           | Application workloads and deployments               |\n| [dokaseca-portal](https://github.com/thatmlopsguy/dokaseca-portal)                 | Backstage project (TBD) (optional)                  |\n| [dokaseca-portal-catalog](https://github.com/thatmlopsguy/dokaseca-portal-catalog) | Backstage Catalog (TBD) (optional)                  |\n\n**Prerequisites**\n\n* [`git`](https://git-scm.com/downloads)\n* [`make`](https://www.gnu.org/software/make/)\n* [`direnv`](https://direnv.net/)\n* [`docker`](https://www.docker.com/)\n* [`terraform`](https://www.terraform.io/) or [`opentofu`](https://opentofu.org/)\n* [`Kind`](https://kind.sigs.k8s.io/docs/user/quick-start/), [`k0s`](https://docs.k0sproject.io/stable/), [`k3d`](https://k3d.io/stable/) and/or [`vind`](https://github.com/loft-sh/vind)\n* [`jq`](https://jqlang.github.io/jq/)\n* [`helm`](https://helm.sh/docs/intro/install/)\n* [`Kubectl`](https://kubernetes.io/docs/tasks/tools/)\n* `base64`\n* [`kustomize`](https://kustomize.io/)\n\n**Optional tools**\n\n* [`k9s`](https://k9scli.io/) or [`freelens`](https://github.com/freelensapp/freelens) (optional, if you'd like to inspect your cluster visually)\n* [`argocd`](https://argo-cd.readthedocs.io/en/stable/cli_installation/)\n* [`kargo`](https://docs.kargo.io/user-guide/installing-the-cli/)\n* [`vcluster`](https://www.vcluster.com/docs/platform/install/quick-start-guide)\n* [`falcoctl`](https://github.com/falcosecurity/falcoctl)\n* [`karmor`](https://kubearmor.io/)\n* [`clusteradm`](https://github.com/open-cluster-management-io/clusteradm)\n* [`cosign`](https://github.com/sigstore/cosign)\n* [`velero`](https://github.com/vmware-tanzu/velero)\n* [`vault`](https://developer.hashicorp.com/vault/docs/install)\n* [`minio client (mc)`](https://github.com/minio/mc)\n* [`crossplane-cli`](https://docs.crossplane.io/v2.2/cli/)\n\n\u003e **⚠️ Note: Internet access required**\n\u003e You will also need access to the internet to download the necessary Helm charts and CRDs.\n\u003e Make sure you are not blocked by a firewall or proxy.\n\n## Quick Start\n\nDoka Seca uses terraform to provision the infrastructure and deploy the clusters, so make sure you have it installed and configured properly.\nThis ensures your platform setup is consistent, secure, and easily reproducible across environments.\n\nDoKa Seca supports multiple deployment topologies. Choose the one that best fits your needs. For detailed deployment options and advanced\nconfigurations, see [terraform/README.md](terraform/README.md).\n\n### Option 1: Hub-Spoke Topology (Recommended)\n\nThis deploys a centralized hub cluster that manages multiple spoke clusters. The hub cluster runs ArgoCD and manages addons/workloads for all clusters.\n\n**Step 1: Deploy the Hub Cluster**\n\n```bash\n# Deploy control plane cluster\ncd terraform/topologies/hub-spoke/hub\nterraform init\nterraform apply -auto-approve\n```\n\n**Step 2: Deploy Spoke Clusters (Optional)**\n\n```bash\ncd terraform/topologies/hub-spoke/spoke\n# Deploy spoke clusters for different environments\n./deploy.sh spoke dev apply\n./deploy.sh spoke stg apply\n./deploy.sh spoke prod apply\n```\n\n**Step 3: Verify Deployment**\n\n```bash\n# Check deployed clusters\nkind get clusters\n\n# Verify spoke clusters are registered with hub ArgoCD\nkubectl get secrets -n argocd -l argocd.argoproj.io/secret-type=cluster\n```\n\n### Option 2: Distributed Topology\n\nEach cluster manages its own addons and workloads independently. Navigate to the distributed configuration.\n\n```bash\ncd terraform/topologies/distributed\n\n# Deploy clusters for each environment\n./deploy.sh dev\n./deploy.sh stg\n./deploy.sh prod\n```\n\n### Accessing Your Platform\n\nAfter deployment, you can inspect the deployed clusters:\n\n```bash\n# List all kind clusters (Hub-Spoke Topology)\nkind get clusters\n# Expected output:\n# hub-dev\n# spoke-dev\n# spoke-prod  \n# spoke-stg\n```\n\n**Access ArgoCD UI:**\n\n```bash\n# Get ArgoCD admin password\nmake argo-cd-password\n\n# Forward ArgoCD port\nmake argo-cd-ui\n# Access at: http://localhost:8088\n```\n\nIf you enable in `terraform.tfvars` the gitops bridge by setting `enable_gitops_bridge = true`, then argocd will be also\ninstalled and all the enabled addons. You can see that terraform will add GitOps Bridge Metadata to the ArgoCD secret.\nThe annotations contain metadata for the addons' Helm charts and ArgoCD ApplicationSets.\n\n```sh\nkubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.annotations'\n```\n\nThe output looks like the following:\n\n```json\n{\n  \"addons_extras_repo_basepath\": \"stable\",\n  \"addons_extras_repo_revision\": \"main\",\n  \"addons_extras_repo_url\": \"https://github.com/thatmlopsguy/helm-charts\",\n  \"addons_repo_basepath\": \"argocd\",\n  \"addons_repo_path\": \"appsets\",\n  \"addons_repo_revision\": \"main\",\n  \"addons_repo_url\": \"https://github.com/thatmlopsguy/dokaseca-addons\",\n  \"cluster_name\": \"hub-dev\",\n  \"cluster_repo_basepath\": \"argocd\",\n  \"cluster_repo_path\": \"clusters\",\n  \"cluster_repo_revision\": \"dev\",\n  \"cluster_repo_url\": \"https://github.com/thatmlopsguy/dokaseca-clusters\",\n  \"environment\": \"dev\",\n  \"workload_repo_basepath\": \"argocd\",\n  \"workload_repo_path\": \"workloads\",\n  \"workload_repo_revision\": \"dev\",\n  \"workload_repo_url\": \"https://github.com/thatmlopsguy/dokaseca-workloads\"\n}\n```\n\nThe labels offer a straightforward way to enable or disable an addon in ArgoCD for the cluster.\n\n```sh\nkubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.labels'\n```\n\nThe output looks like the following:\n\n```json\n{\n  \"argocd.argoproj.io/secret-type\": \"cluster\",\n  \"cloud_provider\": \"local\",\n  \"cluster_name\": \"hub-dev\",\n  \"enable_alloy\": \"false\",\n  \"enable_argo_cd\": \"true\",\n  \"enable_argo_cd_image_updater\": \"false\",\n  \"enable_argo_events\": \"false\",\n  \"enable_argo_rollouts\": \"false\",\n  \"enable_argo_workflows\": \"false\",\n  \"enable_trivy\": \"false\",\n  \"enable_vault\": \"false\",\n  \"enable_vcluster\": \"false\",\n  \"enable_vector\": \"false\",\n  \"enable_victoria_metrics_k8s_stack\": \"true\",\n  \"enable_zipkin\": \"false\",\n  \"environment\": \"dev\",\n  \"k8s_cluster_name\": \"hub-dev\",\n  \"k8s_domain_name\": \"dokaseca.local\",\n  \"kubernetes_version\": \"1.31.2\"\n}\n```\n\n## Destroy Infrastructure\n\nTo tear down all the resources and the kind cluster(s), run the following command:\n\n```sh\nmake clean-infra\n```\n\n## Troubleshooting\n\n`ERROR: failed to create cluster: could not find a log line that matches \"Reached target .*Multi-User System.*|detected cgroup v1\"`\n\nTo increase these limits temporarily run the following commands on the host:\n\n```sh\nsudo sysctl fs.inotify.max_user_watches=1048576\nsudo sysctl fs.inotify.max_user_instances=8192\n```\n\nSource: [Pod errors due to “too many open files”](https://kind.sigs.k8s.io/docs/user/known-issues/#pod-errors-due-to-too-many-open-files)\n\n## Support \u0026 Resources\n\nUser documentation can be found on our [user docs site](https://thatmlopsguy.github.io/dokaseca-control-plane/).\n\n## Contributing \u0026 Governance\n\nAll contributors are warmly welcome. If you want to become a new contributor, we are so happy! Just, before doing it,\nread our [contributing guidelines](CONTRIBUTING.md).\n\n## Roadmap\n\nWant to know about the features to come? Check out the project roadmap for more information.\n\n## License\n\nDoKa Seca is licensed under [Apache License, Version 2.0](LICENSE), a permissive free software license that allows you to use the software for any purpose, to distribute it, to modify it, and to distribute modified versions under specific terms.\n\nPlease note that various pieces of software it installs in your cluster may have other licenses.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthatmlopsguy%2Fdokaseca-control-plane","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthatmlopsguy%2Fdokaseca-control-plane","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthatmlopsguy%2Fdokaseca-control-plane/lists"}