Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/airkine/devsecops-sandbox

DevSecOps lab with GitOps, Kyverno, FluxCD, and secure Kubernetes workloads.
https://github.com/airkine/devsecops-sandbox

azure cicd devsecops docker fluxcd gitops go kind kubernetes kyverno sops

Last synced: 9 months ago
JSON representation

DevSecOps lab with GitOps, Kyverno, FluxCD, and secure Kubernetes workloads.

Awesome Lists containing this project

README 

          

## ๐Ÿš€ DevSecOps Demo Lab



This is a **Kubernetes-based DevSecOps demo environment** built for showcasing modern GitOps, security, and infrastructure best practices.



> ๐Ÿ”’ Designed for **SOC2-style compliance**, **secure-by-default Kubernetes**, and **GitOps automation** with real-world tools.



---



### ๐Ÿงฐ Tech Stack



- **FluxCD** โ€“ GitOps continuous delivery

- **Kyverno** โ€“ Kubernetes policy enforcement

- **cert-manager** โ€“ TLS management with self-signed & CA issuers

- **External Secrets Operator** โ€“ Secure secrets management (Azure)

- **Prometheus + Grafana** โ€“ Observability stack

- **NGINX Ingress Controller** โ€“ Routing with optional TLS

- **SOPS** โ€“ Secret encryption at rest

- **Go + PostgreSQL app** โ€“ Sample microservice + database deployment



---



### โœ… What This Demo Proves



- ๐Ÿ” GitOps-first infra using Flux

- ๐Ÿ›ก๏ธ Pod security policies with Kyverno

- ๐Ÿ” TLS and secret handling with cert-manager + ESO

- ๐Ÿ“ˆ Monitoring via Prometheus + Grafana

- ๐Ÿงช CI validation of manifests using `kubeconform`

- ๐Ÿงฑ Docker security best practices (non-root, pinned versions)

- ๐Ÿ› ๏ธ Custom Go app + DB deployment for hands-on realism



---



### ๐Ÿ“ฆ Local Development



You can run everything locally using [kind](https://kind.sigs.k8s.io/) and [Flux bootstrap](https://fluxcd.io/flux/installation/). Setup instructions are in the `kind_deployment/README.md`.