Skip to content
Snippets Groups Projects
Select Git revision
  • de8140d476d35b28871b8fc9a836b909e79c446c
  • main default protected
  • next
  • fix/36615b-branch-reuse-no-cache
  • renovate/main-redis-5.x
  • chore/punycode
  • refactor/pin-new-value
  • feat/36219--git-x509-signing
  • feat/structured-logger
  • hotfix/39.264.1
  • feat/skip-dangling
  • gh-readonly-queue/next/pr-36034-7a061c4ca1024a19e2c295d773d9642625d1c2be
  • hotfix/39.238.3
  • refactor/gitlab-auto-approve
  • feat/template-strings
  • gh-readonly-queue/next/pr-35654-137d934242c784e0c45d4b957362214f0eade1d7
  • fix/32307-global-extends-merging
  • fix/32307-global-extends-repositories
  • gh-readonly-queue/next/pr-35009-046ebf7cb84ab859f7fefceb5fa53a54ce9736f8
  • gh-readonly-queue/next/pr-35009-9d5e583b7d7251148ab0d11ee8dd38149618d162
  • gh-readonly-queue/next/pr-35009-a70e4ea7c6484aef873585a7f22ee2f796c58cb5
  • 41.42.9
  • 41.42.8
  • 41.42.7
  • 41.42.6
  • 41.42.5
  • 41.42.4
  • 41.42.3
  • 41.42.2
  • 41.42.1
  • 41.42.0
  • 41.41.0
  • 41.40.0
  • 41.39.0
  • 41.38.2
  • 41.38.1
  • 41.38.0
  • 41.37.12
  • 41.37.11
  • 41.37.10
  • 41.37.9
41 results

docs

Name Last commit Last update
..
.chglog
apps
bootstrap
charts
clusters/k8s01
docs
images
infrastructure
scripts
shared
terraform
views
.gitignore
.gitlab-ci.yml
.sops.yaml
Earthfile
README.md
renovate.json
README.md

Shivering-Isles GitOps Infrastructure

This repository has become the center of Shivering-Isles Infrastructure. It homes basically all deployments of software, various custom container images, various self-maintained helm charts and more.

Usage

For SI-GitLab this would look like this:

export GITLAB_TOKEN=<project access token able to write the API and repository>
flux bootstrap gitlab \
  --hostname=git.shivering-isles.com \
  --ssh-hostname=git.shivering-isles.com:2222 \
  --ssh-key-algorithm ed25519 \
  --owner=<your user / team> \
  --repository=<your repository name> \
  --path=clusters/<your cluster name>

Ideas & ToDo's

This toolchain is still under development. Before it will be used in production there are still some things left to do:

  • Buy hardware for the project.
  • Provide CLI container that contains all tools.
  • Automate overlay network deployment (calico)
  • Use encrypted overlay network (calico+wireguard)
  • Automate cluster monitoring deployment (kube-prometheus)
  • Automate ingress-controller deployment (ingress-nginx)
  • Automate policy enforcement (kyverno) deployment
  • Encrypt root filesystems for all nodes (LUKS + clevis)
  • Enforce SELinux on the deployed machines
  • Automate system upgrades using Kubernetes (system-upgrade-controller)
  • Automate system configuration using Kubernetes (system-upgrade-controller)
  • Provide an fully encrypted (handled on host level) storage class (longhorn)
  • Deploy cert-manager
  • Deploy credentials for cert-manager
  • Automate ingress-controller default certificate deployment
  • Add encrypted deployment instructions (SOPS + fluxcd)
  • Integrate Renovatebot with this repository to manage updates.
  • Automate Kubernetes upgrades
  • Automate ingress-controller configuration for proxy-protocol
  • Migrate apps to gitops and Kubernetes
  • Deploy kubelet with proper certificates
  • Move to immutable base-system