Skip to content
Snippets Groups Projects
Select Git revision
  • a84c99c375973fbba5649fa2e87e867c82c40b18
  • main default protected
  • renovate/prometheus-json-exporter-0.x
  • renovate/prometheus-smartctl-exporter-0.x
  • renovate/hcloud-exporter-4.x
  • renovate/gitlab-runner-0.x
  • renovate/gcr.io-projectsigstore-cosign-2.x
  • renovate/docker.io-bitnami-kubectl-1.x
  • renovate/docker.io-earthly-earthly-0.x
  • renovate/siderolabs-kubelet-1.33.x
  • renovate/cloudflare-5.x
  • renovate/redis-21.x
  • renovate/mariadb-21.x
  • renovate/kubernetes-go
  • renovate/external-dns-1.x
  • renovate/longhorn-1.8.x
  • renovate/docker.io-library-alpine-3.x
  • renovate/kubernetes-kubernetes-1.x
  • renovate/kubernetes-sigs-cluster-api-1.x
  • renovate/tektoncd-cli-0.x
  • renovate/quay.io-shivering-isles-postfix-3.x
  • v25.07
  • v25.06
  • v25.05
  • v25.04
  • v25.03
  • v25.02
  • v25.01
  • v24.12
  • v24.11
  • v24.10
  • v24.09
  • v24.08
  • v24.07
  • v24.06
  • v24.05
  • v24.04
  • v24.03
  • v24.02
  • v24.01
  • v23.12
41 results

README.md

Blame
    • README.md 2.07 KiB

    Shivering-Isles GitOps Infrastructure

    This repository has become the center of Shivering-Isles Infrastructure. It homes basically all deployments of software, various custom container images, various self-maintained helm charts and more.

    Usage

    For SI-GitLab this would look like this:

    export GITLAB_TOKEN=<project access token able to write the API and repository>
flux bootstrap gitlab \
  --hostname=git.shivering-isles.com \
  --ssh-hostname=git.shivering-isles.com:2222 \
  --ssh-key-algorithm ed25519 \
  --owner=<your user / team> \
  --repository=<your repository name> \
  --path=clusters/<your cluster name>

    Ideas & ToDo's

    This toolchain is still under development. Before it will be used in production there are still some things left to do:

    • Buy hardware for the project.
    • Provide CLI container that contains all tools.
    • Automate overlay network deployment (calico)
    • Use encrypted overlay network (calico+wireguard)
    • Automate cluster monitoring deployment (kube-prometheus)
    • Automate ingress-controller deployment (ingress-nginx)
    • Automate policy enforcement (kyverno) deployment
    • Encrypt root filesystems for all nodes (LUKS + clevis)
    • Enforce SELinux on the deployed machines
    • Automate system upgrades using Kubernetes (system-upgrade-controller)
    • Automate system configuration using Kubernetes (system-upgrade-controller)
    • Provide an fully encrypted (handled on host level) storage class (longhorn)
    • Deploy cert-manager
    • Deploy credentials for cert-manager
    • Automate ingress-controller default certificate deployment
    • Add encrypted deployment instructions (SOPS + fluxcd)
    • Integrate Renovatebot with this repository to manage updates.
    • Automate Kubernetes upgrades
    • Automate ingress-controller configuration for proxy-protocol
    • Migrate apps to gitops and Kubernetes
    • Deploy kubelet with proper certificates
    • Move to immutable base-system