Skip to content
Snippets Groups Projects
Select Git revision
  • renovate/kube-prometheus-stack-70.x
  • renovate/docker.io-bitnami-kubectl-1.x
  • main default protected
  • renovate/docker.io-library-nextcloud-31.x
  • renovate/github.com-prometheus-common-0.x
  • renovate/siderolabs-talos-1.x
  • renovate/siderolabs-kubelet-1.x
  • renovate/kubernetes-go
  • renovate/siderolabs-kubelet-1.30.x
  • renovate/go-golang.org-x-net-vulnerability
  • renovate/kubernetes-kubernetes-1.x
  • renovate/docker.io-rancher-system-upgrade-controller-0.x
  • renovate/mariadb-20.x
  • renovate/cloudflare-5.x
  • renovate/tigera-operator-3.x
  • feat/keycloak-operator
  • renovate/docker.io-apache-tika-3.x
  • fix/immich-1.125
  • feat/s3dav-proxy
  • renovate/cowsay-org-cowsay-3.x
  • v25.03
  • v25.02
  • v25.01
  • v24.12
  • v24.11
  • v24.10
  • v24.09
  • v24.08
  • v24.07
  • v24.06
  • v24.05
  • v24.04
  • v24.03
  • v24.02
  • v24.01
  • v23.12
  • v23.11
  • v23.10
  • v23.09
  • v23.08
40 results
Compare
Name Last commit Last update
.chglog
apps
bootstrap
charts
clusters/k8s01
docs
images
infrastructure
scripts
shared
terraform
views
.gitignore
.gitlab-ci.yml
.sops.yaml
Earthfile
README.md
renovate.json
README.md

Shivering-Isles GitOps Infrastructure

This repository contains the Kubernetes objects that are synced and managed by flux in order to be deployed.

Usage

Finally in order to boostrap fluxcd in your cluster. For SI-GitLab this would look like this:

export GITLAB_TOKEN=<project access token able to write the API and repository>
flux bootstrap gitlab \
  --hostname=git.shivering-isles.com \
  --ssh-hostname=git.shivering-isles.com:2222 \
  --ssh-key-algorithm ed25519 \
  --owner=<your user / team> \
  --repository=<your repository name> \
  --path=clusters/<your cluster name>

Ideas & ToDo's

This toolchain is still under development. Before it will be used in production there are still some things left to do:

  • Buy hardware for the project.
  • Provide CLI container that contains all tools.
  • Automate overlay network deployment (calico)
  • Use encrypted overlay network (calico+wireguard)
  • Automate cluster monitoring deployment (kube-prometheus)
  • Automate ingress-controller deployment (ingress-nginx)
  • Automate policy enforcement (kyverno) deployment
  • Encrypt root filesystems for all nodes (LUKS + clevis)
  • Enforce SELinux on the deployed machines
  • Automate system upgrades using Kubernetes (system-upgrade-controller)
  • Automate system configuration using Kubernetes (system-upgrade-controller)
  • Provide an fully encrypted (handled on host level) storage class (longhorn)
  • Deploy cert-manager
  • Deploy credentials for cert-manager
  • Automate ingress-controller default certificate deployment
  • Add encrypted deployment instructions (SOPS + fluxcd)
  • Integrate Renovatebot with this repository to manage updates.
  • Automate Kubernetes upgrades
  • Automate ingress-controller configuration for proxy-protocol
  • Deploy kubelet with proper certificates
  • Document usage and thoughts in repository and blog posts
  • Automate flux OpenPGP bootstrap
  • Migrate apps to gitops and Kubernetes
  • Move to immutable base-system

Tools

To handle things properly, try to get the following tools (all included in koolbox):

  • kubectl
  • flux
  • sops (for secret handling)
  • helm (just for sake of completeness and validation)
  • make
  • git