Comprehensive GitOps-driven homelab managing network devices, virtualization, Kubernetes, Docker services, and backup systems through GitLab CI/CD, Atlantis, and Argo CD.
Key Accomplishments
Hybrid GitOps Architecture
Enterprise two-tier model separating platform infrastructure (Atlantis/OpenTofu) from application workloads (Argo CD) with PR-based workflows and auto-sync.
Kubernetes Platform
- 7-node HA cluster (v1.34.2) with Cilium CNI
- eBPF networking with kube-proxy replacement
- BGP peering with Cisco ASA for LoadBalancer services
- Dual storage: NFS (RWX) + Synology iSCSI CSI (RWO)
Security & Service Mesh
- Cilium mTLS with SPIRE for mutual TLS authentication
- Zero-trust network policies
- External Secrets Operator syncing credentials from OpenBao to K8s
TLS Automation
- cert-manager with Let’s Encrypt wildcards via Cloudflare DNS-01
- AWX scheduled jobs sync certs to Nginx Proxy Manager (94 hosts)
- Syncthing replication for certificate distribution
Observability Stack
- Prometheus/Grafana/Alertmanager for metrics and alerting
- Centralized logging: syslog-ng → Loki → Grafana
- Hubble for L7 flow visualization and network debugging
Disaster Recovery
- Velero + MinIO S3 with automated daily/weekly backups
- Cross-site replication to Greece DR cluster
Docker Fleet
- 60+ services including GPU AI workloads (Ollama, Stable Diffusion)
- Media servers, databases, home automation
Network Automation
- Python CI/CD for Cisco IOS/ASA configuration
- Drift detection and auto-reconciliation
Virtualization
- Proxmox VE with 100+ LXC containers, 20+ VMs
- All managed as code through GitLab pipelines
Architecture Overview
┌─────────────────────────────────────────────────────────────────┐
│ GitLab CI/CD │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ Atlantis │ │ ArgoCD │ │
│ │ (Platform IaC) │ │ (Applications) │ │
│ └────────┬─────────┘ └────────┬─────────┘ │
└───────────┼────────────────────────────┼────────────────────────┘
│ │
▼ ▼
┌───────────────────────┐ ┌───────────────────────┐
│ Infrastructure │ │ Workloads │
│ - Kubernetes nodes │ │ - Applications │
│ - Network configs │ │ - Services │
│ - Storage │ │ - ConfigMaps │
│ - Secrets │ │ - Ingress │
└───────────────────────┘ └───────────────────────┘
│ │
└──────────────┬─────────────┘
▼
┌─────────────────────────────────────────────────────────────────┐
│ Kubernetes Cluster │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Cilium CNI │ │ SPIRE │ │ OpenBao │ │
│ │ + Hubble │ │ mTLS │ │ Secrets │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Prometheus │ │ Loki │ │ Velero │ │
│ │ + Grafana │ │ Logging │ │ Backups │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Technology Stack
| Category | Technologies |
|---|---|
| GitOps | GitLab CI/CD, Atlantis, Argo CD |
| IaC | OpenTofu/Terraform, Helm |
| Kubernetes | v1.34.2, Cilium CNI, SPIRE |
| Secrets | OpenBao, External Secrets Operator |
| Monitoring | Prometheus, Grafana, Alertmanager, Loki |
| Network | Hubble, BGP, Cisco IOS/ASA |
| Backup | Velero, MinIO S3 |
| Automation | AWX, Python |
| Virtualization | Proxmox VE, Docker |
Skills Demonstrated
- GitLab CI/CD pipeline design
- Infrastructure as Code (Terraform/OpenTofu)
- Argo CD application management
- Kubernetes cluster administration
- Docker containerization
- Helm chart management
- Prometheus/Grafana observability
- DevOps/GitOps practices
- Proxmox virtualization
- Python automation
- Cisco networking
- Linux system administration
Core infrastructure for the Nuclear Lighters homelab