Devops

Live Status 🟢 View Live Status Page → Real-time health monitoring for the Nuclear Lighters multi-site infrastructure. Overview A public status page monitoring 31 endpoints across the entire homelab infrastructure, deployed on Kubernetes with enterprise-grade practices. Monitored Services Group Services 🇳🇱 Netherlands K8s ArgoCD, Grafana, Prometheus, Thanos, Hubble, K8s Dashboard, Goldpinger, SeaweedFS, AWX, Velero 🇬🇷 Greece K8s ArgoCD, Grafana, Prometheus, Thanos, Hubble, K8s Dashboard, Goldpinger, SeaweedFS 🔧 DevOps GitLab (NL/GR), Atlantis (NL/GR) 🌐 Shared Services Nextcloud, Home Assistant 🔗 External Internet connectivity checks Technical Stack Gatus - Lightweight status page with SQLite persistence Kubernetes - Deployed via OpenTofu/Atlantis GitOps Cilium - Network policies for security cert-manager - Automatic TLS certificates Prometheus - Metrics via ServiceMonitor Architecture Highlights Pod Security Standards: Restricted mode with read-only root filesystem Resource Management: CPU/memory limits enforced Network Isolation: CiliumNetworkPolicy restricting ingress/egress High Availability: Persistent storage on Synology iSCSI GitOps: Full infrastructure-as-code via Atlantis Source Managed as part of the Infrastructure Repository using OpenTofu modules. ...

Comprehensive GitOps-driven homelab managing network devices, virtualization, Kubernetes, Docker services, and backup systems through GitLab CI/CD, Atlantis, and Argo CD. Key Accomplishments Hybrid GitOps Architecture Enterprise two-tier model separating platform infrastructure (Atlantis/OpenTofu) from application workloads (Argo CD) with PR-based workflows and auto-sync. Kubernetes Platform 7-node HA cluster (v1.34.2) with Cilium CNI eBPF networking with kube-proxy replacement BGP peering with Cisco ASA for LoadBalancer services Dual storage: NFS (RWX) + Synology iSCSI CSI (RWO) Security & Service Mesh Cilium mTLS with SPIRE for mutual TLS authentication Zero-trust network policies External Secrets Operator syncing credentials from OpenBao to K8s TLS Automation cert-manager with Let’s Encrypt wildcards via Cloudflare DNS-01 AWX scheduled jobs sync certs to Nginx Proxy Manager (94 hosts) Syncthing replication for certificate distribution Observability Stack Prometheus/Grafana/Alertmanager for metrics and alerting Centralized logging: syslog-ng → Loki → Grafana Hubble for L7 flow visualization and network debugging Disaster Recovery Velero + MinIO S3 with automated daily/weekly backups Cross-site replication to Greece DR cluster Docker Fleet 60+ services including GPU AI workloads (Ollama, Stable Diffusion) Media servers, databases, home automation Network Automation Python CI/CD for Cisco IOS/ASA configuration Drift detection and auto-reconciliation Virtualization Proxmox VE with 100+ LXC containers, 20+ VMs All managed as code through GitLab pipelines Architecture Overview ┌─────────────────────────────────────────────────────────────────┐ │ GitLab CI/CD │ │ ┌──────────────────┐ ┌──────────────────┐ │ │ │ Atlantis │ │ ArgoCD │ │ │ │ (Platform IaC) │ │ (Applications) │ │ │ └────────┬─────────┘ └────────┬─────────┘ │ └───────────┼────────────────────────────┼────────────────────────┘ │ │ ▼ ▼ ┌───────────────────────┐ ┌───────────────────────┐ │ Infrastructure │ │ Workloads │ │ - Kubernetes nodes │ │ - Applications │ │ - Network configs │ │ - Services │ │ - Storage │ │ - ConfigMaps │ │ - Secrets │ │ - Ingress │ └───────────────────────┘ └───────────────────────┘ │ │ └──────────────┬─────────────┘ ▼ ┌─────────────────────────────────────────────────────────────────┐ │ Kubernetes Cluster │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Cilium CNI │ │ SPIRE │ │ OpenBao │ │ │ │ + Hubble │ │ mTLS │ │ Secrets │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Prometheus │ │ Loki │ │ Velero │ │ │ │ + Grafana │ │ Logging │ │ Backups │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────────┘ Technology Stack Category Technologies GitOps GitLab CI/CD, Atlantis, Argo CD IaC OpenTofu/Terraform, Helm Kubernetes v1.34.2, Cilium CNI, SPIRE Secrets OpenBao, External Secrets Operator Monitoring Prometheus, Grafana, Alertmanager, Loki Network Hubble, BGP, Cisco IOS/ASA Backup Velero, MinIO S3 Automation AWX, Python Virtualization Proxmox VE, Docker Skills Demonstrated GitLab CI/CD pipeline design Infrastructure as Code (Terraform/OpenTofu) Argo CD application management Kubernetes cluster administration Docker containerization Helm chart management Prometheus/Grafana observability DevOps/GitOps practices Proxmox virtualization Python automation Cisco networking Linux system administration Core infrastructure for the Nuclear Lighters homelab ...