GitOps Homelab: Full-Stack Infrastructure as Code
Comprehensive GitOps-driven homelab managing network devices, virtualization, Kubernetes, Docker services, and backup systems through GitLab CI/CD, Atlantis, and Argo CD. Key Accomplishments Hybrid GitOps Architecture Enterprise two-tier model separating platform infrastructure (Atlantis/OpenTofu) from application workloads (Argo CD) with PR-based workflows and auto-sync. Kubernetes Platform 7-node HA cluster (v1.34.2) with Cilium CNI eBPF networking with kube-proxy replacement BGP peering with Cisco ASA for LoadBalancer services Dual storage: NFS (RWX) + Synology iSCSI CSI (RWO) Security & Service Mesh Cilium mTLS with SPIRE for mutual TLS authentication Zero-trust network policies External Secrets Operator syncing credentials from OpenBao to K8s TLS Automation cert-manager with Let’s Encrypt wildcards via Cloudflare DNS-01 AWX scheduled jobs sync certs to Nginx Proxy Manager (94 hosts) Syncthing replication for certificate distribution Observability Stack Prometheus/Grafana/Alertmanager for metrics and alerting Centralized logging: syslog-ng → Loki → Grafana Hubble for L7 flow visualization and network debugging Disaster Recovery Velero + MinIO S3 with automated daily/weekly backups Cross-site replication to Greece DR cluster Docker Fleet 60+ services including GPU AI workloads (Ollama, Stable Diffusion) Media servers, databases, home automation Network Automation Python CI/CD for Cisco IOS/ASA configuration Drift detection and auto-reconciliation Virtualization Proxmox VE with 100+ LXC containers, 20+ VMs All managed as code through GitLab pipelines Architecture Overview ┌─────────────────────────────────────────────────────────────────┐ │ GitLab CI/CD │ │ ┌──────────────────┐ ┌──────────────────┐ │ │ │ Atlantis │ │ ArgoCD │ │ │ │ (Platform IaC) │ │ (Applications) │ │ │ └────────┬─────────┘ └────────┬─────────┘ │ └───────────┼────────────────────────────┼────────────────────────┘ │ │ ▼ ▼ ┌───────────────────────┐ ┌───────────────────────┐ │ Infrastructure │ │ Workloads │ │ - Kubernetes nodes │ │ - Applications │ │ - Network configs │ │ - Services │ │ - Storage │ │ - ConfigMaps │ │ - Secrets │ │ - Ingress │ └───────────────────────┘ └───────────────────────┘ │ │ └──────────────┬─────────────┘ ▼ ┌─────────────────────────────────────────────────────────────────┐ │ Kubernetes Cluster │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Cilium CNI │ │ SPIRE │ │ OpenBao │ │ │ │ + Hubble │ │ mTLS │ │ Secrets │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Prometheus │ │ Loki │ │ Velero │ │ │ │ + Grafana │ │ Logging │ │ Backups │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────────┘ Technology Stack Category Technologies GitOps GitLab CI/CD, Atlantis, Argo CD IaC OpenTofu/Terraform, Helm Kubernetes v1.34.2, Cilium CNI, SPIRE Secrets OpenBao, External Secrets Operator Monitoring Prometheus, Grafana, Alertmanager, Loki Network Hubble, BGP, Cisco IOS/ASA Backup Velero, MinIO S3 Automation AWX, Python Virtualization Proxmox VE, Docker Skills Demonstrated GitLab CI/CD pipeline design Infrastructure as Code (Terraform/OpenTofu) Argo CD application management Kubernetes cluster administration Docker containerization Helm chart management Prometheus/Grafana observability DevOps/GitOps practices Proxmox virtualization Python automation Cisco networking Linux system administration Core infrastructure for the Nuclear Lighters homelab ...