ghndrx/homelab-gitops
1
0
Fork 0
mirror of https://github.com/ghndrx/homelab-gitops.git synced 2026-02-10 06:44:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
4 Commits 1 Branch 0 Tags
3752fd03861f6db938c13a97f41b72b9376a1057
Commit Graph

4 Commits

Author SHA1 Message Date
Greg Hendrickson
3752fd0386 feat(kyverno): add policy engine with security baseline 
- Kyverno 3.3.4 via Helm (HA config: 3 admission, 2 background replicas)
- Validation policies:
  - disallow-privileged-containers (Enforce)
  - require-resource-limits (Enforce)
  - require-labels (Audit - standard k8s labels)
  - require-run-as-non-root (Audit)
  - disallow-latest-tag (Enforce - GitOps reproducibility)
- Mutating policy:
  - add-default-securitycontext (seccomp, drop caps, read-only fs)
- System namespaces excluded (kube-system, kyverno, istio-system)
- Auto-discovered by ArgoCD ApplicationSet

Reference: CIS Kubernetes Benchmark, Pod Security Standards
 2026-02-09 18:02:21 +00:00
Greg Hendrickson
124a29a0a9 feat: add ArgoCD bootstrap with ApplicationSet pattern 
- Add root ApplicationSet using Git Directory Generator
- Configure AppProjects for infrastructure and apps separation
- Add cert-manager with Let's Encrypt ClusterIssuers (staging/prod)
- Add SOPS configuration for age-encrypted secrets
- Add bootstrap documentation (docs/BOOTSTRAP.md)
- Scaffold infrastructure dirs (networking, storage, monitoring)
- Update README with quick start and architecture

GitOps pattern: directories auto-discovered by ArgoCD ApplicationSets
Reference: CNCF App-of-Apps best practices 2025
 2026-02-02 18:02:42 +00:00
Greg Hendrickson
1e402ff027 fix: correct infrastructure description - defiant runs k3s, not media 2026-01-31 06:57:07 +00:00
Greg Hendrickson
26dc6e9983 feat: initial homelab gitops structure 2026-01-31 06:53:57 +00:00