Disclaimer: Parts of this code has been generated by AI (Claude Code).
- Create a GitLab Deploy Token for this repo: https://docs.gitlab.com/user/project/deploy_tokens/#create-a-deploy-token
- Create
./bootstrap/repo.yaml(use./bootstrap/repo.yaml.exampleas template) - Run
./bootstrap/bootstrap.sh
Follow the printed instructions how to set up port forwarding and how to retrieve the admin secret.
- Provide a reference architecture for an IDP.
- Support for multiple application teams. RBAC for resource access.
- Teams should be able to create a new application from a template via self-service.
- Provide support for two environments: DEV and PROD
- Support multiple languages and application types:
- Backend: Java, Python
- Frontend: React
- Homelab
- GitLab + GitLab Runner
- HashiCorp Vault
- AWS (to save cost, only run during development, afterwards shut down completely)
- EKS
- Managed DBs
See https://platformengineering.org/platform-tooling
- Developer Control Plane
- IDE: VSCode
- Developer Portal: Backstage
- Version Control: GitLab
- Platform Source Code: Terraform (Bootstrap), Crossplane
- Integration & Delivery Plane
- CI Pipeline: GitLab CI
- Image Registry: GitLab Registry (maybe replace later with Harbor)
- CD Tools:
- Argo CD
- Argo Rollouts
- Resource Plane
- Compute:
- Amazone EKS (Cost optimization: spot instances / EKS Fargate profiles)
- Autoscaling: Karpenter, KEDA
- Data
- Amazon Aurora Serverless v2
- CloudNativePG
- S3
- Networking
- Cilium
- Cloudflare
- external-dns
- cert-manager
- Services
- Elasticsearch
- RabbitMQ/ActiveMQ
- Compute:
- Monitoring & Logging Plane
- Observability:
- Grafana LGTM (Loki, Grafana, Tempo, Mimir)
- opencost
- Kepptn Lifecycle Toolkit
- Observability:
- Security Plane
- Secrets Management: Hashicorp Vault
- Network based Security: Cilium, Falco
- Policy: Kyverno
- Scanning: Trivy
- GitLab
- HashiCorp Vault
- SCM + CI: GitLab + GitLab CI
- Compute: Homelab. Included services (external-dns, cert-manager, Kyverno)
- CD: ArgoCD
- Data: CloudNativePG
- API: Crossplane
- Secrets:
- Vault
- ESO
- Monitoring (subset of LGTM):
- Grafana
- Loki
- Prometheus
- Security:
- Trivy in CI
- Kyverno
- Migrate existing tools from Flux CD config
- Gateway API CRDs
- Cilium configuration
- cert-manager
- external-dns
- Longhorn (homelab only)
- Kyverno Policies
- Crossplane XRDs
- First example workloads
- Compute: EKS
- AWS VPC CNI
- Spot Instances (simulated base)
- EKS Fargate profiles (simulate scaling)
- Extends XRDs with cloud versions / cloud specifc configuration
- Argo Rollouts (progressive delivery)
- Better observability
- Full LGTM stack (Tempo, Mimir)
- opencost
- Keptn lifecycle toolkit
- Cilium (advanced networking)
- CloudNativePG for DEV + Aurora for PROD
- Backstage (self-service portal)
- Falco (runtime security)
- Keptn Lifecycle Toolkit (DORA Metrics)
- Additional services (Elasticsearch, message queues)
- auto scaling
- Karpenter
- KEDA