K

k3s

This project provides a Docker image for Helmfile specifically built for arm64 architecture. It uses semantic-release to automate the versioning and package publishing process. The release version is automatically bumped based on commit messages, the changelog is updated, and a GitLab release is created.

IaC for GunCAD Index and related services

🛡️ K-Guard: Kubernetes Security Automation & Remediation (PoC)

K-Guard is a DevSecOps proof-of-concept focused on automating vulnerability lifecycle and active defense workflows within K3s clusters.

Vulnerability Remediation: Automated image patching workflows using K8s API patches triggered by Trivy scan results. Network Segregation: Policy-as-Code implementation (Ansible) for Ingress hardening and CIDR-based access control. SecOps Alerting: Real-time incident notification system leveraging Cisco Webex API for rapid response. Self-Healing Exploration: Detecting configuration drifts and applying automated state recovery.

🛡️ K-Guard : Pilotage de la Sécurité & Automatisation Kubernetes (MVP)

K-Guard est un outil d'expérimentation DevSecOps conçu pour automatiser les workflows de détection et de remédiation sur clusters K3s. Il explore l'implémentation de la défense active via l'API Kubernetes.

Points Techniques Clés

Vulnerability Management : Pipeline de scan continu (Trivy) avec déclenchement de correctifs via Strategic Merge Patch sur les Deployments. Hardening Réseau : Automatisation de Network Policies (Ansible) pour l'isolation des flux Ingress (filtrage IPs Cloudflare / RFC 1918). Incident Response (IR) : Système d'alerte ChatOps via l'API Cisco Webex pour la notification en temps réel des failles critiques détectées. Infrastructure-as-Code : Logique de remédiation et de déploiement orchestrée via GitLab CI/CD et scripts d'automation (Python/Go).

Helm Chart for Local Path Provisioner, that dynamically provisions Persistent Volumes (PVs) backed by local storage on the node where the corresponding pod is scheduled. It does this using hostPath volumes and a set of configurable path mappings.

A fully automated HA k3s etcd install with kube-vip, MetalLB, and more.

Configuration repository of Mathezirkel Augsburg server at http://www.mathezirkel-augsburg.de.

An Ansible role to install and configure a K3S Cluster on your hosts.

Ansible file to create and setup Kubernetes Cluster (k3s)

An Ansible playbook to install and configure a K3S Cluster on your hosts.

A yocto distribution layer that builds a reference Cassini software stack

Project documentation at https://cassini.readthedocs.io/en/latest/

Infrastructure repo for home k3s kubernetes cluster

k3s of my RaspberryPi 4.

Home lab setup using Raspberry Pi 5 running K3s. All Kubernetes objects managed via GitOps using FluxCD

Ansible playbooks to manage my Raspberry pi based k3s cluster

Ansible collection to install and configure Kubernetes

...