CI/CD Automation
An enterprise-grade continuous integration and continuous deployment (CI/CD) pipeline architecture built to enforce strict software supply chain security and accelerate release velocity. Leveraging GitLab CI and custom Bash tooling, the pipeline automatically triggers on commit, executing unit tests, code quality analysis (SonarQube), and container image builds. Crucially, it integrates Trivy for automated vulnerability scanning before pushing artifacts to a private registry. Deployment is handled via a secure GitOps approach, ensuring zero-downtime rolling updates and automated rollbacks on failure.
Architecture Overview
The cluster is designed for resilience and learning. It comprises 3 control-plane nodes and 4 worker nodes, mixed architectures (ARM64 and AMD64).
Networking is handled via Cilium for advanced eBPF-based routing and observability, while MetalLB provides on-premise LoadBalancer capabilities.
- Control Plane: 3x RPi 4 (8GB) running etcd cluster.
- Worker Nodes: 4x Dell Optiplex Micro (i5, 32GB RAM).
- Storage: Longhorn providing distributed block storage over 10Gbps local network.
GitOps Configuration
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: infrastructure
namespace: flux-system
spec:
interval: 10m0s
path: ./infrastructure
prune: true
sourceRef:
kind: GitRepository
name: home-ops
# Wait for CRDs to be applied before moving on
wait: true