A monorepo showcasing modern cloud-native and AI-powered workflows. Built on Crossplane v2 for platform API abstractions and FluxCD for GitOps automation.
Features cutting-edge AI projects including kgateway and kagent - Kubernetes-native projects designed to enable agentic AI workflows within cloud infrastructure. This repository serves as a playground for exploring the intersection of infrastructure-as-code, AI agents, and Kubernetes-native tooling.
Architecture: Hierarchical 3-tier cluster setup with automated "batteries included" provisioning using Crossplane compositions and GitOps deployment via Flux notifications triggering GitHub Actions.
This AI Assisted project, leveraging Claude Sonnet, gemini-cli, and other AI tools.
| Logo | Name | Description | Project Version | Latest Version |
|---|---|---|---|---|
 |
GKE | Google Kubernetes Engine is Google Cloud's managed Kubernetes service that provides a secure, scalable environment for running containerized applications. | - | - |
 |
Gateway API | Kubernetes Gateway API is a collection of resources that model service networking in Kubernetes, providing expressive, extensible, and role-oriented interfaces. | - | - |
 |
kgateway | Kubernetes gateway for AI services, providing a standardized way to connect applications with AI capabilities within the cluster. | v2.1.1 | v2.1.1 |
 |
Agent Gateway | Gateway Dataplane for AI workloads (MCP, A2A) | - | - |
 |
Crossplane | An open source Kubernetes add-on that transforms your cluster into a universal control plane, enabling platform teams to build infrastructure abstractions. | v2.0.0-rc.1 | v2.0.1 |
 |
kagent | Kubernetes-native AI agent framework that enables the deployment and management of AI agents within Kubernetes clusters. | v0.7.5 | v0.7.5 |
 |
FluxCD | GitOps toolkit for Kubernetes that keeps clusters in sync with configuration sources and automates deployments. | v2.7.5 | v2.7.5 |
 |
LitmusChaos | Cloud-native chaos engineering framework for Kubernetes that helps teams find weaknesses in their deployments through controlled chaos experiments. | v3.23.1 | v3.23.1 |
 |
:kill-with-fire: This project was using ArgoCD until release TBC | - | - |
These demos are found in Wiki
This project implements a hierarchical 3-tier architecture with fully automated cluster provisioning and GitOps deployment:
- Bootstrap cluster (kind): Local cluster running Crossplane v2 + FluxCD. Provisions control-plane cluster.
- Control-plane cluster (GKE): Management cluster with Crossplane, platform services, and AI stack. Provisions workload clusters.
- Workload clusters (GKE): Isolated clusters for tenant applications (apps-dev, staging, prod).
Comprehensive validation framework:
task validate:all # Full infrastructure validation
task validate:architecture # Architectural constraintsKey benefits: Zero circular dependencies, clean separation of concerns, automated failure detection.
Configure these secrets in your GitHub repository settings (Settings → Secrets and variables → Actions):
# Workload Identity Federation for GitHub Actions (replace vars with your values)
WIF_PROVIDER=projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$POOL_NAME/providers/$PROVIDER_NAME
WIF_SERVICE_ACCOUNT=github-actions-sa@$PROJECT_ID.iam.gserviceaccount.com
# GitHub token for Flux bootstrap (needs repo:write permissions)
FLUX_GITHUB_TOKEN=ghp_your_personal_access_token_hereAll required env variables are validated in preconditions of deploy task, defined here.
-
Infrastructure Provisioning (Kind cluster → GCP):
- Crossplane compositions create GKE clusters (infrastructure only)
- Connection secrets with kubeconfig are generated
-
Cluster Bootstrapping (GitHub Actions → Target cluster):
- Flux notification detects cluster readiness → triggers GitHub webhook
- GitHub Actions authenticates via Workload Identity Federation
- Flux bootstrapped on target cluster pointing to
/clusters/{cluster-type}/
-
"Batteries Included" Deployment (Target cluster GitOps):
- Flux on target cluster deploys Crossplane installation
- Platform services (kagent, kgateway, networking) deployed
- Applications and tenant workloads deployed
This repository hosts both platform teams and consumer teams configurations with clear separation of concerns.
Refer to ./bootstrap/README.md for detailed explanation of repository structure and deployment flow.
- Platform Products: Core services like kagent, kgateway, networking components
- Platform Tenants: End-user applications and team-specific workloads
- Flux GitOps: Automatically syncs both platform services and tenant applications to appropriate clusters
Deploy complete infrastructure:
task setup:deployValidate deployment:
task validate:allClean up everything:
task setup:cleanupAvailable commands:
task --list# Test whereami (team-alpha)
kubectl exec -n team-platform deploy/fortio-diagnostic -- \
fortio load -c 10 -qps 100 -t 30s http://whereami.team-alpha/
# Test fortio-echo (team-bravo)
kubectl exec -n team-platform deploy/fortio-diagnostic -- \
fortio load -c 10 -qps 100 -t 30s http://fortio-echo.team-bravo/
# High load test
kubectl exec -n team-platform deploy/fortio-diagnostic -- \
fortio load -c 50 -qps 1000 -t 60s http://whereami.team-alpha/