K3s Resume Platform
This project demonstrates an end-to-end secure delivery workflow for a public-facing application, separating application source from cluster desired state across dedicated repositories and using modern platform tooling to control build, publish, promotion, and deployment behavior.
Key Components
- K3s and Kubernetes for runtime orchestration
- GitHub Actions for CI workflows
- GHCR for container registry operations
- Flux CD and Kustomize for GitOps reconciliation
- Trivy for vulnerability scanning and critical-finding gates
- Syft for SBOM generation
- Cosign for artifact signing
- Kyverno for prod image policy enforcement
What It Demonstrates
- Secure build and publish workflows
- Digest-pinned promotion for prod
- Admission control and deployment policy enforcement
- Real troubleshooting across CI/CD, registry, GitOps, and Kubernetes layers