Hands-on DevOps and Kubernetes labs. Start local, learn the shape, then move to AWS only when you are ready for cost and account blast radius.
The default local platform is:
kind cluster -> Linkerd mesh -> Helm chart -> optional Traefik edge
Internal services stay ClusterIP by default. Browser-facing stacks expose one temporary/local edge and document the Linkerd policy between workloads.
Install mise and Docker, then run:
just prereqs
just doctor
just databases/deploy
just databases/smokeThis creates the tutorials kind cluster, installs Linkerd, and deploys PostgreSQL, MySQL, MongoDB, and a whoami debug app with Helm.
New here? Follow GETTING_STARTED.md.
| Path | Purpose |
|---|---|
charts/ |
Repo-owned Helm charts for the labs |
databases/, rclone/, collaboration-stack/, observability/ |
Local kind lab wrappers, docs, and just recipes |
drupal-hugo/ |
Drupal CMS/DDEV example |
restic/ |
GitHub organization backup example using restic and S3 |
eksauto/, s3-pod-identity/, secrets/ |
AWS/EKS labs |
shared.just |
Shared helpers for kind, Linkerd, and local platform setup |
justfile |
Top-level command entry point |
| Goal | Command | Creates cloud resources? |
|---|---|---|
| Install repo tools | just prereqs |
No |
| Preflight report | just doctor |
No |
| Curated command map | just commands |
No |
| Fast local checks | just check |
No |
| Local database lab | just databases/deploy |
No |
| Local S3-like filesystem mount | just rclone/deploy |
No |
| Collaboration apps | just collab::deploy |
No |
| Local observability | just observability/deploy |
No |
| Drupal CMS | just drupal::deploy |
No |
| EKS Auto Mode cluster | just eksauto/setup-eks |
Yes |
| Database chart on EKS | just eksauto/deploy |
Yes |
| S3 backup + Pod Identity | just s3-pod-identity/deploy |
Yes |
| External Secrets demo | just secrets/deploy |
Yes |
Run just to list every recipe.
| Lab | What it teaches | Level |
|---|---|---|
| databases/ | Helm deployment to kind with a Linkerd baseline | Beginner |
| rclone/ | CSI concepts and S3-compatible mounts | Intermediate |
| collaboration-stack/ | Traefik routing, local app auth, optional Keycloak/oauth2-proxy SSO, Linkerd policy | Intermediate |
| observability/ | VictoriaMetrics/Logs/Traces, Grafana, OpenTelemetry, optional S3 archive | Intermediate |
| drupal-hugo/ | Drupal/PHP local development with DDEV | Intermediate |
| restic/ | Encrypted GitHub org backups to S3 | Intermediate |
| eksauto/ | EKS Auto Mode with Terraform | Advanced |
| s3-pod-identity/ | EKS Pod Identity, MySQL backups, AWS S3 Files | Advanced |
| secrets/ | External Secrets Operator with AWS Secrets Manager | Advanced |
| argocd/ | Notes on reconciling these Helm charts with ArgoCD | Reference |
Recommended order: LEARNING_PATH.md.
just check # fast local just/Helm checks
just check-cloud # Terraform validate + cloud chart renders
just check-security # Trivy config scan
just lint # render + Terraform + security checks
just validate-local # deploy and smoke-test local examples plus Drupal checkValidate one chart directly:
helm lint charts/databases
helm template databases charts/databases >/tmp/databases.yamlRender EKS/S3 examples before touching a live cluster:
helm template s3-pod-identity charts/s3-pod-identity \
--set-string aws.region="${AWS_REGION:-$(aws configure get region)}" \
--set bucket=test-123456789012 \
--set s3files.fileSystemId=fs-12345678 >/tmp/s3-pod-identity.yamlExpected EKS S3 Files pattern: provisioner: efs.csi.aws.com, storageClassName: s3files-s3, and no rclone.csi.veloxpack.io. The rclone/ demo is local-only.
EKS costs money. Before cloud labs, run:
just aws-preflightDestroy cloud labs when done:
just eksauto/destroy-eks| Document | Use it for |
|---|---|
| GETTING_STARTED.md | First local walkthrough |
| LEARNING_PATH.md | Recommended lab order |
| COMMANDS.md | Command index |
| GLOSSARY.md | Terms and external references |
| CONTRIBUTING.md | Repo conventions |
| ISSUES.md | Historical audit backlog |
| REVIEW.md | Generated code quality review |