From d6920ffc4371ebf9f3c41314c940c4d79e2f5a0f Mon Sep 17 00:00:00 2001
From: kaushik-kumaran <kaushik.kumaran@ibm.com>
Date: Mon, 13 Apr 2026 18:12:18 -0700
Subject: [PATCH] feat: apply namespaces, wire make cluster-up end-to-end
 (closes #5)

---
 Makefile  | 72 ++++++++++++++++++++++++++++++++++++-------------------
 README.md | 19 ++++++++++++++-
 2 files changed, 65 insertions(+), 26 deletions(-)

diff --git a/Makefile b/Makefile
index 720e1f7..1afb2ff 100644
--- a/Makefile
+++ b/Makefile
@@ -1,59 +1,81 @@
-.PHONY: help cluster-up cluster-down deploy-cilium deploy-falco deploy-kyverno \
-        deploy-observability deploy-agent deploy-ui status clean
+.PHONY: help cluster-up cluster-down cluster-status deploy-cilium deploy-falco \
+        deploy-kyverno deploy-observability deploy-agent deploy-ui \
+        hubble-ui grafana-ui k9s clean
 
 help:
 	@echo "Argus — available commands:"
 	@echo ""
 	@echo "  Cluster"
-	@echo "    make cluster-up          Provision OrbStack VMs and bootstrap k3s"
-	@echo "    make cluster-down        Stop all OrbStack VMs"
-	@echo "    make cluster-status      Show node and pod status"
+	@echo "    make cluster-up            Provision VMs, install k3s, Cilium, namespaces"
+	@echo "    make cluster-down          Stop all OrbStack VMs"
+	@echo "    make cluster-status        Show node and pod status"
 	@echo ""
 	@echo "  Security"
-	@echo "    make deploy-cilium       Install Cilium CNI + enable Hubble"
-	@echo "    make deploy-falco        Install Falco via Helm"
-	@echo "    make deploy-kyverno      Install Kyverno + apply policies"
+	@echo "    make deploy-falco          Install Falco via Helm"
+	@echo "    make deploy-kyverno        Install Kyverno + apply policies"
 	@echo ""
 	@echo "  Observability"
 	@echo "    make deploy-observability  Install Prometheus + Grafana + Loki"
 	@echo ""
 	@echo "  Application"
-	@echo "    make deploy-agent        Build and deploy AI agent"
-	@echo "    make deploy-ui           Build and deploy React UI"
+	@echo "    make deploy-agent          Build and deploy AI agent"
+	@echo "    make deploy-ui             Build and deploy React UI"
 	@echo ""
 	@echo "  Utilities"
-	@echo "    make hubble-ui           Open Hubble network flow UI"
-	@echo "    make grafana-ui          Port-forward Grafana to localhost:3000"
-	@echo "    make k9s                 Open k9s cluster terminal UI"
-	@echo "    make clean               Destroy VMs and reset kubeconfig"
+	@echo "    make hubble-ui             Open Hubble network flow UI"
+	@echo "    make grafana-ui            Port-forward Grafana to localhost:3000"
+	@echo "    make k9s                   Open k9s cluster terminal UI"
+	@echo "    make clean                 Destroy VMs and reset kubeconfig"
 
 cluster-up:
-	@echo "TODO: implement in cluster/bootstrap/"
+	@echo "==> Provisioning VMs..."
+	@bash cluster/bootstrap/01-provision-vms.sh
+	@echo "==> Installing k3s master..."
+	@bash cluster/bootstrap/02-install-master.sh
+	@echo "==> Joining workers..."
+	@bash cluster/bootstrap/03-join-workers.sh
+	@echo "==> Installing Cilium..."
+	@bash cluster/bootstrap/04-install-cilium.sh
+	@echo "==> Applying namespaces..."
+	@kubectl apply -f cluster/namespaces/namespaces.yaml
+	@echo "==> Cluster is ready."
 
 cluster-down:
 	orb stop k3s-master k3s-worker1 k3s-worker2
 
 cluster-status:
-	kubectl get nodes -o wide
-	kubectl get pods -A
-
-deploy-cilium:
-	@echo "TODO: implement after cluster-up is working"
+	@echo "==> Nodes:"
+	@kubectl get nodes -o wide
+	@echo ""
+	@echo "==> Pods (all namespaces):"
+	@kubectl get pods -A
+	@echo ""
+	@echo "==> Cilium status:"
+	@cilium status
 
 deploy-falco:
-	@echo "TODO: implement after Cilium is running"
+	helm repo add falcosecurity https://falcosecurity.github.io/charts
+	helm repo update
+	helm upgrade --install falco falcosecurity/falco \
+		--namespace kube-system \
+		--values security/falco/values.yaml
 
 deploy-kyverno:
-	@echo "TODO: implement after Falco is running"
+	helm repo add kyverno https://kyverno.github.io/kyverno
+	helm repo update
+	helm upgrade --install kyverno kyverno/kyverno \
+		--namespace kube-system \
+		--create-namespace
+	kubectl apply -f security/kyverno/
 
 deploy-observability:
-	@echo "TODO: implement after security layer is deployed"
+	@echo "TODO: implement in Module 3"
 
 deploy-agent:
-	@echo "TODO: implement after observability is running"
+	@echo "TODO: implement in Module 4"
 
 deploy-ui:
-	@echo "TODO: implement after agent is running"
+	@echo "TODO: implement in Module 5"
 
 hubble-ui:
 	cilium hubble ui
diff --git a/README.md b/README.md
index 5e0537c..12027c6 100644
--- a/README.md
+++ b/README.md
@@ -49,7 +49,24 @@
 
 ## Local setup
 
-[fill in after Module 1 is complete]
+### Prerequisites
+- macOS (Apple Silicon M-series)
+- OrbStack installed (`brew install orbstack`)
+- CLI tools: `brew install kubectl helm k3sup cilium-cli hubble k9s`
+
+### Spin up the cluster
+```bash
+make cluster-up
+```
+
+This provisions 3 OrbStack VMs, installs k3s, deploys Cilium with eBPF
+kube-proxy replacement, enables Hubble, and creates all namespaces.
+
+### Verify
+```bash
+make cluster-status
+cilium hubble ui
+```
 
 ## Architecture decisions