openCenter-gitops-base is the shared foundation for building and operating openCenter clusters.
It covers two parts of the platform lifecycle:
iac/provisions the underlying infrastructure, renders Kubespray inventory and variables, and initiates Kubernetes cluster deployment through Kubesprayapplications/provides the reusable GitOps base for platform services deployed into Kubernetes clusters
The service base in this repository is intended to be consumed in two ways:
- directly by cluster repositories that apply cluster-specific overrides
- indirectly by the private enterprise repository, which imports this base and applies private source, image, and values rewrites
The applications/ tree is managed with Flux CD and follows declarative, version-controlled GitOps patterns.
iac/provisions infrastructure, renders Kubespray inputs, and initiates cluster bootstrapapplications/contains the reusable base service definitions and policy resourcesdocs/contains tutorials, how-to guides, references, and architecture documentation
For the complete directory layout, see Directory Structure.
| Service | Namespace | Version | Purpose | Documentation |
|---|---|---|---|---|
| cert-manager | cert-manager |
v1.18.2 |
Automated TLS certificate management | README |
| external-snapshotter | external-snapshotter |
v8.2.1 |
Volume snapshot management | README |
| gateway-api | envoy-gateway-system |
v0.0.0-latest |
Next-generation ingress API | README |
| harbor | harbor |
1.17.2 |
Container registry with security scanning | README |
| headlamp | headlamp |
0.35.0 |
Modern Kubernetes dashboard | README |
| istio | istio-system |
1.28.3 |
Service mesh for traffic management, security, and observability | README |
| keycloak | keycloak |
26.4.2 |
Identity and access management | README |
| kyverno | kyverno |
3.6.0 |
Kubernetes-native policy engine | README |
| longhorn | longhorn-system |
1.11.0 |
Distributed block storage | README |
| metallb | metallb-system |
0.15.2 |
Load balancer for bare-metal clusters | README |
| olm | olm |
v0.34.0 |
Operator Lifecycle Manager | README |
| openstack-ccm | openstack-ccm |
2.33.1 |
OpenStack Cloud Controller Manager | README |
| openstack-csi | openstack-csi |
2.33.1 |
OpenStack Cinder CSI driver | README |
| postgres-operator | postgres-operator |
1.14.0 |
PostgreSQL cluster management | README |
| rbac-manager | rbac-manager |
1.21.1 |
RBAC management automation | README |
| sealed-secrets | sealed-secrets |
2.17.3 |
GitOps-friendly secret management | README |
| strimzi-kafka-operator | kafka-system |
0.50.0 |
Kubernetes operator for Apache Kafka | README |
| velero | velero |
10.1.1 |
Backup and disaster recovery | README |
| vsphere-csi | vmware-system-csi |
3.8.1 |
vSphere storage integration | README |
| Component | Namespace | Version | Purpose | Documentation |
|---|---|---|---|---|
| kube-prometheus-stack | observability |
77.6.0 |
Prometheus, Grafana, Alertmanager | README |
| loki | observability |
6.45.2 |
Log aggregation and storage | README |
| mimir | observability |
6.0.3 |
Horizontally scalable long-term metrics storage | README |
| tempo | observability |
1.55.0 |
Distributed tracing backend | README |
| opentelemetry-kube-stack | observability |
0.11.1 |
OpenTelemetry collection framework | README |
| Policy | Scope | Purpose |
|---|---|---|
| network-policies | Various | Kubernetes network segmentation |
| pod-security-policies | Various | Pod security standards enforcement |
| rbac | Various | Role-based access control |
Use the documentation set under docs/ together with the service README files for architecture, onboarding, configuration, and troubleshooting.
- Infrastructure as Code - Provision clusters and bootstrap Kubernetes
- Documentation Index - Browse tutorials, how-to guides, references, and explanations
- Getting Started Tutorial - Deploy your first service
- Service Deployment Patterns - Choose community or enterprise sourcing
- Helm Service Onboarding - Onboard Helm-based services
- OLM Service Onboarding - Onboard OLM-based services
- Operator CR Service Onboarding - Onboard operator-managed custom resources
- Add a Helm Service to the Community Repo - Add a shared Helm service to
applications/base/services/ - Service Reference Library - Per-service reference pages
- Service Configuration Guides - Configuration and troubleshooting for selected services