From a555fc744dbf55a0e63c222b8f57b3dbb85dabcd Mon Sep 17 00:00:00 2001
From: Kobeep <kuba.pospieszny@gmail.com>
Date: Tue, 7 Oct 2025 00:05:50 +0200
Subject: [PATCH 1/2] Re-write Readme file | Used best-readme-template

---
 README.md | 706 ++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 446 insertions(+), 260 deletions(-)

diff --git a/README.md b/README.md
index 58af810..d2ee045 100644
--- a/README.md
+++ b/README.md
@@ -1,320 +1,506 @@
-# 🚀 k8s-gitops-template -> **In-progress**
-
-> **Production-ready Kubernetes DevOps template with automated local clusters (dev/prod), GitOps, monitoring, logging, security policies, and CI/CD pipelines.**
-
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-[![Kubernetes](https://img.shields.io/badge/Kubernetes-1.28+-blue.svg)](https://kubernetes.io/)
-[![ArgoCD](https://img.shields.io/badge/GitOps-ArgoCD-orange.svg)](https://argoproj.github.io/cd/)
-
-## 📋 Table of Contents
-
-- [Overview](#overview)
-- [Features](#features)
-- [Prerequisites](#prerequisites)
-- [Quick Start](#quick-start)
-- [Architecture](#architecture)
-- [Project Structure](#project-structure)
-- [Usage](#usage)
-- [Contributing](#contributing)
-- [License](#license)
-
-## 🎯 Overview
-
-This project provides a **complete, production-ready Kubernetes template** for DevOps engineers. It includes:
-
-- 🏗️ Automated local Kubernetes clusters (dev & prod) using **k3d**
-- 🔄 **GitOps** workflow with ArgoCD
-- 📊 Full observability stack (Prometheus, Grafana, Loki)
-- 🔒 Security policies (Kyverno, Pod Security, Network Policies)
-- 🔐 RBAC configuration with namespace isolation
-- 🚦 CI/CD pipelines with GitHub Actions
-- 📦 Sample microservices with Helm charts
-- 🔧 One-command setup with `make bootstrap`
-
-## ✨ Features
-
-### Platform Components
-
-- **k3d**: Lightweight Kubernetes clusters in Docker
-- **ArgoCD**: GitOps continuous delivery
-- **Ingress NGINX**: Ingress controller with TLS support
-- **cert-manager**: Automatic TLS certificate management
-- **Prometheus Stack**: Monitoring and alerting
-- **Grafana**: Visualization and dashboards
-- **Loki**: Log aggregation
-- **Kyverno**: Policy engine for Kubernetes
-- **Sealed Secrets**: Encrypted secrets management
-
-### DevOps Features
-
-- ✅ Automated cluster provisioning
-- ✅ Namespace isolation (dev/prod)
-- ✅ RBAC roles and bindings
-- ✅ Network policies
-- ✅ Resource quotas and limits
-- ✅ Pod Security Standards
-- ✅ GitHub Actions CI/CD
-- ✅ Helm charts for apps
-- ✅ GitOps deployment workflow
-
-## 🔧 Prerequisites
-
-Required tools (install scripts provided):
-
-- [Docker](https://docs.docker.com/get-docker/) (20.10+)
-- [kubectl](https://kubernetes.io/docs/tasks/tools/) (1.28+)
-- [k3d](https://k3d.io/) (5.6+)
-- [Helm](https://helm.sh/docs/intro/install/) (3.12+)
-- [ArgoCD CLI](https://argo-cd.readthedocs.io/en/stable/cli_installation/) (2.8+)
-- [make](https://www.gnu.org/software/make/)
-
-### Quick Install
-
-```bash
-# Install all prerequisites (Linux/macOS)
-./scripts/install-prerequisites.sh
-```
+<div align="center">
+  <h1>🚀 K8s GitOps Template</h1>
+
+  <p>
+    <strong>Production-ready Kubernetes GitOps template with automated local clusters, full observability stack, and security policies</strong>
+  </p>
+
+  <p>
+    <a href="https://github.com/Kobeep/k8s-gitops-template/graphs/contributors">
+      <img src="https://img.shields.io/github/contributors/Kobeep/k8s-gitops-template.svg?style=for-the-badge" alt="Contributors">
+    </a>
+    <a href="https://github.com/Kobeep/k8s-gitops-template/network/members">
+      <img src="https://img.shields.io/github/forks/Kobeep/k8s-gitops-template.svg?style=for-the-badge" alt="Forks">
+    </a>
+    <a href="https://github.com/Kobeep/k8s-gitops-template/stargazers">
+      <img src="https://img.shields.io/github/stars/Kobeep/k8s-gitops-template.svg?style=for-the-badge" alt="Stargazers">
+    </a>
+    <a href="https://github.com/Kobeep/k8s-gitops-template/issues">
+      <img src="https://img.shields.io/github/issues/Kobeep/k8s-gitops-template.svg?style=for-the-badge" alt="Issues">
+    </a>
+    <a href="https://github.com/Kobeep/k8s-gitops-template/blob/main/LICENSE">
+      <img src="https://img.shields.io/github/license/Kobeep/k8s-gitops-template.svg?style=for-the-badge" alt="MIT License">
+    </a>
+  </p>
+
+  <p>
+    <a href="https://github.com/Kobeep/k8s-gitops-template"><strong>Explore the docs »</strong></a>
+    <br />
+    <br />
+    <a href="#-getting-started">View Demo</a>
+    ·
+    <a href="https://github.com/Kobeep/k8s-gitops-template/issues/new?labels=bug">Report Bug</a>
+    ·
+    <a href="https://github.com/Kobeep/k8s-gitops-template/issues/new?labels=enhancement">Request Feature</a>
+  </p>
+</div>
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>📋 Table of Contents</summary>
+  <ol>
+    <li>
+      <a href="#-about-the-project">About The Project</a>
+      <ul>
+        <li><a href="#-built-with">Built With</a></li>
+      </ul>
+    </li>
+    <li>
+      <a href="#-getting-started">Getting Started</a>
+      <ul>
+        <li><a href="#-prerequisites">Prerequisites</a></li>
+        <li><a href="#-installation">Installation</a></li>
+      </ul>
+    </li>
+    <li><a href="#-usage">Usage</a></li>
+    <li><a href="#-project-structure">Project Structure</a></li>
+    <li><a href="#-architecture">Architecture</a></li>
+    <li><a href="#-contributing">Contributing</a></li>
+    <li><a href="#-license">License</a></li>
+    <li><a href="#-contact">Contact</a></li>
+    <li><a href="#-acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+<!-- ABOUT THE PROJECT -->
+## 🎯 About The Project
+
+This project provides a **complete, production-ready Kubernetes template** designed for DevOps engineers who want to quickly set up a local Kubernetes environment with GitOps principles, comprehensive monitoring, and security best practices.
+
+**Key Highlights:**
+* 🏗️ **Automated Setup**: Two k3d clusters (dev & prod) deployed with a single command
+* 🔄 **GitOps Workflow**: ArgoCD-based continuous deployment with declarative configuration
+* 📊 **Full Observability**: Prometheus, Grafana, and Loki for complete monitoring and logging
+* 🔒 **Security First**: Kyverno policies for automated security enforcement
+* 🚀 **Production-Ready**: Separate dev and prod environments with proper isolation
+* � **Easy to Extend**: Well-structured platform components using Helm charts
+
+This template is perfect for learning Kubernetes, testing applications locally, or as a starting point for your own GitOps infrastructure.
+
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
+
+### � Built With
+
+This project leverages the following major frameworks and tools:
+
+* [![Kubernetes][Kubernetes-badge]][Kubernetes-url]
+* [![Docker][Docker-badge]][Docker-url]
+* [![ArgoCD][ArgoCD-badge]][ArgoCD-url]
+* [![Prometheus][Prometheus-badge]][Prometheus-url]
+* [![Grafana][Grafana-badge]][Grafana-url]
+* [![Helm][Helm-badge]][Helm-url]
+
+**Platform Components:**
+- **k3d** - Lightweight Kubernetes clusters in Docker
+- **ArgoCD** - GitOps continuous delivery tool
+- **Ingress NGINX** - Kubernetes Ingress controller
+- **Prometheus Stack** (kube-prometheus-stack v55.5.0) - Monitoring and alerting
+- **Grafana** - Metrics visualization and dashboards
+- **Loki** (v2.9.0) - Log aggregation system
+- **Promtail** - Log collector for Loki
+- **Kyverno** (v1.11.0) - Kubernetes policy engine
+
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
+
+<!-- GETTING STARTED -->
+## 🚀 Getting Started
+
+Follow these steps to get your local Kubernetes clusters up and running with all platform components deployed.
+
+### � Prerequisites
+
+Before you begin, ensure you have the following tools installed on your system:
+
+* **Docker** (20.10+)
+  ```sh
+  # Verify installation
+  docker --version
+  ```
+
+* **kubectl** (1.28+)
+  ```sh
+  # Verify installation
+  kubectl version --client
+  ```
+
+* **k3d** (5.6+)
+  ```sh
+  # Verify installation
+  k3d version
+  ```
+
+* **Helm** (3.12+)
+  ```sh
+  # Verify installation
+  helm version
+  ```
+
+### � Installation
+
+1. **Clone the repository**
+   ```sh
+   git clone https://github.com/Kobeep/k8s-gitops-template.git
+   cd k8s-gitops-template
+   ```
+
+2. **Install prerequisites** (if needed)
+   ```sh
+   ./scripts/install-prerequisites.sh
+   ```
+
+3. **Bootstrap both clusters**
+   ```sh
+   ./scripts/bootstrap.sh
+   ```
+
+   This will:
+   - ✅ Create k3d dev cluster (1 server + 2 agents)
+   - ✅ Create k3d prod cluster (1 server + 3 agents)
+   - ✅ Install ArgoCD on both clusters
+   - ✅ Deploy root applications
+   - ✅ Configure GitOps sync
 
-## 🚀 Quick Start
+4. **Verify cluster status**
+   ```sh
+   ./scripts/status.sh
+   ```
 
-### 1. Clone the repository
+5. **Get ArgoCD credentials**
+
+   The bootstrap script will output the ArgoCD admin passwords for both clusters. You can also retrieve them manually:
+
+   ```sh
+   # DEV cluster
+   kubectl config use-context k3d-k8s-dev
+   kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
 
-```bash
-git clone https://github.com/Kobeep/k8s-devops-template.git
-cd k8s-devops-template
+   # PROD cluster
+   kubectl config use-context k3d-k8s-prod
+   kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+   ```
+
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
+
+<!-- USAGE EXAMPLES -->
+## 💡 Usage
+
+### Managing Clusters
+
+**Bootstrap Clusters:**
+```sh
+# Bootstrap both dev and prod clusters
+./scripts/bootstrap.sh
 ```
 
-### 2. Bootstrap everything
+**Switch Between Clusters:**
+```sh
+# Switch to dev cluster
+kubectl config use-context k3d-k8s-dev
 
-```bash
-# Create both dev and prod clusters with all components
-make bootstrap
+# Switch to prod cluster
+kubectl config use-context k3d-k8s-prod
 ```
 
-This single command will:
-- Create k3d clusters (dev & prod)
-- Install ArgoCD and configure GitOps
-- Deploy monitoring stack (Prometheus, Grafana, Loki)
-- Configure RBAC and security policies
-- Deploy sample applications
-
-### 3. Access services
-
-```bash
-# Get ArgoCD password
-make argocd-password
-
-# Access ArgoCD UI (http://localhost:8080)
-make argocd
-
-# Access Grafana (http://localhost:3000)
-make monitoring
+**Check Cluster Status:**
+```sh
+./scripts/status.sh
+```
 
-# Access Prometheus (http://localhost:9090)
-make prometheus
+**Destroy Clusters:**
+```sh
+./scripts/destroy.sh
 ```
 
-### 4. Check status
+### Accessing Services
 
-```bash
-# View cluster status
-make status
+**ArgoCD:**
+```sh
+# Dev cluster - http://localhost:8080
+kubectl port-forward -n argocd svc/argocd-server 8080:443 --context k3d-k8s-dev
 
-# Switch between clusters
-make dev    # Switch to dev cluster
-make prod   # Switch to prod cluster
+# Prod cluster - http://localhost:9080
+kubectl port-forward -n argocd svc/argocd-server 9080:443 --context k3d-k8s-prod
 ```
 
-## 🏗️ Architecture
+**Grafana:**
+```sh
+# Access via Prometheus Stack service
+kubectl port-forward -n monitoring svc/kube-prometheus-stack-grafana 3000:80
+```
 
+**Prometheus:**
+```sh
+# Access Prometheus UI
+kubectl port-forward -n monitoring svc/kube-prometheus-stack-prometheus 9090:9090
 ```
-┌─────────────────────────────────────────────────────────────┐
-│                    GitHub Repository                         │
-│                    (GitOps Source)                          │
-└──────────────────────┬──────────────────────────────────────┘
-                       │
-                       │ ArgoCD Sync
-                       │
-        ┌──────────────┴──────────────┐
-        │                             │
-┌───────▼───────┐            ┌────────▼────────┐
-│  Dev Cluster  │            │  Prod Cluster   │
-│   (k3d)       │            │    (k3d)        │
-├───────────────┤            ├─────────────────┤
-│ • ArgoCD      │            │ • ArgoCD        │
-│ • Ingress     │            │ • Ingress       │
-│ • Prometheus  │            │ • Prometheus    │
-│ • Grafana     │            │ • Grafana       │
-│ • Loki        │            │ • Loki          │
-│ • Kyverno     │            │ • Kyverno       │
-│ • Sample Apps │            │ • Sample Apps   │
-└───────────────┘            └─────────────────┘
+
+### Deploying Applications
+
+ArgoCD automatically syncs applications from the `clusters/{dev,prod}/argocd-apps/` directory. To add new applications:
+
+1. Create an ArgoCD Application manifest in the appropriate cluster directory
+2. Commit and push to the repository
+3. ArgoCD will automatically detect and sync the new application
+
+**Example Application:**
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-app-dev
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/Kobeep/k8s-gitops-template.git
+    targetRevision: main
+    path: apps/my-app
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: dev
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
 ```
 
-See [Architecture Documentation](docs/architecture.md) for detailed diagrams.
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
 
+<!-- PROJECT STRUCTURE -->
 ## 📁 Project Structure
 
 ```
-k8s-devops-template/
-├── Makefile                          # Main automation commands
-├── README.md                         # This file
-├── .github/
-│   └── workflows/                    # GitHub Actions CI/CD
-│       ├── build-and-push.yml       # Build & push Docker images
-│       ├── deploy-dev.yml           # Deploy to dev
-│       └── deploy-prod.yml          # Deploy to prod
-├── clusters/                         # Cluster configurations
-│   ├── dev/
-│   │   ├── cluster-config.yaml      # k3d dev cluster config
-│   │   └── argocd-apps/             # ArgoCD app definitions
-│   └── prod/
-│       ├── cluster-config.yaml      # k3d prod cluster config
-│       └── argocd-apps/             # ArgoCD app definitions
-├── platform/                         # Platform components
-│   ├── argocd/                      # ArgoCD installation
-│   ├── ingress-nginx/               # Ingress controller
-│   ├── cert-manager/                # Certificate management
-│   ├── monitoring/                  # Prometheus, Grafana
-│   ├── logging/                     # Loki, Promtail
-│   ├── security/                    # Kyverno, policies
-│   └── sealed-secrets/              # Sealed Secrets controller
-├── apps/                            # Sample applications
-│   ├── sample-app/
-│   │   ├── helm/                    # Helm chart
-│   │   ├── manifests/               # K8s manifests
-│   │   └── src/                     # Application source
-│   └── microservices/
-│       ├── frontend/
-│       ├── backend/
-│       └── database/
-├── rbac/                            # RBAC configurations
+k8s-gitops-template/
+├── clusters/                         # Cluster-specific configurations
 │   ├── dev/
-│   │   ├── namespaces.yaml
-│   │   ├── roles.yaml
-│   │   └── rolebindings.yaml
+│   │   ├── cluster-config.yaml      # k3d dev cluster config (1 server + 2 agents)
+│   │   │                            # Ports: HTTP:8080, HTTPS:8443, NodePort:30000-30010
+│   │   └── argocd-apps/             # ArgoCD Applications for dev
+│   │       ├── root-app.yaml        # Root app of apps pattern
+│   │       ├── platform.yaml        # Platform components (monitoring, logging, etc.)
+│   │       └── apps.yaml            # Application deployments
 │   └── prod/
-│       ├── namespaces.yaml
-│       ├── roles.yaml
-│       └── rolebindings.yaml
-├── policies/                        # Kyverno policies
-│   ├── pod-security.yaml
-│   ├── resource-limits.yaml
-│   └── network-policies.yaml
-├── scripts/                         # Automation scripts
-│   ├── bootstrap.sh                 # Main bootstrap script
-│   ├── bootstrap-cluster.sh         # Single cluster bootstrap
-│   ├── destroy.sh                   # Destroy clusters
+│       ├── cluster-config.yaml      # k3d prod cluster config (1 server + 3 agents)
+│       │                            # Ports: HTTP:9080, HTTPS:9443, NodePort:31000-31010
+│       └── argocd-apps/             # ArgoCD Applications for prod
+│           ├── root-app.yaml
+│           ├── platform.yaml
+│           └── apps.yaml
+│
+├── platform/                         # Platform components (Helm umbrella charts)
+│   ├── ingress-nginx/               # Ingress NGINX Controller
+│   │   ├── Chart.yaml               # v4.8.3
+│   │   ├── values.yaml              # Default values
+│   │   ├── values-dev.yaml          # Dev-specific overrides
+│   │   └── values-prod.yaml         # Prod-specific overrides
+│   │
+│   ├── monitoring/                  # Prometheus + Grafana
+│   │   ├── Chart.yaml               # kube-prometheus-stack v55.5.0
+│   │   ├── values.yaml
+│   │   ├── values-dev.yaml
+│   │   └── values-prod.yaml
+│   │
+│   ├── logging/                     # Loki + Promtail
+│   │   ├── Chart.yaml               # Loki v5.41.4, Promtail v6.15.3
+│   │   ├── values.yaml
+│   │   ├── values-dev.yaml
+│   │   └── values-prod.yaml
+│   │
+│   └── security/                    # Kyverno policies
+│       ├── Chart.yaml               # Kyverno v3.1.4
+│       ├── values.yaml
+│       ├── values-dev.yaml
+│       └── values-prod.yaml
+│
+├── scripts/                          # Automation scripts
+│   ├── bootstrap.sh                 # Bootstrap both clusters
+│   ├── destroy.sh                   # Destroy all clusters
 │   ├── status.sh                    # Check cluster status
-│   ├── port-forward.sh              # Port forwarding helper
-│   ├── deploy-apps.sh               # Deploy applications
-│   ├── validate.sh                  # Validate manifests
 │   └── install-prerequisites.sh     # Install required tools
-└── tests/                           # Integration tests
-    ├── cluster-tests.sh
-    ├── app-tests.sh
-    └── security-tests.sh
+│
+├── CONTRIBUTING.md                   # Contribution guidelines
+├── LICENSE                          # MIT License
+└── README.md                        # This file
 ```
 
-## 📖 Usage
+**Key Design Principles:**
+* **Separation of Concerns**: Platform components are separate from applications
+* **GitOps-Native**: Everything is declarative and stored in Git
+* **Environment Parity**: Dev and prod use the same structure with different values
+* **Helm-Based**: All platform components use Helm for easy customization
+* **App of Apps Pattern**: ArgoCD manages multiple applications through a root app
 
-### Cluster Management
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
 
-```bash
-# Bootstrap both clusters
-make bootstrap
+<!-- ARCHITECTURE -->
+## 🏗 Architecture
 
-# Bootstrap only dev
-make bootstrap-dev
+### Cluster Architecture
 
-# Bootstrap only prod
-make bootstrap-prod
-
-# Destroy all clusters
-make destroy
-
-# Check status
-make status
 ```
-
-### Switching Contexts
-
-```bash
-# Switch to dev cluster
-make dev
-
-# Switch to prod cluster
-make prod
+┌──────────────────────────────────────────────────────────────────────┐
+│                         GitHub Repository                             │
+│                      (GitOps Source of Truth)                        │
+└────────────────────────────┬─────────────────────────────────────────┘
+                             │
+                             │ ArgoCD pulls manifests
+                             │ and syncs to clusters
+                             │
+              ┌──────────────┴──────────────┐
+              │                             │
+    ┌─────────▼──────────┐        ┌────────▼──────────┐
+    │   Dev Cluster      │        │   Prod Cluster    │
+    │   (k3d)            │        │   (k3d)           │
+    ├────────────────────┤        ├───────────────────┤
+    │ • 1 server         │        │ • 1 server        │
+    │ • 2 agents         │        │ • 3 agents        │
+    │                    │        │                   │
+    │ Ports:             │        │ Ports:            │
+    │ • HTTP: 8080       │        │ • HTTP: 9080      │
+    │ • HTTPS: 8443      │        │ • HTTPS: 9443     │
+    │ • NodePort:        │        │ • NodePort:       │
+    │   30000-30010      │        │   31000-31010     │
+    └────────────────────┘        └───────────────────┘
 ```
 
-### Accessing Services
-
-```bash
-# ArgoCD
-make argocd
-make argocd-password
+### Platform Components per Cluster
 
-# Grafana
-make monitoring
+```
+┌─────────────────────────────────────────────────────────────┐
+│                    Kubernetes Cluster (k3d)                  │
+├─────────────────────────────────────────────────────────────┤
+│                                                               │
+│  ┌──────────────────────────────────────────────────────┐  │
+│  │  argocd namespace                                     │  │
+│  │  • ArgoCD Server                                      │  │
+│  │  • ArgoCD Application Controller                      │  │
+│  │  • ArgoCD Repo Server                                 │  │
+│  └──────────────────────────────────────────────────────┘  │
+│                                                               │
+│  ┌──────────────────────────────────────────────────────┐  │
+│  │  ingress-nginx namespace                              │  │
+│  │  • NGINX Ingress Controller                           │  │
+│  │  • LoadBalancer Service                               │  │
+│  └──────────────────────────────────────────────────────┘  │
+│                                                               │
+│  ┌──────────────────────────────────────────────────────┐  │
+│  │  monitoring namespace                                 │  │
+│  │  • Prometheus (metrics collection)                    │  │
+│  │  • Grafana (visualization)                            │  │
+│  │  • AlertManager (alerting)                            │  │
+│  │  • Node Exporter (node metrics)                       │  │
+│  │  • Kube State Metrics (k8s metrics)                   │  │
+│  └──────────────────────────────────────────────────────┘  │
+│                                                               │
+│  ┌──────────────────────────────────────────────────────┐  │
+│  │  logging namespace                                    │  │
+│  │  • Loki (log aggregation)                             │  │
+│  │  • Promtail (log collection)                          │  │
+│  └──────────────────────────────────────────────────────┘  │
+│                                                               │
+│  ┌──────────────────────────────────────────────────────┐  │
+│  │  security namespace                                   │  │
+│  │  • Kyverno (policy engine)                            │  │
+│  │  • Admission Controller                               │  │
+│  │  • Background Controller                              │  │
+│  │  • Reports Controller                                 │  │
+│  └──────────────────────────────────────────────────────┘  │
+│                                                               │
+│  ┌──────────────────────────────────────────────────────┐  │
+│  │  dev/prod namespaces                                  │  │
+│  │  • Application workloads                              │  │
+│  └──────────────────────────────────────────────────────┘  │
+│                                                               │
+└─────────────────────────────────────────────────────────────┘
+```
 
-# Prometheus
-make prometheus
+### GitOps Flow
 
-# Alertmanager
-make alertmanager
+```
+1. Developer pushes changes to Git repository
+                  ↓
+2. ArgoCD detects changes automatically
+                  ↓
+3. ArgoCD pulls updated manifests
+                  ↓
+4. ArgoCD applies changes to cluster
+                  ↓
+5. Applications are deployed/updated
+                  ↓
+6. Monitoring & logging track the deployment
 ```
 
-### Application Deployment
-
-```bash
-# Deploy sample applications
-make deploy-apps
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
 
-# Sync ArgoCD applications
-make sync
+<!-- CONTRIBUTING -->
+## 🤝 Contributing
 
-# View application logs
-make logs
-```
+Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
 
-### Validation & Testing
+If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".
+Don't forget to give the project a star! Thanks again!
 
-```bash
-# Validate all manifests
-make validate
+1. Fork the Project
+2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the Branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
 
-# Run integration tests
-make test
-```
+For more details, please refer to [CONTRIBUTING.md](CONTRIBUTING.md).
 
-## 🔒 Security
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
 
-This template includes:
+<!-- LICENSE -->
+## 📄 License
 
-- **Pod Security Standards**: Enforced at namespace level
-- **Network Policies**: Restrict pod-to-pod communication
-- **RBAC**: Fine-grained access control
-- **Kyverno Policies**: Automated policy enforcement
-- **Sealed Secrets**: Encrypted secrets in Git
+Distributed under the MIT License. See `LICENSE` for more information.
 
-See [Security Documentation](docs/security.md) for details.
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
 
-## 🤝 Contributing
+<!-- CONTACT -->
+## 📧 Contact
 
-Contributions are welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details.
+Jakub Pospieszny - [@Kobeep](https://github.com/Kobeep)
 
-## 📄 License
+Project Link: [https://github.com/Kobeep/k8s-gitops-template](https://github.com/Kobeep/k8s-gitops-template)
 
-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
 
+<!-- ACKNOWLEDGMENTS -->
 ## 🙏 Acknowledgments
 
-- [k3d](https://k3d.io/) - Lightweight Kubernetes in Docker
-- [ArgoCD](https://argoproj.github.io/cd/) - GitOps continuous delivery
-- [Prometheus](https://prometheus.io/) - Monitoring and alerting
-- [Grafana](https://grafana.com/) - Visualization platform
-- [Kyverno](https://kyverno.io/) - Kubernetes policy engine
+This project was built using these amazing open-source tools:
+
+* [k3d](https://k3d.io/) - Lightweight Kubernetes in Docker
+* [ArgoCD](https://argoproj.github.io/cd/) - GitOps continuous delivery tool
+* [Prometheus](https://prometheus.io/) - Monitoring and alerting toolkit
+* [Grafana](https://grafana.com/) - Analytics and monitoring platform
+* [Loki](https://grafana.com/oss/loki/) - Log aggregation system
+* [Kyverno](https://kyverno.io/) - Kubernetes native policy management
+* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) - Ingress controller for Kubernetes
+* [Helm](https://helm.sh/) - The package manager for Kubernetes
+* [Best-README-Template](https://github.com/othneildrew/Best-README-Template) - README template inspiration
+
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
 
 ---
 
-**Made with ❤️ for the DevOps community**
+<div align="center">
+  <strong>Made with ❤️ for the DevOps community</strong>
+  <br />
+  <sub>If you find this project helpful, please consider giving it a ⭐</sub>
+</div>
+
+<!-- MARKDOWN LINKS & IMAGES -->
+[Kubernetes-badge]: https://img.shields.io/badge/Kubernetes-326CE5?style=for-the-badge&logo=kubernetes&logoColor=white
+[Kubernetes-url]: https://kubernetes.io/
+[Docker-badge]: https://img.shields.io/badge/Docker-2496ED?style=for-the-badge&logo=docker&logoColor=white
+[Docker-url]: https://www.docker.com/
+[ArgoCD-badge]: https://img.shields.io/badge/ArgoCD-EF7B4D?style=for-the-badge&logo=argo&logoColor=white
+[ArgoCD-url]: https://argoproj.github.io/cd/
+[Prometheus-badge]: https://img.shields.io/badge/Prometheus-E6522C?style=for-the-badge&logo=prometheus&logoColor=white
+[Prometheus-url]: https://prometheus.io/
+[Grafana-badge]: https://img.shields.io/badge/Grafana-F46800?style=for-the-badge&logo=grafana&logoColor=white
+[Grafana-url]: https://grafana.com/
+[Helm-badge]: https://img.shields.io/badge/Helm-0F1689?style=for-the-badge&logo=helm&logoColor=white
+[Helm-url]: https://helm.sh/

From 2a64b21345a3f8141d154b802b5c1c6114d7e59a Mon Sep 17 00:00:00 2001
From: Kobeep <kuba.pospieszny@gmail.com>
Date: Tue, 7 Oct 2025 00:12:59 +0200
Subject: [PATCH 2/2] Built Ci pipeline

---
 .github/workflows/ci.yml      | 229 ++++++++++++++++++++++++++++++++++
 .github/workflows/release.yml |  38 ++++++
 .yamllint                     |  16 +++
 README.md                     |  72 +++++++++++
 4 files changed, 355 insertions(+)
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 .github/workflows/release.yml
 create mode 100644 .yamllint

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..07e198f
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,229 @@
+name: CI Pipeline
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+jobs:
+  validate-yaml:
+    name: Validate YAML Syntax
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install yamllint
+        run: pip install yamllint
+
+      - name: Validate YAML files
+        run: |
+          find . -name "*.yaml" -o -name "*.yml" | xargs yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}"
+
+  validate-kubernetes:
+    name: Validate Kubernetes Manifests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: 'v1.28.0'
+
+      - name: Validate cluster configs
+        run: |
+          echo "Validating k3d cluster configurations..."
+          kubectl version --client
+
+      - name: Validate ArgoCD applications
+        run: |
+          echo "Checking ArgoCD application manifests..."
+          for file in clusters/*/argocd-apps/*.yaml; do
+            if [ -f "$file" ]; then
+              echo "Validating $file"
+              kubectl apply --dry-run=client -f "$file" || exit 1
+            fi
+          done
+
+  validate-helm:
+    name: Validate Helm Charts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: 'v3.13.0'
+
+      - name: Add Helm repositories
+        run: |
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+          helm repo add grafana https://grafana.github.io/helm-charts
+          helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+          helm repo add kyverno https://kyverno.github.io/kyverno/
+          helm repo update
+
+      - name: Validate Helm charts
+        run: |
+          echo "Validating platform Helm charts..."
+          for chart in platform/*/; do
+            if [ -f "${chart}Chart.yaml" ]; then
+              echo "Linting $(basename $chart)"
+              helm dependency update "$chart"
+              helm lint "$chart" || exit 1
+
+              # Validate with dev values
+              if [ -f "${chart}values-dev.yaml" ]; then
+                helm lint "$chart" -f "${chart}values-dev.yaml" || exit 1
+              fi
+
+              # Validate with prod values
+              if [ -f "${chart}values-prod.yaml" ]; then
+                helm lint "$chart" -f "${chart}values-prod.yaml" || exit 1
+              fi
+            fi
+          done
+
+  test-scripts:
+    name: Test Shell Scripts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install shellcheck
+        run: sudo apt-get update && sudo apt-get install -y shellcheck
+
+      - name: Validate shell scripts
+        run: |
+          echo "Checking shell scripts with shellcheck..."
+          find scripts/ -name "*.sh" -type f | xargs shellcheck -x || exit 1
+
+      - name: Check script permissions
+        run: |
+          echo "Verifying script permissions..."
+          for script in scripts/*.sh; do
+            if [ -f "$script" ]; then
+              if [ ! -x "$script" ]; then
+                echo "Warning: $script is not executable"
+                chmod +x "$script"
+              fi
+            fi
+          done
+
+  security-scan:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'config'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  integration-test:
+    name: Integration Test (Optional)
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker
+        uses: docker/setup-buildx-action@v3
+
+      - name: Install k3d
+        run: |
+          curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash
+
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v3
+        with:
+          version: 'v1.28.0'
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: 'v3.13.0'
+
+      - name: Create test cluster
+        run: |
+          echo "Creating test k3d cluster..."
+          k3d cluster create test-cluster \
+            --servers 1 \
+            --agents 1 \
+            --wait \
+            --timeout 120s
+
+      - name: Verify cluster
+        run: |
+          kubectl cluster-info
+          kubectl get nodes
+
+      - name: Test ArgoCD installation
+        run: |
+          echo "Testing ArgoCD installation..."
+          kubectl create namespace argocd
+          kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+          kubectl wait --for=condition=available --timeout=300s deployment/argocd-server -n argocd
+
+      - name: Cleanup
+        if: always()
+        run: |
+          k3d cluster delete test-cluster
+
+  lint-markdown:
+    name: Lint Markdown
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Lint Markdown files
+        uses: DavidAnson/markdownlint-cli2-action@v14
+        with:
+          globs: '**/*.md'
+          config: |
+            {
+              "default": true,
+              "MD013": false,
+              "MD033": false,
+              "MD041": false
+            }
+
+  summary:
+    name: CI Summary
+    runs-on: ubuntu-latest
+    needs: [validate-yaml, validate-kubernetes, validate-helm, test-scripts, security-scan]
+    if: always()
+    steps:
+      - name: Check job results
+        run: |
+          echo "## CI Pipeline Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "✅ YAML Validation: ${{ needs.validate-yaml.result }}" >> $GITHUB_STEP_SUMMARY
+          echo "✅ Kubernetes Validation: ${{ needs.validate-kubernetes.result }}" >> $GITHUB_STEP_SUMMARY
+          echo "✅ Helm Validation: ${{ needs.validate-helm.result }}" >> $GITHUB_STEP_SUMMARY
+          echo "✅ Shell Script Tests: ${{ needs.test-scripts.result }}" >> $GITHUB_STEP_SUMMARY
+          echo "✅ Security Scan: ${{ needs.security-scan.result }}" >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..96c58d7
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,38 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get version from tag
+        id: get_version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+
+      - name: Generate changelog
+        id: changelog
+        run: |
+          echo "## What's Changed" > CHANGELOG.txt
+          git log $(git describe --tags --abbrev=0 HEAD^)..HEAD --pretty=format:"* %s (%h)" >> CHANGELOG.txt
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: Release ${{ steps.get_version.outputs.VERSION }}
+          body_path: CHANGELOG.txt
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..d031d52
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,16 @@
+---
+extends: relaxed
+
+rules:
+  line-length:
+    max: 120
+    level: warning
+  indentation:
+    spaces: 2
+    indent-sequences: true
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: {}
+  document-start: disable
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
diff --git a/README.md b/README.md
index d2ee045..2a663ce 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,9 @@
   </p>
 
   <p>
+    <a href="https://github.com/Kobeep/k8s-gitops-template/actions/workflows/ci.yml">
+      <img src="https://github.com/Kobeep/k8s-gitops-template/actions/workflows/ci.yml/badge.svg" alt="CI Pipeline">
+    </a>
     <a href="https://github.com/Kobeep/k8s-gitops-template/graphs/contributors">
       <img src="https://img.shields.io/github/contributors/Kobeep/k8s-gitops-template.svg?style=for-the-badge" alt="Contributors">
     </a>
@@ -55,6 +58,7 @@
     <li><a href="#-usage">Usage</a></li>
     <li><a href="#-project-structure">Project Structure</a></li>
     <li><a href="#-architecture">Architecture</a></li>
+    <li><a href="#-cicd">CI/CD</a></li>
     <li><a href="#-contributing">Contributing</a></li>
     <li><a href="#-license">License</a></li>
     <li><a href="#-contact">Contact</a></li>
@@ -432,6 +436,74 @@ k8s-gitops-template/
 
 <p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
 
+<!-- CI/CD -->
+## 🔄 CI/CD
+
+This project includes automated CI/CD pipelines using **GitHub Actions**.
+
+### CI Pipeline
+
+The CI pipeline runs automatically on every push and pull request to `main` or `develop` branches.
+
+**Pipeline Stages:**
+
+1. **YAML Validation** - Validates all YAML files using yamllint
+2. **Kubernetes Validation** - Validates Kubernetes manifests with kubectl dry-run
+3. **Helm Validation** - Lints all Helm charts in the platform directory
+4. **Script Testing** - Runs shellcheck on all bash scripts
+5. **Security Scanning** - Scans for vulnerabilities using Trivy
+6. **Integration Testing** - Creates a test k3d cluster (PR only)
+7. **Markdown Linting** - Validates markdown documentation
+
+**Status Badge:**
+
+[![CI Pipeline](https://github.com/Kobeep/k8s-gitops-template/actions/workflows/ci.yml/badge.svg)](https://github.com/Kobeep/k8s-gitops-template/actions/workflows/ci.yml)
+
+### Running Tests Locally
+
+Before pushing, you can run validations locally:
+
+```sh
+# Install dependencies
+pip install yamllint
+sudo apt-get install shellcheck
+
+# Validate YAML
+yamllint -c .yamllint .
+
+# Check shell scripts
+shellcheck scripts/*.sh
+
+# Lint Helm charts
+helm lint platform/monitoring/
+helm lint platform/logging/
+helm lint platform/security/
+helm lint platform/ingress-nginx/
+
+# Validate Kubernetes manifests
+kubectl apply --dry-run=client -f clusters/dev/argocd-apps/
+kubectl apply --dry-run=client -f clusters/prod/argocd-apps/
+```
+
+### Release Process
+
+To create a new release:
+
+```sh
+# Create and push a tag
+git tag -a v1.0.0 -m "Release version 1.0.0"
+git push origin v1.0.0
+```
+
+The release workflow will automatically:
+- Create a GitHub release
+- Generate a changelog from commits
+- Tag the release with semantic versioning
+
+For more details, see [`.github/workflows/README.md`](.github/workflows/README.md).
+
+<p align="right">(<a href="#-k8s-gitops-template">back to top</a>)</p>
+
 <!-- CONTRIBUTING -->
 ## 🤝 Contributing