K3s Resume Platform
K3s Resume Platform is a public-facing FastAPI application delivered through a K3s-based GitOps workflow. The project demonstrates container build and publish automation, SBOM generation, image signing, automated dev environment updates through Flux image automation, and controlled production promotion by immutable digest.
What This Project Proves
- Public FastAPI application serving resume and RSS aggregation pages
- Dockerized runtime with health endpoints
- GitHub Actions workflow for build, publish, SBOM generation, and image signing
- GHCR image distribution for deployment artifacts
- Flux-based GitOps automation for dev image updates
- Production deployment pinned to immutable image digests
- Evidence-backed operational proof links for each implemented control
Delivery Flow
- 1. Application code is committed to the app repository.
- 2. GitHub Actions builds the container image and publishes it to GHCR.
- 3. The workflow generates an SPDX SBOM for the image.
- 4. The image is signed with Cosign using keyless signing.
- 5. Flux image automation updates the dev GitOps manifest to the new image.
- 6. Production is promoted separately through a digest-pinned GitOps manifest update.
Implemented Controls & Evidence
Implemented controls include SBOM generation, image signing, immutable production promotion by digest, and GitOps-based separation between delivery and deployment state. The Operational Proof panel links each implemented claim to concrete evidence such as workflow runs, SBOM artifacts, GitOps commit history for dev updates, and the exact production promotion commit.
What Is Not Claimed
This project does not currently claim verified Kubernetes admission policy enforcement because that evidence is not implemented in the repository. Unsupported claims were removed from the public proof panel to keep the project accurate and defensible.