Multi-Cluster Kubernetes Platform

A GitOps-native, multi-cloud, multi-region Kubernetes platform engineered to provision and manage workload clusters across cloud providers — built with ArgoCD, Terraform, Crossplane, CIVO, Vultr, Cloudflare and AWS.

Kubernetes ArgoCD Terraform Crossplane CIVO Vultr Cloudflare AWS
View on GitHub Contact Me

The Problem

Most platform teams face the same Kubernetes challenges as they scale — this platform solves them systematically.

Manual Cluster Management

Teams manually provision clusters in every region and provider, repeating the same brittle steps with zero automation or consistency.

Secret Sprawl

Credentials live everywhere with no centralized management. Secrets are copied by hand and impossible to audit at scale.

No Failover Strategy

Single-region deployments mean a single outage can take everything down — no geo redundancy or automated failover.

Platform Team Bottleneck

Developers wait on the platform team for every deploy. No self-service means context switching and long queues.

What I Built

A production-grade platform that removes manual work, distributes workloads globally and gives developers full self-service capability.

GitOps Control Plane

A centralized ArgoCD management cluster orchestrates every workload cluster. Infrastructure, applications and secrets flow through Git.

Multi-Cloud Distribution

Workload clusters run across CIVO regions with Cloudflare global load balancing, health checks and automated failover to secondary providers.

Self-Service Deployments

Developers ship by pushing to Git. ArgoCD ApplicationSets propagate changes to every target cluster with zero platform-team touch.

Architecture Overview

Management Cluster

CIVO

ArgoCD Crossplane ESO Terraform Cert-Manager External-DNS
GitOps Sync

Workload Cluster

London · CIVO

API Gateway Worker Monitoring ESO

Workload Cluster

Frankfurt · CIVO

API Gateway Worker Monitoring ESO

Workload Cluster

New York · Vultr

API Gateway Worker Monitoring ESO

Shared Resources

CIVO Database AWS Secrets Manager Cloudflare Load Balancer Container Registry Prometheus Federation

Technical Deep Dive

Here's how the platform works under the hood.

Management Cluster Architecture

A dedicated management cluster runs ArgoCD, Crossplane, Sealed Secrets, Cert-Manager, External-DNS and NGINX as the control plane for every workload cluster.

  • ArgoCD manages itself and every downstream cluster from one place.
  • Crossplane provisions cloud resources declaratively through Git.
  • Cert-Manager + External-DNS automate TLS and DNS for all ingresses.
ArgoCD Crossplane NGINX

Multi-Cloud Cluster Provisioning

Terraform modules provision workload clusters across CIVO (primary) and Vultr (secondary). Adding a region is a single pull request through GitOps.

  • Clusters deployed in London, Frankfurt and New York regions.
  • Secondary provider ensures vendor redundancy.
  • Terraform modules wrapped in ArgoCD Applications for GitOps enforcement.
CIVO Vultr Terraform

Secret Management Pipeline

Sealed Secrets encrypt credentials for Git storage, while External Secrets Operator pulls runtime secrets from AWS Secrets Manager into clusters.

  • Secrets encrypted once, committed safely, decrypted only inside clusters.
  • ESO pulls secrets from AWS SM and distributes them via PushSecret.
  • Zero manual handling — credentials remain traceable end to end.
Sealed Secrets ESO AWS SM

Global Load Balancing

Cloudflare load balancer distributes traffic across every workload cluster with health checks, SSL termination and DDoS protection.

  • Health checks monitor each ingress endpoint.
  • Failover automatically routes traffic away from unhealthy regions.
  • Cloudflare edge handles TLS and security at scale.
Cloudflare NGINX External-DNS

Database Management

CIVO managed databases are provisioned via Terraform and wired through a four-phase ESO workflow for fully automated credential rotation.

  • Terraform stores DB secrets in AWS Secrets Manager.
  • ESO pulls secrets into the management cluster.
  • PushSecret distributes credentials to workload clusters on demand.
CIVO DB Terraform ESO

App of Apps Pattern

ArgoCD ApplicationSets define platform components and workloads declaratively, targeting every cluster from a single definition.

  • List generators target multiple clusters automatically.
  • New clusters only require editing the generator list.
  • Supports platform components and developer services alike.
ArgoCD ApplicationSets Kustomize

Key Outcomes

The measurable results this platform delivers out of the box.

4+

Workload Clusters

London, Frankfurt, New York — extensible

2+

Cloud Providers

CIVO + Vultr vendor redundancy

7

Core Components

ArgoCD, ESO, Crossplane, Cert-Manager, etc.

129

Commits

Real-world iteration and learning

0

Manual Deploys

Fully GitOps automated — push to Git