Service Foundry
Service Foundry Blog Infra SSO Observability Backend Big Data
Young Gyu Kim <credemol@gmail.com>

Streamlined GitOps Platform for Collaborative Kubernetes Workload Management

streamlined gitops platform

Introduction

This document introduces a GitOps-based platform designed to streamline the deployment and management of Kubernetes workloads. The platform promotes collaboration between developers and operators by providing a unified, automated workflow rooted in GitOps principles.

Service Foundry is a Kubernetes-native platform that simplifies application provisioning and lifecycle management. It offers a robust set of tools and services that enable teams to:

  • Manage all Kubernetes manifests in a Git repository

  • Automate deployments using Argo CD

  • Provision custom enterprise applications from private registries

  • Provision open-source software from public registries

  • Integrate Single Sign-On (SSO) using OAuth2

  • Enable observability with Prometheus, Grafana, Loki, Tempo, and more

  • Orchestrate complex application stacks, including observability and big data

  • Secure secrets using SealedSecrets

By treating Git as the single source of truth, the platform ensures infrastructure and application changes are version-controlled, traceable, and fully auditable—enhancing both collaboration and reliability.

Architecture and Key Components

key components

The platform is composed of several key components:

  • Git Repository – Stores all Kubernetes manifests and configurations

  • Argo CD – GitOps delivery controller that syncs Git changes to Kubernetes

  • Resource Generator – CLI tool that generates Kubernetes manifests from templates

  • Service Foundry Builder – Kubernetes job that runs the generator and creates Argo CD applications

  • Service Foundry Console – Web interface for managing and monitoring applications

  • Service Foundry Backend – API layer that integrates Git repositories and Argo CD

Service Foundry Console

service foundry console

The Service Foundry Console offers an intuitive, web-based interface to manage your entire GitOps workflow.

GitOps Management

  • Managed Applications – Browse and control all deployed apps across environments

  • Enterprise Applications – Deploy private, internal applications with full GitOps lifecycle management

  • Open Source Software – Install and manage public OSS applications using Helm and GitOps

  • GitOps Applications – View and manage raw GitOps applications defined in Git repositories

Kubernetes Stack Orchestration

  • Framework Core – Core services like Argo CD, SealedSecrets, Keycloak, Traefik, and Service Foundry Console

  • Shared Components – Shared operators like cert-manager, prometheus-operator, opentelemetry-operator, and spark-operator

  • Observability Stack – End-to-end observability powered by OpenTelemetry, Prometheus, Grafana, Tempo, Loki, and more

  • SSO Stack – Unified authentication and authorization using Keycloak and OAuth2 Proxy

  • Spring Backend Stack – End-to-end orchestration for Spring Boot apps, PostgreSQL, Redis, RabbitMQ, etc. (WIP)

  • Big Data Stack – Apache Airflow, Spark, OpenSearch, Neo4j, Dbt, MinIO, and other big data tools (WIP)

GitOps Workflow with Argo CD

GitOps is a declarative approach to infrastructure and application management. All changes are made via pull requests to Git, and Argo CD continuously syncs the desired state to Kubernetes.

Argo CD Application Types

  • Kustomize Applications – Manages base + overlays for different environments

  • Helm Applications – Uses Helm charts for reusable, parameterized deployments

Both types are supported by Service Foundry Builder, allowing teams to choose based on their needs.

Managing Applications with GitOps

managed applications

The platform empowers users to manage Kubernetes applications using GitOps principles—without requiring direct access to the Git repository.

Through the Service Foundry Console, users can:

  • View the status and health of all Argo CD applications

  • Manage both enterprise and open-source workloads

  • Uninstall applications as needed

  • Edit Kubernetes manifests using the built-in web editor

When edits are made through the Console, the framework automatically handles the Git workflow, including:

  • Updating files in the repository

  • Committing the changes

  • Pushing them to the appropriate Git branch

Argo CD then detects these updates and syncs them to the cluster automatically. This seamless workflow ensures users can safely and efficiently manage applications without ever needing to use Git manually—streamlining the developer and operator experience.

Managing Custom Enterprise Applications

enterprise applications

Deploy internal applications using private registries and GitOps pipelines:

  • Application manifests stored in a private Git repository

  • Secrets encrypted using SealedSecrets

SealedSecrets for Secure Secrets Management

encrypted secrets

Secrets are encrypted using a public key and committed to Git. Only the SealedSecrets controller in your cluster can decrypt them, ensuring secure delivery of credentials and tokens.

Managing Open Source Software

opensource software

Install and manage open-source tools from public registries. Service Foundry automates generation of Helm/Kustomize files and applies them through GitOps pipelines.

Managing GitOps-Only Applications

gitops applications

View, edit, and delete raw GitOps applications directly. This section supports full lifecycle operations for any manifests stored in the Git repository.

Kubernetes Stack Orchestration

For complex workloads, the platform offers predefined orchestration profiles that bundle related components into stacks for easier deployment.

Framework Core

framework core

Essential services installed during initial setup:

  • Argo CD

  • SealedSecrets

  • Keycloak

  • Traefik

  • Service Foundry Console and Backend

Shared Components

shared components

Cluster-wide services used across multiple stacks:

  • cert-manager

  • prometheus-operator

  • opentelemetry-operator

  • spark-operator

Observability Stack

observability

Supports monitoring, logging, and tracing via:

  • Cassandra

  • Jaeger

  • Prometheus

  • Grafana

  • OpenSearch

  • OpenSearch Data Prepper

  • OpenSearch Dashboards

  • OpenTelemetry Collector

  • Kubelet Cadvisor Collector

  • Tempo

  • Loki

  • MinIO or S3 as storage backend

Profiles

  • Dev – Lightweight setup for development

  • Staging – Includes OpenSearch and S3 storage

  • Production – Full-scale stack with Jaeger, Cassandra, and observability at scale

Single Sign-On (SSO) Stack

single sign on

Built with:

  • Keycloak – Identity Provider

  • OAuth2 Proxy – Session-based auth proxy

  • Traefik – Secure ingress controller

All ingress hosts are automatically registered with Keycloak for SSO. Sessions are shared across all SSO-enabled apps for seamless login experiences.

Conclusion

Service Foundry’s GitOps platform empowers teams to collaboratively manage Kubernetes workloads with confidence, consistency, and security. By integrating tools like Argo CD, SealedSecrets, and Helm into a unified platform, it removes complexity from Kubernetes and enables:

  • Declarative infrastructure management

  • Auditable application changes

  • End-to-end application lifecycle control

  • Enterprise-ready authentication and observability

  • Web-based management via the Service Foundry Console

By anchoring all changes in Git, teams gain full visibility, history, and rollback capability—turning Kubernetes into a manageable and collaborative platform.