Open Source · MIT License · Ready to Use

Deploy. Secure. Monitor. Ship.

A production-grade DevOps template for students and junior engineers. Terraform + Ansible + k3s + GitLab CI/CD + full observability stack — all wired up and ready to deploy.

⭐ View on GitHub → See the pipeline

bash — quick start

# 1. Clone the template

git clone https://github.com/sedatarverdyan/devops-lab-template

cd devops-lab-template

# 2. Set your server IP in terraform/variables.tf

nano terraform/variables.tf

# 3. Run full setup (Terraform → Ansible → k8s)

bash scripts/init-server.sh

✓ k3s cluster ready

✓ Prometheus + Grafana + Loki deployed

✓ GitLab CI/CD pipeline configured

✓ Security scanning enabled

✓ Your infrastructure is live 🚀

10+

tools integrated

pipeline stages

security scanners

~15min

to full deployment

The Stack

Everything you need,
nothing you don't.

Each tool is pre-configured and wired to work together out of the box.

🏗️

Terraform

Infrastructure as Code

Documents server specs, generates Ansible inventory, creates project structure.

⚙️

Ansible

Configuration Management

Configures the server, installs k3s, deploys the full monitoring stack.

☸️

k3s

Lightweight Kubernetes

Runs all workloads. Full Kubernetes API, minimal footprint.

🔄

GitLab CI/CD

Automation Pipeline

Automates build → security scan → deploy on every push to main.

📊

Prometheus

Metrics Collection

Collects metrics from the cluster, nodes, and all running pods.

📈

Grafana

Visualization

Metrics, logs, and traces in one place. Pre-loaded dashboards included.

📋

Loki

Log Aggregation

Aggregates logs from all pods. Query with LogQL in Grafana Explore.

🔍

Tempo

Distributed Tracing

Collects traces from instrumented apps via OpenTelemetry.

CI/CD Pipeline

Push code.
Everything else is automatic.

5 stages run on every push. Security gates block bad code before it reaches production.

validate

🔵 terraform fmt

🔵 ansible lint

🔵 helm lint

→

build

🟡 docker build

🟡 push registry

→

security

🔴 SAST scan

🔴 SCA scan

🔴 secrets scan

→

deploy

🟢 kubectl apply

🟢 helm upgrade

→

verify

✅ health checks

✅ smoke tests

Security Scanning

Three layers of
protection, automated.

All three scanners run in parallel on every push. Any failure blocks deployment.

SAST Semgrep

Static analysis that reads your source code without running it. Finds security bugs before they ship.

SQL injection command injection insecure patterns XSS

SCA Trivy

Scans your dependencies and container images against the CVE database. Catches outdated libraries.

CVE vulnerabilities outdated packages IaC misconfigs

SECRETS Gitleaks

Scans your entire git history for accidentally committed credentials, API keys, and tokens.

AWS keys GitHub tokens passwords private keys

Deploy. Secure. Monitor. Ship.

Ready to use it?