Pneuma animates Corpus projects into workload environments: GKE clusters, cert-manager, Istio service mesh, Datadog cluster monitoring, and OPA Gatekeeper policy enforcement.
Pneuma deploys and operates the Kubernetes runtime layer across multiple zones for high availability. It is the layer that brings the platform to life — running the workloads, enforcing policy, and providing the service mesh fabric that enables secure service-to-service communication.
Platform Repositories 🏗️
Pneuma
This repository manages GKE clusters, Istio service mesh, cert-manager, Datadog monitoring, OPA Gatekeeper, and namespace onboarding.
What Pneuma Manages
Kubernetes Engine
Provisions GKE clusters across multiple zones with Workload Identity, KMS encryption, and CIS GKE Benchmark hardening. Currently active zones: us-east1-b and us-east4-b.
cert-manager
Deploys cert-manager on GKE for automated X.509 certificate management using Istio CSR integration.
Istio
Deploys Istio service mesh with ingress gateway, Cloud Armor WAF/DDoS protection, SSL policy, and optional mTLS via intermediate CA.
Datadog Operator
Deploys the Datadog Kubernetes Operator for cluster monitoring, APM, and observability configuration via Kubernetes CRDs.
OPA Gatekeeper
Deploys Open Policy Agent Gatekeeper for policy enforcement using constraint templates on Kubernetes resources during creation and update operations.
