About

Kiunzi is an opinionated framework for building secure, production‑ready cloud‑native applications. It standardises how teams design, build, deploy, and operate systems by combining proven architectural patterns with strong security and platform defaults across the entire lifecycle, from developer workstation to Kubernetes cluster.

What Kiunzi is opinionated about

Application architecture

• Microservices with clear domain boundaries
• Backend-for-Frontend (BFF) pattern to decouple client concerns from core services
• REST and GraphQL APIs, used deliberately where each fits best
• Reactive components to support scalable, and non-blocking workloads

Identity & security

• OIDC-first authentication and authorisation as non-negotiable baseline
• Secrets managemetn via HashiCorp Vault, treating secrets as runtime concerns, not configuration
• Sealed Secrets used only for bootstrap credentials that cannot initially live in Vault (for example: Azure Key Vault client credentials used to auto unseal Vault)

Platform & runtime

• Kubernetes as the default operational substrate, not an optional target
• Strong seperation between workloads, infrastructure, and cluster concerns
• Everything designed to be observable, auditable, and replaceable

Infrastructure & delivery

• Infrastructure as Code (Terraform) for Argo CD and Sealed Secrets installation
• GitOps with Argo CD as the single delivery mechanism for both applications and platform configuration
• No imperative deployments; Git is the only source of truth

Developer experience

• Developer workstations defined with DSC (Desired State Configuration) to ensure:
  • Repeatable onboarding
  • Consistent tooling
  • Minimal “works on my machine” drift
• The same standards applied locally and in production whenever possible