baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
29 Commits 1 Branch 0 Tags
7c4e047299fa5597f1f8fd2b8fc205f378dac625
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Masaki Yatsu 7c4e047299 chore(env): set multiple env vars
2025-08-21 13:56:25 +09:00
debug
fix(k8s): fix enabling OIDC auth
2025-08-15 15:29:07 +09:00
env
chore(env): set multiple env vars
2025-08-21 13:56:25 +09:00
k8s
chore(k8s): rename enable-oidc -> setup-oidc-auth
2025-08-17 15:19:59 +09:00
keycloak
fix(keycloak): fix installation errors
2025-08-16 15:46:24 +09:00
longhorn
feat(longhorn): add longhorn
2025-08-14 16:11:30 +09:00
postgres
fix(postgres): grant create on schema public
2025-08-20 20:46:47 +09:00
utils
chore(utils): add utils module
2025-08-14 21:18:04 +09:00
vault
chore(env): set multiple env vars
2025-08-21 13:56:25 +09:00
.gitignore
chore: add CLAUDE.md
2025-08-19 16:32:48 +09:00
.markdownlint.yaml
docs: write README
2025-08-17 15:54:15 +09:00
CLAUDE.md
chore: add CLAUDE.md
2025-08-19 16:32:48 +09:00
custom-example.just
chore: initial commit
2025-08-13 14:30:55 +09:00
justfile
feat: add keycloak and postgres
2025-08-15 11:21:54 +09:00
LICENSE
chore: add license file
2025-08-14 16:10:20 +09:00
mise.toml
feat(vault): add vault
2025-08-14 21:19:00 +09:00
package-lock.json
feat(vault): add vault
2025-08-14 21:19:00 +09:00
package.json
feat(vault): add vault
2025-08-14 21:19:00 +09:00
README.md
docs: link to youtube and dev.to
2025-08-20 14:28:12 +09:00

README.md

buun-stack

A Kubernetes development stack for self-hosted environments, designed to run on a Linux machine in your home or office that you can access from anywhere via the internet.

📺 Watch the setup tutorial on YouTube | 📝 Read the detailed guide on Dev.to

Features

  • Kubernetes Distribution: k3s lightweight Kubernetes
  • Storage: Longhorn distributed block storage
  • Identity & Access: Keycloak for OIDC authentication
  • Secrets Management: HashiCorp Vault
  • Database: PostgreSQL cluster
  • Remote Access: Cloudflare Tunnel for secure internet connectivity
  • Automation: Just task runner with templated configurations

Prerequisites

  • Linux PC (low power consumption recommended)
  • DNS and tunnel managed by Cloudflare
  • Local development machine (Linux or macOS preferred)

Quick Start

  1. Clone the repository

    git clone https://github.com/buun-ch/buun-stack
cd buun-stack

  2. Install required tools

    mise install
mise ls -l  # Verify installation

  3. Configure environment

    just env::setup  # Creates .env.local with your configuration

  4. Install Kubernetes cluster

    just k8s::install
kubectl get nodes  # Verify cluster is running

  5. Set up Cloudflare Tunnel

    • Create tunnel in Cloudflare dashboard
    • Configure public hostnames:
      • ssh.yourdomain.com → SSH localhost:22
      • vault.yourdomain.com → HTTPS localhost:443 (no TLS verify)
      • auth.yourdomain.com → HTTPS localhost:443 (no TLS verify)
      • k8s.yourdomain.com → HTTPS localhost:6443 (no TLS verify)

  6. Install core components

    just longhorn::install   # Storage layer
just vault::install      # Secrets management
just postgres::install   # Database
just keycloak::install   # Identity provider

  7. Configure authentication

    just keycloak::create-realm
just vault::setup-oidc-auth
just keycloak::create-user
just k8s::setup-oidc-auth

Core Components

k3s

Lightweight Kubernetes distribution optimized for edge computing and resource-constrained environments.

Longhorn

Enterprise-grade distributed storage system providing:

  • Highly available block storage
  • Backup and disaster recovery
  • No single point of failure
  • Support for NFS persistent volumes

HashiCorp Vault

Centralized secrets management offering:

  • Secure secret storage
  • Dynamic secrets generation
  • Encryption as a service

Keycloak

Open-source identity and access management providing:

  • Single Sign-On (SSO)
  • OIDC/OAuth2 authentication
  • User federation and identity brokering

PostgreSQL

Production-ready relational database for:

  • Keycloak data storage
  • Application databases

Task Management

All operations are managed through just recipes. Key commands include:

just                     # Show all available commands
just env::setup          # Configure environment
just k8s::install        # Install Kubernetes
just keycloak::create-user <username>  # Create a new user

Remote Access

Once configured, you can access your cluster from anywhere:

# SSH access
ssh ssh.yourdomain.com

# Kubernetes API
kubectl --context yourpc-oidc get nodes

# Web interfaces
# Vault: https://vault.yourdomain.com
# Keycloak: https://auth.yourdomain.com

Customization

Create a custom.just file to add your own recipes and workflows. The system will automatically import this file if it exists.

Troubleshooting

  • Check logs: kubectl logs -n <namespace> <pod-name>

License

MIT License - See LICENSE file for details

Description
No description provided
Readme MIT 1.2 MiB
Languages
Just 73.4%
TypeScript 12.4%
Python 10.3%
Dockerfile 1.7%
Shell 1.2%
Other 1%