baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78 Commits 1 Branch 0 Tags
d5615fce2cee87f0031b96f9064f2ed327b104f5
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Masaki Yatsu d5615fce2c fix(env): setup order
2025-09-07 23:10:32 +09:00
custom-example
example(miniflux): add custom recipe example: miniflux
2025-09-07 22:02:20 +09:00
debug
fix(k8s): fix enabling OIDC auth
2025-08-15 15:29:07 +09:00
docs
feat(jupyterhub): vault token w/o keycloak auth
2025-09-03 10:11:06 +09:00
env
fix(env): setup order
2025-09-07 23:10:32 +09:00
external-secrets
feat(external-secrets): add External Secrets Operator
2025-08-29 23:08:15 +09:00
jupyterhub
fix(jupyterhub): setting token ttl
2025-09-06 20:56:15 +09:00
k8s
fix(k8s): copy regcred
2025-09-07 21:35:20 +09:00
keycloak
feat(keycloak): set client session idle/max
2025-09-03 11:19:27 +09:00
longhorn
feat(longhorn): add longhorn
2025-08-14 16:11:30 +09:00
minio
feat(minio): use ESO
2025-08-30 16:09:05 +09:00
postgres
fix(postgres): dump and restore
2025-09-07 22:54:42 +09:00
python-package
feat(jupyterhub): SecretStore.list_fieds()
2025-09-06 20:56:00 +09:00
utils
chore(utils): add utils module
2025-08-14 21:18:04 +09:00
vault
chore(vault): tweak console output
2025-09-04 15:03:30 +09:00
.gitignore
example(reddit-rss): add custom recipe example: reddit-rss
2025-09-07 21:48:00 +09:00
.markdownlint.yaml
docs: write jupyterhub doc
2025-08-31 22:34:11 +09:00
CLAUDE.md
chore: update CLAUDE.md
2025-09-03 10:11:44 +09:00
custom-example.just
example(reddit-rss): add custom recipe example: reddit-rss
2025-09-07 21:48:00 +09:00
INSTALLATION.md
docs: write about ESO, MinIO and JupyterHub
2025-08-30 16:23:50 +09:00
justfile
feat(minio): add MinIO
2025-08-30 15:53:42 +09:00
LICENSE
chore: add license file
2025-08-14 16:10:20 +09:00
mise.toml
feat(jupyterhub): vault token w/o keycloak auth
2025-09-03 10:11:06 +09:00
package-lock.json
feat(vault): add vault
2025-08-14 21:19:00 +09:00
package.json
feat(vault): add vault
2025-08-14 21:19:00 +09:00
README.md
docs: write about custom recipes
2025-09-07 22:08:03 +09:00

README.md

buun-stack

A Kubernetes development stack for self-hosted environments, designed to run on a Linux machine in your home or office that you can access from anywhere via the internet.

📺 Watch the setup tutorial on YouTube | 📝 Read the detailed guide on Dev.to

Features

  • Kubernetes Distribution: k3s lightweight Kubernetes
  • Storage: Longhorn distributed block storage
  • Identity & Access: Keycloak for OIDC authentication
  • Secrets Management: HashiCorp Vault with External Secrets Operator
  • Database: PostgreSQL cluster
  • Object Storage: MinIO S3-compatible storage
  • Data Science: JupyterHub for collaborative notebooks
  • Remote Access: Cloudflare Tunnel for secure internet connectivity
  • Automation: Just task runner with templated configurations

Quick Start

For detailed step-by-step instructions, see the Installation Guide.

  1. Clone and configure

    git clone https://github.com/buun-ch/buun-stack
cd buun-stack
mise install
just env::setup

  2. Deploy cluster and services

    just k8s::install
just longhorn::install
just vault::install
just postgres::install
just keycloak::install

  3. Configure authentication

    just keycloak::create-realm
just vault::setup-oidc-auth
just keycloak::create-user
just k8s::setup-oidc-auth

Core Components

k3s

Lightweight Kubernetes distribution optimized for edge computing and resource-constrained environments.

Longhorn

Enterprise-grade distributed storage system providing:

  • Highly available block storage
  • Backup and disaster recovery
  • No single point of failure
  • Support for NFS persistent volumes

HashiCorp Vault

Centralized secrets management offering:

  • Secure secret storage
  • Dynamic secrets generation
  • Encryption as a service
  • Integration with External Secrets Operator for automatic Kubernetes Secret synchronization

Keycloak

Open-source identity and access management providing:

  • Single Sign-On (SSO)
  • OIDC/OAuth2 authentication
  • User federation and identity brokering

PostgreSQL

Production-ready relational database for:

  • Keycloak data storage
  • Application databases

External Secrets Operator

Kubernetes operator for syncing secrets from external systems:

  • Automatically syncs secrets from Vault to Kubernetes Secrets
  • Supports multiple secret backends
  • Provides secure secret rotation and lifecycle management

MinIO

S3-compatible object storage system providing:

  • High-performance distributed object storage
  • AWS S3 API compatibility
  • Erasure coding for data protection
  • Multi-tenancy support

JupyterHub

Multi-user platform for interactive computing:

  • Collaborative Jupyter notebook environment
  • Integrated with Keycloak for OIDC authentication
  • Persistent storage for user workspaces
  • Support for multiple kernels and environments
  • Vault integration for secure secrets management

See JupyterHub Documentation for detailed setup and configuration.

Common Operations

User Management

Create additional users:

just keycloak::create-user

Add user to group:

just keycloak::add-user-to-group <username> <group>

Database Management

Create database:

just postgres::create-db <dbname>

Create database user:

just postgres::create-user <username>

Grant privileges:

just postgres::grant <dbname> <username>

Secret Management

Store secrets in Vault:

just vault::put <path> <key>=<value>

Retrieve secrets:

just vault::get <path> <field>

Remote Access

Once configured, you can access your cluster from anywhere:

# SSH access
ssh ssh.yourdomain.com

# Kubernetes API
kubectl --context yourpc-oidc get nodes

# Web interfaces
# Vault: https://vault.yourdomain.com
# Keycloak: https://auth.yourdomain.com

Customization

Adding Custom Recipes

You can extend buun-stack with your own Just recipes and services:

  1. Copy the example files:

    cp custom-example.just custom.just
cp -r custom-example custom

  2. Use the custom recipes:

    # Install reddit-rss
just custom::reddit-rss::install

# Install Miniflux feed reader
just custom::miniflux::install

  3. Create your own recipes:

Add new modules to the custom/ directory following the same pattern as the examples. Each module should have its own justfile with install, uninstall, and other relevant recipes.

The custom.just file is automatically imported by the main Justfile if it exists, allowing you to maintain your custom workflows separately from the core stack.

Troubleshooting

  • Check logs: kubectl logs -n <namespace> <pod-name>

License

MIT License - See LICENSE file for details

Description
No description provided
Readme MIT 1.2 MiB
Languages
Just 73.4%
TypeScript 12.4%
Python 10.3%
Dockerfile 1.7%
Shell 1.2%
Other 1%