{"id":28440051,"url":"https://github.com/bakseter/whpah","last_synced_at":"2025-07-14T23:03:26.593Z","repository":{"id":266080952,"uuid":"896063508","full_name":"bakseter/whpah","owner":"bakseter","description":"A dirt cheap Kubernetes developer platform using Argo CD, Hetzner Cloud, and Terraform Cloud.","archived":false,"fork":false,"pushed_at":"2025-07-13T04:50:42.000Z","size":314,"stargazers_count":1,"open_issues_count":4,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-13T06:35:39.187Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bakseter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-11-29T13:22:30.000Z","updated_at":"2025-05-26T10:33:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"d3140234-7dad-4f71-bfc5-67f0724fe065","html_url":"https://github.com/bakseter/whpah","commit_stats":null,"previous_names":["bakseter/platform","bakseter/whpat","bakseter/whpah"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bakseter/whpah","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakseter%2Fwhpah","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakseter%2Fwhpah/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakseter%2Fwhpah/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakseter%2Fwhpah/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bakseter","download_url":"https://codeload.github.com/bakseter/whpah/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bakseter%2Fwhpah/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265365543,"owners_count":23753349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-06T03:07:04.635Z","updated_at":"2025-07-14T23:03:26.577Z","avatar_url":"https://github.com/bakseter.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WHPAH\n\n**W**e **H**ave **P**latform **A**t **H**ome — a dirt cheap Kubernetes developer platform using Argo CD, Hetzner Cloud, and Terraform Cloud.\n\n## What is this?\n\nAfter discovering [kube-hetzner](https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner) and falling in love with Argo CD,\nI was amazed at how easily you can deploy a Kubernetes-based platform using only Cloud Native and open-source technologies.\n\nFollowing the steps below, you can create your own Kubernetes-based platform in a matter of minutes.\n\nThis is what you get:\n\n- Hetzner Cloud k3s cluster, using kube-hetzner 🚀\n  - Traefik ingress controller 🚦\n  - cert-manager for TLS certificates 🔒\n- Argo CD for GitOps 🐙\n- Sealed Secrets for secrets management 🤐\n- Keel for automatic image updates 🔄\n\n# Create Your Own Platform!\n\n## Get the Configuration\n\n**1.** Fork this repository.\n\n**2.** Run the script `./scripts/clean.sh` to get a base version of the platform:\n\n```bash\n./scripts/clean.sh\n```\n\n**3.** Create a Hetzner Cloud project, and get an API token with read/write access.\nYou will use this token later.\n\n```bash\nhcloud context create platform\n```\n\n## Option 1: Local Terraform\n\n**1.** Install [Terraform](https://developer.hashicorp.com/terraform/install) and [Packer](https://developer.hashicorp.com/packer/tutorials/docker-get-started/get-started-install-cli).\n\n**2.** Remove the entire `.github` folder from the repository:\n\n```bash\nrm -rf .github\n```\n\nPut your Hetzner Cloud API token in a file name `terraform.tfvars` under the `terraform` folder:\n\n```hcl\n# terraform/terraform.tfvars\nhcloud_token = \"\u003cmy api token\u003e\"\n```\n\n**3.** Create an ED25519 SSH key pair and save them in the `terraform/terraform.tfvars` file:\n\n```bash\nssh-keygen -t ed25519 -f ~/.ssh/my-platform\ncat ~/.ssh/my-platform.pub # public key\ncat ~/.ssh/my-platform # private key\n```\n\n```hcl\n# terraform/terraform.tfvars\nhcloud_token = \"\u003cmy api token\u003e\"\nssh_public_key = \"\u003cpublic key\u003e\"\nssh_private_key = \u003c\u003cEOF\n---BEGIN OPENSSH PRIVATE KEY-----\n...\n-----END OPENSSH PRIVATE KEY-----\nEOF\n```\n\n**4.** Generate the VM images for the Hetzner Cloud cluster:\n\n```bash\nexport HCLOUD_TOKEN=\u003cmy api token\u003e\n./scripts/packer.sh\n```\n\n**5.** Run Terraform to create the Hetzner Cloud cluster:\n\n```bash\ncd terraform\nterraform init\nterraform apply\n```\n\n**6.** Get the kubeconfig file from the Terraform output:\n\n```bash\nterraform output -raw kubeconfig \u003e /tmp/hetzner-kubeconfig\n```\n\nSee [Configure access via kubectl](#configure-access-via-kubectl) for more details.\n\n## Option 2: Terraform Cloud\n\n**1.** Sign up for Terraform Cloud (free), and create a project named `platform`.\nTerraform Cloud username/organization should be the same as your GitHub username/organization.\nIf not, you will need to edit `.github/workflows/deploy.yml` to use the correct organization.\n\n**2.** Save your Hetzner Cloud API token as both GitHub secret named `HCLOUD_TOKEN`\nand as a Terraform Cloud variable with name `hcloud_token`.\n\n**3.** Get API token from Terraform Cloud and save as GitHub secret with name `TF_API_TOKEN`.\n\n**4.** Create an ED25519 SSH key pair and save them as the two Terraform Cloud variables `ssh_public_key` and `ssh_private_key`:\n\n```bash\nssh-keygen -t ed25519 -f ~/.ssh/my-platform\ncat ~/.ssh/my-platform.pub # public key\ncat ~/.ssh/my-platform # private key\n```\n\n**5.** Push to `master`, triggering GitHub Actions to build and deploy the platform using Packer, Terraform and Argo CD.\nRemember to enable GitHub Actions for your forked repository.\n\n## Next steps\n\n### Configure access via kubectl\n\nIf you are using Terraform Cloud, you will need to first authenticate against Terraform Cloud with the following command:\n\n```bash\nterraform login\n```\n\n#### Method 1: overwrite default kubeconfig\n\n**WARNING:** This will overwrite your existing kubeconfig file.\n\n```bash\ncd terraform\nterraform output -raw kubeconfig \u003e ~/.kube/config\n\nkubectl config use-context k3s\n```\n\n#### Method 2: merge kubeconfig files\n\n```bash\ncd terraform\nterraform output -raw kubeconfig \u003e /tmp/hetzner-kubeconfig\n\nexport KUBECONFIG=~/.kube/config:/tmp/hetzner-kubeconfig\nkubectl config view --flatten \u003e ~/.kube/config\n\nkubectl config use-context k3s\n```\n\n### Configure Traefik to use your domain\n\n**1.** Buy a domain.\n\n**2.** Create a DNS A record pointing to the external IP address(es) of Traefik's load balancer using your domain registrar.\nYou can get the external IP address(es) with the following command:\n\n```bash\nkubectl -n traefik get service traefik -o wide\n```\n\n**3.** Wait for the DNS record to propagate.\n\n#### Caveats\n\nSince we are using Klipper for load-balancing, you may get multiple IP addresses (one for each node).\nIf you have multiple IPs, create mulitple A records for your domain ([round-robin DNS](https://www.cloudflare.com/learning/dns/glossary/round-robin-dns)).\n\nIf you want to have only one IP address, configure kube-hetzner to use a Hetzner Load Balancer instead of Klipper (more expensive).\n\n### Access Argo CD\n\nAfter DNS propagation, you can access Argo CD at `https://argocd.example.com` (replace `example.com` with your domain given to `./scripts/clean.sh` earlier).\n\n#### Access Argo CD via port forwarding to localhost\n\nIf you want to access Argo CD before DNS propagation, you can use port forwarding:\n\n```bash\nkubectl -n argocd port-forward svc/argocd-server 8080:443\n```\n\n**1.** Open Argo CD in your browser at `https://localhost:8080`.\n\n**2.** To log in, use the username `admin` and the password stored in the secret `argocd-initial-admin-secret` in the `argocd` namespace.\nYou can get the password with the following command:\n\n```bash\nkubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d ; echo\n```\n\n# Deploy applications\n\nAny folder created under `manifests/applications/` will create a new Argo CD application.\nAny Kubernetes manifests (i.e. yaml) placed under `manifests/applications/\u003capp-name\u003e/` will be deployed to the cluster.\n\nExample:\n\n```bash\nmkdir -p manifests/applications/my-app\n\ncat \u003c\u003cEOF \u003e manifests/applications/my-app/pod.yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: nginx\n  namespace: my-app\nspec:\n    containers:\n    - name: nginx\n      image: nginx:latest\nEOF\n```\n\n# Deploy cluster-addons (Helm charts)\n\nThe same pattern is used for cluster-addons, however, we usually create an umbrella chart for the cluster-addons.\nSee the `manifests/cluster-addons` folder for examples.\n\n# License\n\nThis project is licensed under the GPL-3.0 License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbakseter%2Fwhpah","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbakseter%2Fwhpah","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbakseter%2Fwhpah/lists"}