{"id":49354530,"url":"https://github.com/bytestrix/infracanvas","last_synced_at":"2026-05-25T11:01:12.806Z","repository":{"id":351949427,"uuid":"1213143912","full_name":"bytestrix/InfraCanvas","owner":"bytestrix","description":"Live Docker \u0026 Kubernetes infrastructure visualization — containers, pods, volumes, and networks in one visual map. No VPN, no inbound ports. ","archived":false,"fork":false,"pushed_at":"2026-04-26T18:51:03.000Z","size":9794,"stargazers_count":28,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-26T19:22:37.934Z","etag":null,"topics":["developer-tools","devops","devops-platform","devops-tools","docker","golang","infrastructure","kubernetes","monitoring","nextjs","self-hosted","visualization"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bytestrix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-17T04:52:59.000Z","updated_at":"2026-04-26T18:51:07.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bytestrix/InfraCanvas","commit_stats":null,"previous_names":["bytestrix/infracanvas"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/bytestrix/InfraCanvas","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytestrix%2FInfraCanvas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytestrix%2FInfraCanvas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytestrix%2FInfraCanvas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytestrix%2FInfraCanvas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bytestrix","download_url":"https://codeload.github.com/bytestrix/InfraCanvas/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytestrix%2FInfraCanvas/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32337274,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["developer-tools","devops","devops-platform","devops-tools","docker","golang","infrastructure","kubernetes","monitoring","nextjs","self-hosted","visualization"],"created_at":"2026-04-27T13:00:17.401Z","updated_at":"2026-05-25T11:01:12.794Z","avatar_url":"https://github.com/bytestrix.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eInfraCanvas\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\u003cstrong\u003eA live, visual map of everything running on a server — installed with one command.\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/bytestrix/InfraCanvas/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/bytestrix/InfraCanvas/actions/workflows/ci.yml/badge.svg\" alt=\"CI\"\u003e\u003c/a\u003e\n \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-AGPL_v3-blue.svg\" alt=\"License: AGPL v3\"\u003e\u003c/a\u003e\n \u003ca href=\"https://golang.org/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Go-1.21+-00ADD8.svg\" alt=\"Go 1.21+\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"docs/demo.gif\" alt=\"InfraCanvas demo\" width=\"960\" /\u003e\n\u003c/p\u003e\n\n---\n\nInfraCanvas is a single Go binary you run on any Linux machine. It discovers every container, pod, volume, network, and deployment on that host and serves a live visual dashboard you open in your browser. No Docker required, no extra services to host, no setup.\n\n```bash\ncurl -fsSL https://github.com/bytestrix/InfraCanvas/releases/latest/download/install.sh | bash\n```\n\nThat's the whole installation. The installer opens a free Cloudflare [quick-tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/trycloudflare/) and prints a public `https://*.trycloudflare.com` URL — paste it into any browser and you see the dashboard. No firewall change, no signup, no SSH.\n\n---\n\n## How it works\n\n```\n ┌─────────────────────────────────────────┐\n │ your-vm │\n │ │\n │ ┌────────────────────────────────┐ │\n │ │ infracanvas (single binary) │ │\n │ │ ├── discovery agent │ │\n │ │ ├── WebSocket relay │ │\n │ │ └── embedded dashboard UI │ │\n │ └────────────────────────────────┘ │\n │ ▲ 127.0.0.1:7777 │\n │ │ │\n │ ┌────────┴───────┐ │\n │ │ cloudflared │ outbound only │\n │ └────────┬───────┘ │\n └────────────┼────────────────────────────┘\n │ Cloudflare quick-tunnel\n ▼\n ┌──────────┐\n │ laptop │ → https://xyz.trycloudflare.com\n └──────────┘\n```\n\nOne binary, one URL. The dashboard, relay, and agent all run in the same process on the machine you're inspecting. A bundled `cloudflared` opens an outbound-only tunnel to Cloudflare's edge, which gives you a public HTTPS URL with no inbound firewall rule. Your laptop is just a browser.\n\nPrefer to expose the port directly? Pass `--no-tunnel` to bind `0.0.0.0:7777` (you'll need to allow inbound TCP in your cloud security group). Add `--private` to bind `127.0.0.1` instead and reach the dashboard via SSH tunnel.\n\n---\n\n## Quick start (any Linux VM)\n\n```bash\nssh user@your-vm\ncurl -fsSL https://github.com/bytestrix/InfraCanvas/releases/latest/download/install.sh | bash\n```\n\nOutput ends with something like this:\n\n```\n✓ InfraCanvas installed and running\n\n Open in your browser:\n https://shy-pine-2f1a.trycloudflare.com/?token=a8f3e2b1c9d4f02e\n\n This URL works from anywhere — Cloudflare's free quick-tunnel needs no\n firewall rule. The URL is ephemeral; it changes whenever the service\n restarts. Run with --no-tunnel for a stable URL on your own port.\n\n Auth token: a8f3e2b1c9d4f02e (saved in /etc/infracanvas/config.env)\n```\n\nOpen the URL, and you see your VM's infrastructure live.\n\n### Run multiple VMs\n\nEach VM is independent. Install on each, open the printed URL for each in a separate tab — no tunnel coordination needed. The binary is intentionally one-VM-per-dashboard.\n\n### Install options\n\n```bash\n# Custom port (default 7777) — only matters with --no-tunnel\ncurl -fsSL .../install.sh | bash -s -- --port 8888\n\n# Skip Cloudflare tunnel; bind 0.0.0.0:7777 directly (open the port in your SG)\ncurl -fsSL .../install.sh | bash -s -- --no-tunnel\n\n# Bind 127.0.0.1 only; reach via SSH tunnel (implies --no-tunnel)\ncurl -fsSL .../install.sh | bash -s -- --private\n\n# Pin a specific release\ncurl -fsSL .../install.sh | bash -s -- --version v0.4.0\n```\n\n### Run on your laptop too\n\nThe same binary works locally — build from source (see [Building from source](#building-from-source)), then:\n\n```bash\ninfracanvas serve\n# → https://*.trycloudflare.com/?token=… (or pass --no-tunnel for http://localhost:7777)\n```\n\nYou'll see your laptop's Docker containers and Kubernetes context (if any) on the canvas. Useful for development and demos.\n\n---\n\n## What you get\n\n- **Live topology graph** — every container, pod, service, volume, network drawn as connected nodes; updates every 30s.\n- **Health at a glance** — green/amber/red based on real container/pod state, alert banner when something is unhealthy.\n- **Container terminal** — open a shell inside any running container, in the browser.\n- **VM shell** — terminal on the host itself.\n- **Container logs** — color-coded, downloadable.\n- **Kubernetes actions** — rolling restart, scale, update image, all from the UI.\n- **Docker actions** — restart, stop, start, update image.\n- **Inspect everything** — env vars (with secrets masked), port mappings, volume mounts, image details.\n- **Export** — PNG screenshot or full JSON of the graph.\n\nSee the [features section](#all-features) for the full list.\n\n---\n\n## Security model\n\nThe dashboard, relay, and agent all run on the same machine, so there's no remote agent ↔ relay channel to secure. The two surfaces that matter:\n\n**1. The exposed URL.** Default mode binds `127.0.0.1:7777` and exposes it through a Cloudflare quick-tunnel — outbound-only from your VM, HTTPS-terminated at Cloudflare's edge. Anyone with the URL+token hits the dashboard. The URL is unguessable (random subdomain) but not secret — pair it with the auth token below. With `--no-tunnel` the binary binds `0.0.0.0` directly and anyone who reaches the IP/port hits the dashboard. With `--private`, it binds `127.0.0.1` only and you reach it via SSH tunnel.\n\n**2. The auth token.** Every install generates a random 24-character token (printed once, saved to `/etc/infracanvas/config.env`). The dashboard requires it on first visit (`?token=…`); after that it lives in an HTTP-only cookie. WebSocket calls also require the token. Without the token, every request returns `401`.\n\n**What the dashboard can do once authenticated:**\n- See the full topology of this machine\n- View container logs\n- Open a shell inside any container, or on the host\n- Run Docker and Kubernetes actions (restart, scale, update image)\n\nTreat the URL+token like an SSH key for the box. Anyone with both has the same effective power.\n\n**Secret redaction.** Environment variables whose names contain `SECRET`, `TOKEN`, `KEY`, `PASSWORD`, `CREDENTIAL`, `AUTH`, or `PASSWD` are replaced with `[REDACTED]` before they leave the discovery layer. File contents, database contents, and network traffic are never touched by InfraCanvas.\n\n**Service runs as you, not root.** When you install via `sudo …/install.sh`, the systemd unit is written with `User=$SUDO_USER` (and `Group=$SUDO_USER`). The agent inherits *your* `~/.kube/config` automatically — Kubernetes discovery just works for whatever cluster you can already `kubectl` against. If you're a member of the `docker` group, `SupplementaryGroups=docker` is added so Docker discovery works without sudo. Falling back to `root` only happens when there's no invoking user (rare). Net effect: no privilege escalation beyond what you can already do at the shell.\n\n---\n\n## Managing the service\n\n```bash\nsudo systemctl status infracanvas\nsudo systemctl restart infracanvas\nsudo systemctl stop infracanvas\nsudo journalctl -u infracanvas -f\n```\n\nConfig lives in `/etc/infracanvas/config.env`:\n\n```bash\nINFRACANVAS_UI_TOKEN=a8f3e2b1c9d4f02e\nINFRACANVAS_PORT=7777\nINFRACANVAS_TUNNEL=true\nINFRACANVAS_PRIVATE=false\n```\n\nEdit, then `sudo systemctl restart infracanvas`.\n\n### Uninstall\n\n```bash\ncurl -fsSL https://github.com/bytestrix/InfraCanvas/releases/latest/download/uninstall.sh | sudo bash\n```\n\nThe uninstaller stops and disables the systemd service, then removes:\n\n- `/usr/local/bin/infracanvas` — the binary\n- `/etc/systemd/system/infracanvas.service` — the unit\n- `/etc/infracanvas/` — config and auth token\n- `~/.cache/infracanvas/` — the bundled `cloudflared` binary (~30 MB), for the user the service ran as\n\nIf you cloned this repo, you can also run it locally:\n\n```bash\nsudo ./uninstall-agent.sh\n```\n\n---\n\n## All features\n\n### Canvas\n| Feature | What it does |\n|---|---|\n| Live topology graph | Every container, pod, service, volume, network drawn as nodes with edges showing relationships |\n| Real-time updates | Full snapshot on first connect, then only changes every 30s |\n| Grouped view | Nodes grouped by type (Containers, K8s Workloads, Storage…) — one card per group, click to expand |\n| Flat view | Every node laid out individually by type and relationship |\n| Filter chips | Show/hide Kubernetes, Docker, Host, Pods, Storage, Events |\n| Health colors | Green = healthy, amber = degraded, red = unhealthy |\n| Alert banner | Appears automatically when any group has unhealthy nodes |\n| Export PNG | Save the canvas as a high-res image |\n| Export JSON | Download the raw graph (nodes, edges, metadata) |\n\n### Containers and Docker\n| Feature | What it does |\n|---|---|\n| Container terminal | Full interactive shell inside any container |\n| Container logs | Last 200 lines, color-coded, downloadable |\n| Restart / Stop / Start | Run from the UI — executed by the in-process agent |\n| Update image | Set a new image tag and the agent pulls and recreates |\n| Environment variables | Shown with automatic secret masking |\n| Port mappings | Host ↔ container port pairs |\n| Volume mounts | Bind mounts and named volumes with paths |\n| Image details | Registry, tag, size, digest, which containers use it |\n\n### Kubernetes\n| Feature | What it does |\n|---|---|\n| Full resource graph | Cluster → Nodes → Namespaces → Deployments → Pods → Services → Ingress → PVCs |\n| Health from pod phase | Running/Pending/Failed → green/amber/red |\n| Rolling restart | `kubectl rollout restart` for Deployments, StatefulSets, DaemonSets |\n| Update image | Change the image for any Deployment |\n| Scale | Change replica count for Deployments and StatefulSets |\n| Pod logs | Fetch logs from any pod |\n| K8s events | Shown as nodes linked to the resources they affect |\n\n### Host\n| Feature | What it does |\n|---|---|\n| VM terminal | Interactive shell on the host (not inside a container) |\n| Host info | OS, kernel, CPU cores, memory, hostname |\n| Cloud detection | Identifies AWS / GCP / Azure / on-prem |\n| Environment detection | Infers prod/staging/dev from hostname patterns |\n\n---\n\n## Building from source\n\n**Requirements:** Go 1.21+, Node.js 20+\n\n```bash\ngit clone https://github.com/bytestrix/InfraCanvas.git\ncd InfraCanvas\n\nmake all # build dashboard + binary (with embedded UI)\n./bin/infracanvas # → http://localhost:7777/?token=…\n```\n\nOther useful targets:\n\n```bash\nmake build-frontend # build the dashboard, embed under pkg/webui/dist/\nmake build # build binary with embedded dashboard (requires dist/)\nmake build-stub # build with placeholder UI — fastest, for backend iteration\nmake release # cross-compile for linux/darwin × amd64/arm64\nmake test # run all Go tests\nmake clean # remove bin/ and embedded dashboard\n```\n\n### Project layout\n\n```\nInfraCanvas/\n├── cmd/infracanvas/cmd/\n│ ├── serve.go # `infracanvas serve` — boots relay + UI + agent\n│ ├── start.go # `infracanvas start` — agent-only mode\n│ ├── discover.go # one-shot CLI discovery\n│ └── …\n├── pkg/\n│ ├── agent/ # WebSocket agent: discover, diff, exec, actions\n│ ├── server/ # Relay: WebSocket broker, sessions, auth, static UI\n│ ├── webui/ # Embedded dashboard (build-tagged)\n│ │ ├── embed_full.go # `-tags embed_full` → embeds dist/\n│ │ ├── embed_stub.go # default → embeds placeholder/\n│ │ ├── placeholder/ # tracked: dev stub\n│ │ └── dist/ # gitignored: generated by `make build-frontend`\n│ ├── actions/ # Docker / K8s / Host action runners\n│ ├── discovery/ # docker, host, kubernetes\n│ ├── orchestrator/ # combines discovery sources into one snapshot\n│ ├── output/ # graph builder\n│ ├── relationships/ # edges between entities\n│ ├── health/ # health status calculation\n│ └── redactor/ # strips sensitive env vars\n├── frontend/\n│ ├── app/page.tsx # single-VM dashboard, auto-connects on mount\n│ ├── components/canvas/ # ReactFlow canvas, node detail panel, terminal, logs\n│ ├── lib/wsManager.ts # WS client, same-origin\n│ └── store/vmStore.ts # Zustand state\n├── install-agent.sh # one-command installer\n└── uninstall-agent.sh\n```\n\n### Releasing\n\nTag a version; the workflow cross-compiles, embeds the dashboard, and publishes binaries.\n\n```bash\ngit tag v0.5.0\ngit push origin v0.5.0\n```\n\n---\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md). Open an issue before a large PR. `make test` and `make lint` must pass, plus `cd frontend \u0026\u0026 npm run lint`.\n\nGood first issues: [`good first issue`](https://github.com/bytestrix/InfraCanvas/issues?q=is%3Aopen+label%3A%22good+first+issue%22).\n\n---\n\n## License\n\nGNU Affero General Public License v3.0 — see [LICENSE](LICENSE).\n\n- ✅ Free for any personal or internal company use\n- ✅ Fork, modify, redistribute — just keep changes open source\n- ❌ If you run this as a paid cloud service for customers, your modifications must be open source too\n\nThis protects against large companies repackaging the project without contributing back. Individual developers and internal company use are unaffected.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbytestrix%2Finfracanvas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbytestrix%2Finfracanvas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbytestrix%2Finfracanvas/lists"}