{"id":41532593,"url":"https://github.com/inferadb/deploy","last_synced_at":"2026-01-23T23:10:41.237Z","repository":{"id":331176487,"uuid":"1116025069","full_name":"inferadb/deploy","owner":"inferadb","description":"InferaDB deployment — GitOps for multi-region, multi-cloud Kubernetes","archived":false,"fork":false,"pushed_at":"2026-01-19T22:18:04.000Z","size":294,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-20T05:30:48.912Z","etag":null,"topics":["access-control","authorization","deployment","devops","docker","fine-grained-access-control","helm","inferadb","infrastructure-as-code","kubernetes","permissions","rebac","terraform","zanzibar"],"latest_commit_sha":null,"homepage":"https://inferadb.com","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/inferadb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-14T03:21:48.000Z","updated_at":"2026-01-19T22:16:17.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/inferadb/deploy","commit_stats":null,"previous_names":["inferadb/deploy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/inferadb/deploy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Fdeploy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Fdeploy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Fdeploy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Fdeploy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/inferadb","download_url":"https://codeload.github.com/inferadb/deploy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inferadb%2Fdeploy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28702943,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T17:25:48.045Z","status":"ssl_error","status_checked_at":"2026-01-23T17:25:47.153Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","authorization","deployment","devops","docker","fine-grained-access-control","helm","inferadb","infrastructure-as-code","kubernetes","permissions","rebac","terraform","zanzibar"],"created_at":"2026-01-23T23:10:40.476Z","updated_at":"2026-01-23T23:10:41.232Z","avatar_url":"https://github.com/inferadb.png","language":"HCL","readme":"\u003cdiv align=\"center\"\u003e\n    \u003cp\u003e\u003ca href=\"https://inferadb.com\"\u003e\u003cimg src=\".github/inferadb.png\" width=\"100\" /\u003e\u003c/a\u003e\u003c/p\u003e\n    \u003ch1\u003eInferaDB Deployment\u003c/h1\u003e\n    \u003cp\u003e\n        \u003ca href=\"https://discord.gg/inferadb\"\u003e\u003cimg src=\"https://img.shields.io/badge/Discord-Join%20us-5865F2?logo=discord\u0026logoColor=white\" alt=\"Discord\" /\u003e\u003c/a\u003e\n        \u003ca href=\"#license\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT%2FApache--2.0-blue.svg\" alt=\"License\" /\u003e\u003c/a\u003e\n    \u003c/p\u003e\n    \u003cp\u003eGitOps deployment for multi-region, multi-cloud Kubernetes\u003c/p\u003e\n\u003c/div\u003e\n\n\u003e [!IMPORTANT]\n\u003e Under active development. Not production-ready.\n\n## Architecture Overview\n\n- **OS**: Talos Linux (immutable, API-driven)\n- **Orchestration**: Kubernetes\n- **GitOps**: Flux CD\n- **IaC**: Terraform + OpenTofu\n- **CNI**: Cilium (with WireGuard encryption)\n- **Networking**: Tailscale mesh\n- **Secret Management**: External Secrets Operator + SOPS\n\n## Directory Structure\n\n```text\ndeploy/\n├── terraform/          # Infrastructure provisioning\n│   ├── modules/        # Reusable Terraform modules\n│   ├── environments/   # Environment-specific configs (dev, staging, production)\n│   └── regions/        # Regional cluster definitions\n├── flux/               # GitOps configurations\n│   ├── clusters/       # Cluster-specific Flux configs\n│   ├── infrastructure/ # Cluster infrastructure (CNI, operators, etc.)\n│   └── apps/           # Application deployments\n├── talos/              # Talos Linux configurations\n├── policies/           # Kyverno and network policies\n├── scripts/            # Deployment automation scripts\n├── runbooks/           # Operational runbooks\n├── alerts/             # Prometheus alerting rules\n├── slos/               # Service Level Objectives\n└── docs/               # Documentation and ADRs\n```\n\n## Quick Start\n\n### Local Development\n\nUse the [InferaDB CLI](https://github.com/inferadb/cli) for local development:\n\n```bash\n# Create local cluster and deploy InferaDB stack\ninferadb dev start\n\n# Show cluster status\ninferadb dev status\n\n# Tear down cluster\ninferadb dev stop --destroy\n```\n\nThe dev environment deploys:\n\n- **Ledger**: Single-node blockchain storage\n- **Engine**: Authorization policy engine\n- **Control**: Control plane API\n- **Dashboard**: Web console\n\nAccess services:\n\n```bash\nkubectl port-forward -n inferadb svc/inferadb-engine 8080:8080\nkubectl port-forward -n inferadb svc/inferadb-control 9090:9090\nkubectl port-forward -n inferadb svc/inferadb-dashboard 3000:3000\n```\n\n### Staging/Production Deployment\n\n```bash\n# Bootstrap a cluster\n./scripts/bootstrap-cluster.sh \u003cenvironment\u003e \u003cregion\u003e \u003cprovider\u003e\n\n# Example: staging NYC1 on AWS\n./scripts/bootstrap-cluster.sh staging nyc1 aws\n```\n\n## Environments\n\n| Environment | Regions              | Purpose                    |\n| ----------- | -------------------- | -------------------------- |\n| Development | Local (Docker)       | Development and testing    |\n| Staging     | NYC1 + monthly drills| Pre-production validation  |\n| Production  | NYC1, SFO1           | Live workloads             |\n\n## Key Components\n\n### Terraform Modules\n\n- `talos-cluster`: Abstract Talos K8s cluster provisioning\n- `provider-aws`: AWS-specific resources (VPC, EC2, etc.)\n- `provider-gcp`: GCP-specific resources\n- `provider-digitalocean`: DigitalOcean-specific resources\n- `ledger-cluster`: Ledger StatefulSet deployment\n- `dns`: Multi-provider DNS management\n\n### Flux Kustomizations\n\n- `infrastructure/base`: Shared controllers and operators\n- `apps/base`: Application deployments (engine, control, dashboard)\n\n## Security\n\n- Pod Security Standards (namespace-level)\n- Cilium NetworkPolicies (default deny)\n- Image signing via Kyverno\n- WireGuard pod-to-pod encryption\n- Trivy vulnerability scanning\n\n## Documentation\n\n- [Getting Started](docs/getting-started.md)\n- [Adding Regions](docs/adding-regions.md)\n- [Disaster Recovery](docs/disaster-recovery.md)\n- [Security Model](docs/security-model.md)\n- [Cost Estimation](docs/cost-estimation.md)\n\n## Runbooks\n\n- [Ledger Cluster Recovery](runbooks/ledger-cluster-recovery.md)\n- [Node Replacement](runbooks/node-replacement.md)\n- [Full Region Failover](runbooks/full-region-failover.md)\n- [Break-Glass Procedures](runbooks/break-glass-procedures.md)\n\n## Development Setup\n\nEnable git hooks:\n\n```bash\ngit config core.hooksPath .githooks\n```\n\nRequired tools (via `.mise.toml` or manual install):\n\n- `terraform` - formatting\n- `yamllint` - YAML linting (`pip install yamllint`)\n- `shellcheck` - shell linting\n\n## Contributing\n\nAll changes require PR review. CI runs on push/PR:\n\n- **Terraform**: Format and validate checks\n- **Kubernetes**: YAML lint and Kustomize build validation\n- **Security**: Trivy, Checkov, and KICS scans\n\n## Community\n\nJoin us on [Discord](https://discord.gg/inferadb) for questions, discussions, and contributions.\n\n## License\n\nDual-licensed under [MIT](LICENSE-MIT) or [Apache 2.0](LICENSE-APACHE).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finferadb%2Fdeploy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finferadb%2Fdeploy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finferadb%2Fdeploy/lists"}