{"id":51204487,"url":"https://github.com/latebit-io/demarkus-knowledge-system-deploy","last_synced_at":"2026-06-28T02:30:50.825Z","repository":{"id":359991582,"uuid":"1247578373","full_name":"latebit-io/demarkus-knowledge-system-deploy","owner":"latebit-io","description":"K8 as  a demarkus knowledge system on GKE — OpenTofu + ArgoCD GitOps + OpenBao. Forkable template.","archived":false,"fork":false,"pushed_at":"2026-06-18T00:27:54.000Z","size":422,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-18T02:18:19.660Z","etag":null,"topics":["argocd","demarkus","gitops","gke","kubernetes","mark-protocol","openbao","opentofu"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/latebit-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-23T13:59:23.000Z","updated_at":"2026-06-18T00:27:54.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/latebit-io/demarkus-knowledge-system-deploy","commit_stats":null,"previous_names":["latebit-io/demarkus-knowledge-system-deploy"],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/latebit-io/demarkus-knowledge-system-deploy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/latebit-io%2Fdemarkus-knowledge-system-deploy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/latebit-io%2Fdemarkus-knowledge-system-deploy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/latebit-io%2Fdemarkus-knowledge-system-deploy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/latebit-io%2Fdemarkus-knowledge-system-deploy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/latebit-io","download_url":"https://codeload.github.com/latebit-io/demarkus-knowledge-system-deploy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/latebit-io%2Fdemarkus-knowledge-system-deploy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34875357,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-28T02:00:05.809Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","demarkus","gitops","gke","kubernetes","mark-protocol","openbao","opentofu"],"created_at":"2026-06-28T02:30:50.174Z","updated_at":"2026-06-28T02:30:50.820Z","avatar_url":"https://github.com/latebit-io.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Enterprise style demarkus knowledge system\nNote: for teams or smaller needs this is overkill, you could get away with one or two deploys for 1% of the cost of k8s deploy. This use case is for at larger scale. \n\n\nA reference deployment of a [demarkus](https://github.com/latebit-io/demarkus)\nknowledge system on GKE, managed entirely by GitOps. It doubles as a **GitHub\ntemplate** — fork it to stand up your own.\n\n- **Cloud:** GCP / GKE Standard, single zonal cluster in `northamerica-northeast2` (Toronto)\n- **IaC:** [OpenTofu](https://opentofu.org/) · **Secrets:** [OpenBao](https://openbao.org/) + bank-vaults · **GitOps:** ArgoCD · **Charts:** `ghcr.io/latebit-io/charts`\n\nTo run your own, see **[docs/instantiate.md](docs/instantiate.md)**.\n\n## What's deployed\n\nOpenTofu builds the substrate; ArgoCD reconciles everything in-cluster from this\nrepo. Tofu installs ArgoCD and a root ApplicationSet that generates one Argo\nApplication per directory under `platform/` and `apps/`, ordered by sync wave:\n\n| Wave | Component | Role |\n|------|-----------|------|\n| — (tofu) | project, network + Cloud NAT, Cloud DNS, GKE, KMS + Workload Identity, budget | GCP substrate |\n| -2 | cert-manager | TLS (Let's Encrypt + selfsigned issuers) |\n| -1 | OpenBao, bank-vaults webhook | secrets store (file backend, GCP KMS auto-unseal) + env injection |\n| 0 | external-dns, ingress-nginx, external-secrets, dex, oauth2-proxy | DNS records, ingress, OpenBao→k8s secret bridge, admin SSO |\n| 1 | demarkus-broker, demarkus-worlds, backups | the broker + MCP gateway, one Application per world (incl. the `root` hub), CSI snapshot CronJob |\n| 2 | demarkus-agent | federation crawler — indexes every world's content-hashes into the `root` hub for cross-world discovery |\n\n**Auth:** broker user login is Google OIDC; admin UIs (ArgoCD, OpenBao) are gated\nby [Dex](docs/runbook-dex-sso.md) federating GitHub-org membership.\n**CI:** `tofu plan` on PR / `tofu apply` on merge via Workload Identity\nFederation, no long-lived keys ([docs/runbook-ci-wif.md](docs/runbook-ci-wif.md)).\n**Backups:** daily CSI VolumeSnapshots of stateful PVCs\n([docs/runbook-backup-restore.md](docs/runbook-backup-restore.md)).\n\n## Cost\n\nRough baseline, CAD/month (single zonal cluster, low traffic):\n\n| Item | ~CAD/mo |\n|------|---------|\n| 3× `e2-medium` nodes (sustained-use discount) | 65–80 |\n| 1× LoadBalancer (ingress-nginx) | ~18 |\n| Cloud NAT + DNS + KMS + disks + snapshots | 10–15 |\n| GKE cluster management fee | ~73, usually offset by the one-free-zonal-cluster tier |\n\n**≈ $95–130/mo** if the free tier covers the management fee. A `200 CAD` budget\nalert is wired (`budget_alert_email` in tfvars). Biggest levers: node count/size\nand the LoadBalancer. Estimates only — confirm against the\n[GCP pricing calculator](https://cloud.google.com/products/calculator) and your\nlive billing.\n\n## Layout\n\n```\ntofu/\n  modules/{project,network,dns,gke,argocd-bootstrap,platform-iam,billing-budget}/\n  bootstrap/ci/          # WIF + tofu-ci SA for GitHub Actions (applied once, locally)\n  envs/prod/             # knowledge.demarkus.io — fill terraform.tfvars (gitignored)\nbootstrap/               # argocd-values.yaml + root-appset.yaml (tofu applies post-cluster)\nplatform/                # cluster prerequisites (Argo-managed)\napps/                    # demarkus-broker, demarkus-worlds, demarkus-agent, backups (Argo-managed)\ndocs/                    # runbooks + instantiate guide\n.github/workflows/       # tofu-plan (PR) + tofu-apply (merge)\n```\n\n## Runbooks\n\n- [instantiate.md](docs/instantiate.md) — fork → live, end to end\n- [runbook-openbao-seed.md](docs/runbook-openbao-seed.md) — OpenBao init + seed secrets\n- [runbook-eso-openbao.md](docs/runbook-eso-openbao.md) — OpenBao → k8s Secret bridge\n- [runbook-dex-sso.md](docs/runbook-dex-sso.md) — admin SSO via Dex + GitHub\n- [runbook-ci-wif.md](docs/runbook-ci-wif.md) — CI via Workload Identity Federation\n- [runbook-backup-restore.md](docs/runbook-backup-restore.md) — backups + restore drill\n- [runbook-broker-allow-domains.md](docs/runbook-broker-allow-domains.md) — broker OIDC domain allowlist\n- [runbook-broker-web-clients.md](docs/runbook-broker-web-clients.md) — broker confidential web clients\n\nMaster plan: `mark://soul.demarkus.io/plans/knowledge-system-gke-deploy.md`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flatebit-io%2Fdemarkus-knowledge-system-deploy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flatebit-io%2Fdemarkus-knowledge-system-deploy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flatebit-io%2Fdemarkus-knowledge-system-deploy/lists"}