{"id":50485505,"url":"https://github.com/nebari-dev/nebari-infrastructure-core","last_synced_at":"2026-06-01T22:00:29.546Z","repository":{"id":337411624,"uuid":"1085760494","full_name":"nebari-dev/nebari-infrastructure-core","owner":"nebari-dev","description":"CLI tool for managing Nebari cloud infrastructure using OpenTofu, ArgoCD, and GitOps","archived":false,"fork":false,"pushed_at":"2026-05-28T17:22:56.000Z","size":2374,"stargazers_count":10,"open_issues_count":146,"forks_count":7,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-28T19:08:37.756Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nebari-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-29T13:30:29.000Z","updated_at":"2026-05-28T16:31:00.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nebari-dev/nebari-infrastructure-core","commit_stats":null,"previous_names":["nebari-dev/nebari-infrastructure-core"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/nebari-dev/nebari-infrastructure-core","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-infrastructure-core","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-infrastructure-core/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-infrastructure-core/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-infrastructure-core/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nebari-dev","download_url":"https://codeload.github.com/nebari-dev/nebari-infrastructure-core/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nebari-dev%2Fnebari-infrastructure-core/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33795114,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-01T22:00:24.771Z","updated_at":"2026-06-01T22:00:29.476Z","avatar_url":"https://github.com/nebari-dev.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003ca href=\"https://nebari.dev\"\u003e\n \u003cpicture\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/nebari-dev/nebari-design/main/logo-mark/horizontal/standard/Nebari-Logo-Horizontal-Lockup-White-text.png\"\u003e\n \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://raw.githubusercontent.com/nebari-dev/nebari-design/main/logo-mark/horizontal/standard/Nebari-Logo-Horizontal-Lockup.png\"\u003e\n \u003cimg alt=\"Nebari\" src=\"docs/Nebari-Logo-Horizontal-Lockup.png\" width=\"300\"\u003e\n \u003c/picture\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eNebari Infrastructure Core\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cstrong\u003eAn opinionated Kubernetes distribution built for AI/ML workflows.\u003c/strong\u003e\n \u003cbr /\u003e\n One config file. Production-ready platform. Any cloud.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/nebari-dev/nebari-infrastructure-core/actions/workflows/ci.yml\"\u003e\u003cimg\n src=\"https://github.com/nebari-dev/nebari-infrastructure-core/actions/workflows/ci.yml/badge.svg\" alt=\"CI\"\u003e\u003c/a\u003e \u003ca\n href=\"https://github.com/nebari-dev/nebari-infrastructure-core/blob/main/LICENSE\"\u003e\u003cimg\n src=\"https://img.shields.io/badge/License-Apache_2.0-blue.svg\" alt=\"License\"\u003e\u003c/a\u003e \u003ca href=\"https://golang.org\"\u003e\u003cimg\n src=\"https://img.shields.io/badge/Go-1.25+-00ADD8?logo=go\u0026logoColor=white\" alt=\"Go 1.25+\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e \u0026middot; \u003ca href=\"docs/cli-reference.md\"\u003eCLI Reference\u003c/a\u003e \u0026middot; \u003ca\n href=\"#architecture\"\u003eArchitecture\u003c/a\u003e \u0026middot; \u003ca href=\"#roadmap\"\u003eRoadmap\u003c/a\u003e \u0026middot; \u003ca\n href=\"docs/design-doc/README.md\"\u003eDocumentation\u003c/a\u003e\n\u003c/p\u003e\n\n\n\n\u003e **Status**: Under heavy development and very unstable. APIs, configuration formats, and behavior will change without\n\u003e notice. Not yet suitable for production use.\n\n## What is Nebari Infrastructure Core?\n\nNebari Infrastructure Core (NIC) is an opinionated Kubernetes distribution that ships with sane defaults (that are fully\nconfigurable) and a suite of foundational software. A single YAML config file gives you a production-grade Kubernetes\ncluster with SSO, GitOps, API gateway, TLS certificates, and an OpenTelemetry exporter that plugs into whatever\nobservability system you already run — all wired together and working out of the box.\n\nNIC's composable architecture means you get exactly the platform you need — nothing more, nothing less. Our initial\nfocus is AI/ML workflows (notebook environments, model serving, experiment tracking), but the foundation is\ngeneral-purpose. Software Packs let you tailor the platform to your workload without carrying software you don't use.\n\nNIC is the successor to [Nebari](https://github.com/nebari-dev/nebari), rebuilt from the ground up, based on seven years\nof lessons learned deploying data science platforms in production.\n\n### The Problem\n\nGetting from a managed Kubernetes cluster to a platform teams can actually use requires assembling and integrating\ndozens of components: identity providers, certificate management, ingress controllers, telemetry pipelines, GitOps\ntooling. This takes months of engineering time, and keeping it all working across environments takes even more.\n\n### The Solution\n\nNIC deploys a **complete platform stack** — not just a cluster. You declare what you want, NIC provisions the\ninfrastructure and deploys foundational services that are pre-integrated and production-hardened.\n\nOn top of this foundation, **Software Packs** let you compose your platform. Software Packs are curated collections of\nopen-source tools packaged as ArgoCD applications with a `NebariApp` Custom Resource. When installed, they automatically\nregister with the platform — picking up SSO, routing, TLS, and telemetry with zero manual configuration.\n\nWant JupyterHub and conda-store? Install the Data Science Pack. Need model serving? Add the ML Pack (MLflow, KServe,\nEnvoy AI Gateway). Want dashboards and log aggregation? Add the Observability Pack (Grafana LGTM stack). Each pack is\nindependent, so you deploy only what you need.\n\n## Architecture\n\n```mermaid\nflowchart TD\n subgraph SP[\"Software Packs\"]\n direction LR\n ds[\"Data Science\"] ~~~ ml[\"ML Serving\"] ~~~ obs[\"Observability\"] ~~~ custom[\"Your Pack\"]\n end\n\n subgraph NO[\"Nebari Operator\"]\n op[\"Auto-configures SSO, routing, TLS, telemetry via NebariApp CRD\"]\n end\n\n subgraph FS[\"Foundational Software\"]\n direction LR\n kc[\"Keycloak\"] ~~~ eg[\"Envoy GW\"] ~~~ cm[\"cert-manager\"] ~~~ ot[\"OTel\"] ~~~ ac[\"ArgoCD\"]\n end\n\n subgraph K8[\"Kubernetes Cluster\"]\n direction LR\n vpc[\"VPC\"] ~~~ np[\"Node Pools\"] ~~~ st[\"Storage\"] ~~~ iam[\"IAM\"]\n end\n\n subgraph CP[\"Cloud Provider\"]\n direction LR\n aws[\"AWS EKS\"] ~~~ gcp[\"GCP GKE\"] ~~~ az[\"Azure AKS\"] ~~~ hz[\"Hetzner K3s\"] ~~~ k3s[\"Local K3s\"]\n end\n\n SP --\u003e NO --\u003e FS --\u003e K8 --\u003e CP\n\n style SP fill:#f3e8fc,stroke:#c840e9,color:#6b21a8\n style NO fill:#d4f5f2,stroke:#20aaa1,color:#0d5d57\n style FS fill:#fef0db,stroke:#e8952c,color:#7c4a03\n style K8 fill:#eeeef3,stroke:#4a4a6a,color:#1a1a2e\n style CP fill:#e8faf8,stroke:#20aaa1,color:#0d5d57\n```\n\n### How It Works\n\n```\nnic deploy -f config.yaml\n```\n\n1. **Provisions infrastructure** — VPC, managed Kubernetes, node pools, storage, IAM via OpenTofu\n2. **Deploys foundational software** — ArgoCD installs Keycloak, Envoy Gateway, cert-manager, OpenTelemetry Collector\n3. **Activates the Nebari Operator** — watches for `NebariApp` resources, auto-configures SSO, routing, TLS, and\n telemetry\n4. **Configures DNS** — optional Cloudflare integration for automatic record management\n\n## Launchpad\n\nEvery NIC deployment includes a landing page where users discover and access all deployed services.\n\n\u003cp align=\"center\"\u003e\n \u003cpicture\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs/assets/launchpad-dark.png\"\u003e\n \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"docs/assets/launchpad-light.png\"\u003e\n \u003cimg alt=\"Nebari Launchpad — service discovery and access portal\" src=\"docs/assets/launchpad-light.png\" width=\"800\"\u003e\n \u003c/picture\u003e\n\u003c/p\u003e\n\n## Key Features\n\n| Feature | Description |\n| ----------------------------- | ------------------------------------------------------------------------------------------------------------ |\n| **Opinionated Defaults** | Production-ready configuration out of the box — multi-AZ, autoscaling, security best practices |\n| **Composable Software Packs** | Install only what you need. Each pack auto-integrates with SSO, telemetry, and routing |\n| **Multi-Cloud** | AWS (EKS), GCP (GKE), Azure (AKS), Hetzner (K3s), and local (K3s) from the same config format |\n| **GitOps Native** | ArgoCD manages all foundational software with dependency ordering and health checks |\n| **OpenTelemetry Native** | Built-in OTel Collector exports metrics, logs, and traces — plugs into whatever observability system you run |\n| **SSO Everywhere** | Keycloak provides centralized auth. The Nebari Operator creates OAuth clients automatically |\n| **Declarative** | One YAML config file. NIC reconciles actual state to match using OpenTofu |\n| **DNS Automation** | Optional Cloudflare provider for automatic DNS record management |\n\n## Quick Start\n\n### Prerequisites\n\n- Go 1.25+\n- Cloud provider credentials (AWS, GCP, or Azure) configured via environment variables\n\nNIC automatically downloads and manages its own OpenTofu binary — no manual installation required.\n\n### Install\n\n```bash\n# From source\nmake build\n\n# Or install to $GOPATH/bin\nmake install\n```\n\n### Deploy\n\n```bash\n# Copy and edit a sample config\ncp examples/aws-config.yaml config.yaml\n\n# Set your credentials\ncp .env.example .env # Edit with your cloud provider credentials\n\n# Validate your config\n./nic validate\n\n# Deploy everything\n./nic deploy\n```\n\nSee the [CLI Reference](docs/cli-reference.md) for all commands and options.\n\n### `nic deploy`\n\nDeploy infrastructure and foundational services based on a configuration file.\n\n```bash\n./nic deploy [flags]\n./nic deploy -f \u003cconfig-file\u003e [flags]\n```\n\nThe `-f` flag is optional. When omitted, NIC looks for `config.yaml` in the current directory. You can also set\n`NIC_CONFIG_PATH` as an environment variable.\n\nOptions:\n\n- `-f, --file`: Path to config.yaml file (auto-discovered if omitted)\n- `--dry-run`: Preview changes without applying them\n- `--timeout`: Override default timeout (e.g., '45m', '1h')\n- `--regen-apps`: Regenerate ArgoCD application manifests even if already bootstrapped\n\nThe deploy command:\n\n1. Provisions cloud infrastructure via the selected provider (OpenTofu)\n2. Bootstraps a GitOps repository with ArgoCD application manifests (if configured)\n3. Installs ArgoCD and foundational services (Keycloak, Envoy Gateway, cert-manager)\n4. Configures DNS records (if a DNS provider is configured)\n\n### `nic validate`\n\nValidate a configuration file without deploying any infrastructure.\n\n```bash\n./nic validate\n./nic validate -f \u003cconfig-file\u003e\n```\n\nOptions:\n\n- `-f, --file`: Path to config.yaml file (auto-discovered if omitted)\n\n### `nic destroy`\n\nDestroy all infrastructure resources.\n\n```bash\n./nic destroy [flags]\n./nic destroy -f \u003cconfig-file\u003e [flags]\n```\n\nOptions:\n\n- `-f, --file`: Path to config.yaml file (auto-discovered if omitted)\n- `--auto-approve`: Skip confirmation prompt and destroy immediately\n- `--dry-run`: Show what would be destroyed without actually deleting\n- `--force`: Continue destruction even if some resources fail to delete\n- `--timeout`: Override default timeout (e.g., '45m', '1h')\n\n**WARNING**: This operation is destructive and cannot be undone.\n\n### `nic kubeconfig`\n\nGenerate a kubeconfig for the deployed Kubernetes cluster.\n\n```bash\n./nic kubeconfig [-o output-file]\n./nic kubeconfig -f \u003cconfig-file\u003e [-o output-file]\n```\n\nOptions:\n\n- `-f, --file`: Path to config.yaml file (auto-discovered if omitted)\n- `-o, --output`: Path to output kubeconfig file (defaults to stdout)\n\n### `nic version`\n\nShow version information and registered providers.\n\n```bash\n./nic version\n```\n\n## Configuration\n\nNIC uses a YAML configuration file. See the `examples/` directory for sample configurations:\n\n- `examples/aws-config.yaml` - AWS/EKS configuration\n- `examples/aws-config-with-dns.yaml` - AWS with Cloudflare DNS automation\n- `examples/aws-existing.yaml` - Deploy to an existing EKS cluster\n- `examples/gcp-config.yaml` - GCP/GKE configuration\n- `examples/azure-config.yaml` - Azure/AKS configuration\n- `examples/hetzner-config.yaml` - Hetzner Cloud/K3s configuration\n- `examples/local-config.yaml` - Local Kind/K3s configuration\n\n### Environment Variables\n\nSecrets are never stored in configuration files. Use environment variables or a `.env` file (see `.env.example`):\n\n```bash\n# Copy the example and fill in your values\ncp .env.example .env\n```\n\n## OpenTelemetry Configuration\n\nNIC supports OpenTelemetry tracing with configurable exporters:\n\n- `OTEL_EXPORTER`: Exporter type — `none` (default), `console`, `otlp`, or `both`\n- `OTEL_ENDPOINT`: OTLP endpoint (default: `localhost:4317`)\n\n```bash\n# Console traces (debugging) — config.yaml auto-discovered in current directory\nOTEL_EXPORTER=console ./nic deploy\n\n# OTLP traces\nOTEL_EXPORTER=otlp OTEL_ENDPOINT=localhost:4317 ./nic deploy -f config.yaml\n```\n\n## Development\n\n### Local Cluster Testing with Kind\n\nFor local development, you can deploy a Kind cluster with foundational services:\n\n```bash\nmake localkind-up # Create Kind cluster and deploy\nmake localkind-down # Tear down\n```\n\nA GitHub repo URL must be set in your `local-config.yaml`, and a valid private SSH key must be set as the\n`GIT_SSH_PRIVATE_KEY` environment variable.\n\n### Running Tests\n\n```bash\n# Run all tests\ngo test ./... -v\n\n# Run with coverage\ngo test ./... -cover -coverprofile=coverage.out\ngo tool cover -html=coverage.out\n```\n\n### Code Quality\n\n```bash\n# Format, vet, lint, and test\nmake check\n\n# Or individually:\nmake fmt\nmake vet\nmake lint\nmake test\n```\n\n### Pre-commit Hooks\n\n```bash\n# Install hooks (one-time setup)\npre-commit install\n\n# Run all hooks manually\npre-commit run --all-files\n```\n\n### Project Structure\n\n```\ncmd/nic/ CLI entry point and commands\npkg/\n ├── argocd/ ArgoCD installation, Helm charts, app manifests\n ├── config/ Configuration parsing and validation\n ├── dnsprovider/ DNS provider interface (Cloudflare)\n ├── git/ Git client for GitOps repository management\n ├── kubeconfig/ Kubeconfig generation\n ├── provider/ Cloud provider interface\n │ ├── aws/ AWS provider (EKS, VPC, EFS, IAM)\n │ ├── gcp/ GCP provider\n │ ├── azure/ Azure provider\n │ ├── hetzner/ Hetzner Cloud provider (K3s via hetzner-k3s)\n │ └── local/ Local Kind/K3s provider\n ├── telemetry/ OpenTelemetry setup\n └── tofu/ OpenTofu binary management and execution\nterraform/ OpenTofu/Terraform modules per provider\nexamples/ Sample configuration files\ndocs/ Architecture docs, design decisions, ADRs\n```\n\n## Roadmap\n\nNIC is under very active development.\n\nOur current roadmap can be found at [2026-02-04-roadmap.md](docs/plans/2026-02-04-roadmap.md). We welcome feedback and\ncontributions to help shape the future of the project!\n\n## Documentation\n\n| Document | Description |\n| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| [CLI Reference](docs/cli-reference.md) | All commands, flags, and configuration options |\n| [Design Doc](docs/design-doc/README.md) | The original design document that laid the foundation for NIC's architecture and implementation. It includes detailed explanations of the core components, design decisions, and implementation details. The document is organized into sections covering architecture, design decisions, configuration reference, Nebari Operator, and testing strategy.) |\n| [Architectural Decision Records](docs/adr/README.md) | Architectural decision records recording design decisions as we build |\n\n## Contributing\n\nContributions are welcome! To get started:\n\n```bash\n# Clone the repo\ngit clone https://github.com/nebari-dev/nebari-infrastructure-core.git\ncd nebari-infrastructure-core\n\n# Install dependencies and build\nmake build\n\n# Run tests\ngo test ./... -v\n\n# Run all checks (fmt, vet, lint, test)\nmake check\n\n# Install pre-commit hooks\npre-commit install\n```\n\nSee our [issue tracker](https://github.com/nebari-dev/nebari-infrastructure-core/issues) for open issues.\n\n## License\n\nApache License 2.0 — see [LICENSE](LICENSE) for details.\n\n## OpenTofu lockfile updates\n\nIf you change provider templates under `pkg/provider/**/templates/`, regenerate the provider lockfile(s) locally:\n\n```bash\n./scripts/pre-commit-tofu-lock.sh\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnebari-dev%2Fnebari-infrastructure-core","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnebari-dev%2Fnebari-infrastructure-core","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnebari-dev%2Fnebari-infrastructure-core/lists"}