{"id":33235867,"url":"https://github.com/prebake/prebake","last_synced_at":"2025-11-17T19:00:53.863Z","repository":{"id":323885619,"uuid":"1094753729","full_name":"prebake/prebake","owner":"prebake","description":"A straightforward Developer Platform for Kubernetes","archived":false,"fork":false,"pushed_at":"2025-11-12T16:49:41.000Z","size":494,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-12T17:31:30.436Z","etag":null,"topics":["helm","helm-charts","helmfile","idp","kubernetes"],"latest_commit_sha":null,"homepage":"https://prebake.dev","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/prebake.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-12T05:57:43.000Z","updated_at":"2025-11-12T17:24:27.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/prebake/prebake","commit_stats":null,"previous_names":["prebake/prebake"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/prebake/prebake","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prebake%2Fprebake","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prebake%2Fprebake/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prebake%2Fprebake/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prebake%2Fprebake/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/prebake","download_url":"https://codeload.github.com/prebake/prebake/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prebake%2Fprebake/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284750960,"owners_count":27057456,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-16T02:00:05.974Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["helm","helm-charts","helmfile","idp","kubernetes"],"created_at":"2025-11-16T18:01:04.034Z","updated_at":"2025-11-17T19:00:53.857Z","avatar_url":"https://github.com/prebake.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Prebake - a Developer Platform for Kubernetes\n\nWant to quickly deploy apps on a fresh Kubernetes cluster? With Prebake, you can turn a bare cluster into a developer platform with just two commands.\n\nPrebake aims to enable developers to focus on building and deploying their applications, without having to invest in becoming SMEs in every single component which needs to be deployed on top of Kubernetes - such as ingress, storage, networking, secrets management, and more.\n\nPrebake aims to do this without adding unnecessary abstractions, and instead lean on the powerful abstractions provided by Kubernetes, so the path to using and fixing deployments is robust and obvious for developers.\n\nPrebake includes:\n\n__Apps (and their CRDs):__\n\n* [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) for continuous deployments (_Apache 2.0 license_).\n* [Cert Manager](https://cert-manager.io/) for TLS certificate management (_Apache 2.0 license_).\n* [Cilium](https://cilium.io/) for cluster networking \u0026 policies (_Apache 2.0 license_).\n* [CoreDNS](https://coredns.io/) for DNS resolution (_Apache 2.0 license_).\n* [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) for GitOps encrypted secrets (_Apache 2.0 license_).\n* [Snapshot Controller](https://github.com/kubernetes-csi/external-snapshotter) for persistent volume snapshotting (_Apache 2.0 license_).\n* [Traefik](https://traefik.io/) for ingress (_MIT license_).\n* [Trust Manager](https://cert-manager.io/docs/trust/trust-manager/) for certificate trust store management (_Apache 2.0 license_).\n\nAnd when deployed on AWS, also includes:\n\n* [AWS EBS CSI Driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) for persistent storage on AWS (_Apache 2.0 license_).\n\n__Additional CRDs:__\n\n* [Gateway API CRDs](https://gateway-api.sigs.k8s.io/) for standardized ingress APIs\n\n__Defaults for:__\n\n* RBAC\n* Trust Bundles\n\nCurrently Prebake officially supports deployment to Kind and AWS EKS, but it should work with any bare cluster.\n\nAll configuration in this repository is Open Source, released under the Apache 2.0 license.\n\nThis project was created by [Nadrama](https://nadrama.com), for the Nadrama Open Source Platform-as-a-Service (PaaS).\n\n## Usage\n\nTo create a `values.yaml` file per app, stored under `_values`:\n\n```\nmake setup DOMAIN=\u003cingress-hostname\u003e\n```\n\n- If deploying on EKS, specify the extra type flag i.e. `make setup DOMAIN=\u003cingress-hostname\u003e TYPE=eks`\n\n- Note that you may wish to store this in your own Git repo, if so, just symlink it to `_values` or use the `VALUES_DIR` env var when running `make render` or `make install`.\n\n- Each of these files will be embedded into the corresponding ArgoCD application so changes are not overwritten during any ArgoCD syncs.\n\n(Optionally) Render all charts to the `./_rendered` directory to preview manifests:\n\n```\nmake render [CHART=\u003csingle-chart\u003e]\n```\n\nInstall all (or single-chart of) charts into the current kubectl context:\n\n```\nmake install [CHART=\u003csingle-chart\u003e]\n```\n\nUninstall all (or single-chart of) charts from the current kubectl context:\n\n```\nmake uninstall [CHART=\u003csingle-chart\u003e]\n```\n\n## Testing\n\nWe use [Kind](https://kind.sigs.k8s.io/) to test the configuration locally.\n\nStart the Kind cluster with:\n\n```\nmake kind-create\nmake kind-context # to set the kubectl context to the Kind cluster\n```\n\nNow you can run `make install` and it will use the kubectl context set by `make kind-context`.\n\nThen delete the Kind cluster with:\n\n```\nmake kind-delete\n```\n\n## Repository Overview\n\nThere are 3 types of charts:\n\n1. CRD charts - we use separate charts for CRDs per [Helm Best Practices for CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts).\n\n2. App Charts - the main application charts.\n\n3. Template Charts - templated charts designed to simplify deployment of your apps/containers/agents.\n\nNote:\n\n- We use [helmfile](https://helmfile.readthedocs.io/en/latest/) (_MIT license_) to handle the rendering/installation/uninstallation of all charts, via our shell scripts (see below).\n\n- The `system-` prefix is used on charts/namespaces/resources to simplify RBAC rules / CEL policies.\n\n## Installation \u0026 Validating/Mutating Webhooks\n\nThere are runtime dependencies for some charts, for example:\n\n* `trust-manager` requires the `cert-manager` `system-cert-manager-webhook` pod to be running\n* `trust-bundles` requires the `trust-manager` `system-trust-manager` pod to be running\n\nIn both examples above, it's due to the ValidatingWebhookConfiguration and MutatingWebhookConfigurations created in the `cert-manager` and `trust-manager` charts, which are configured with a failurePolicy of `Fail` (fail closed).\n\nWhen running `./install.sh` it will temporarily set the failurePolicy of those webhooks to `Ignore` (fail open). This should permit all charts to install correctly, in a single run. The `./install.sh` script uses a trap to attempt to restore the failurePolicy to `Ignore` once complete.\n\n## Cluster Design \u0026 Assumptions\n\nThe design of this repository is such that you can still override all chart values via\nthe generated `_values` directory YAML files.\n\nHowever, we have chosen what we believe are good defaults for all charts, and for any\nconfiguration option we believe will be commonly overriden (e.g. IP CIDR blocks), we've\npushed that configuration up into the `_values` directory files to give greater visibility\ninto what is likely to need changing dependending on your deploy target.\n\nHere are the assumptions made by the default/generated values files:\n\n* We assume Kuberentes is configured with dual-stack IPv4 + IPv6.\n\n  * Pod IPv4 CIDR block is `100.64.0.0/10`, supporting\n    up to 4,194,304 IPv4 addresses. RFC 6598 reserves this CIDR block for\n    reserved for Carrier-Grade NAT.\n\n  * Pod IPv6 CIDR block is `fd64::/48`.\n\n  * Service IPv4 CIDR block is `198.18.0.0/15`, supporting up to 131,072 IPv4\n    addresses.\n\n  * Service IPv6 CIDR block is `fdc6::/108`.\n\n    * Note that kube-apiserver requires a prefix length \u003e= 108.\n\n  * Both IPv4 CIDR blocks are defined as private networks\n    \u003chttps://en.wikipedia.org/wiki/Reserved_IP_addresses\u003e\n\n  * Both IPv4 CIDR blocks fall within the default set of eBPF-based\n    nonMasqueradeCIDRs  \u003chttps://docs.cilium.io/en/stable/network/concepts/masquerading/\u003e\n\n  * Both IPv4 CIDR blocks are configured on `kube-controller-manager`.\n    The service CIDR blocks are configured on `kube-apiserver`.\n    We also configure per-Node CIDR blocks with `/24` prefix length for IPv4, and `/64` prefix length for IPv6.\n\n* We configure Cilium CNI to use Kubernetes IPAM mode.\n\n* CoreDNS runs as a DaemonSet\n\n  * It uses the last service IPv4, `198.19.255.254`\n\n  * It uses the last service IPv6, `fdc6::ffff`\n\n  * The  kubelet is configured to use the above two addresses as clusterDNS.\n\n## License\n\nThe contents of this repository is licensed under the Apache License, Version 2.0.\nCopyright 2025 Nadrama Pty Ltd.\nSee [LICENSE](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprebake%2Fprebake","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprebake%2Fprebake","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprebake%2Fprebake/lists"}