Foundry is a CLI tool for deploying a complete Kubernetes-based infrastructure stack on Debian/Ubuntu hosts.
Before you begin, ensure you have:
On each infrastructure host:
- Debian 11/12 or Ubuntu 22.04/24.04 installed
- SSH server running with password authentication enabled
- A non-root user account (or root access)
- Static IP address (or DHCP reservation)
On your network:
- An available VIP (Virtual IP) for Kubernetes that won't conflict with other IPs
- Outbound internet access for downloading packages and container images
On your management machine:
- Go 1.23+ installed (for building Foundry from source)
- Network access to your infrastructure hosts via SSH
See the Prerequisites Guide for detailed requirements and validation scripts.
git clone https://github.com/catalystcommunity/foundry.git
cd foundry/v1
go build -o foundry ./cmd/foundry
sudo mv foundry /usr/local/bin/
# Verify
foundry --versionThe fastest way to get started is a single-host deployment where one machine runs everything.
What you need:
- One Debian/Ubuntu host with SSH access
- A VIP address (unused IP in the same subnet)
Run one command:
foundry stack installYou'll be prompted for:
- Cluster name (default:
my-cluster) - Domain (default:
catalyst.local) - Infrastructure host in
hostname:ipformat (e.g.,node1:192.168.1.10) - SSH user (default:
root) - Kubernetes VIP (e.g.,
192.168.1.20)
During installation, you'll also be prompted for:
- SSH password for the specified user (used once to install SSH key)
- Root password (only if the SSH user doesn't have sudo access)
The installation takes 10-20 minutes and installs:
- OpenBAO (secrets management)
- PowerDNS (internal DNS)
- Zot (container registry)
- K3s (Kubernetes)
- Gateway API + Contour (ingress)
- Cert-Manager (certificates)
- Longhorn (storage)
- SeaweedFS (S3-compatible storage)
- Prometheus + Loki + Grafana (observability)
- Velero (backups)
After installation:
# Check cluster status
kubectl --kubeconfig ~/.foundry/kubeconfig get nodes
# View stack status
foundry stack statusFor production deployments, you'll want multiple hosts with different roles.
# Initialize config (creates ~/.foundry/stack.yaml)
foundry config init
# Add each host with specific roles
foundry host add node1 --address 192.168.1.10 --user myuser \
--roles openbao,dns,zot,cluster-control-plane
foundry host add node2 --address 192.168.1.11 --user myuser \
--roles cluster-worker
foundry host add node3 --address 192.168.1.12 --user myuser \
--roles cluster-worker
# Install the stack
foundry stack install# Initialize config
foundry config init
# Edit ~/.foundry/stack.yaml to add your hostsExample multi-host configuration:
cluster:
name: production
domain: catalyst.local
vip: 192.168.1.20
hosts:
- hostname: control1
address: 192.168.1.10
port: 22
user: myuser
roles:
- openbao
- dns
- zot
- cluster-control-plane
- hostname: worker1
address: 192.168.1.11
port: 22
user: myuser
roles:
- cluster-worker
- hostname: worker2
address: 192.168.1.12
port: 22
user: myuser
roles:
- cluster-workerThen run:
foundry stack install| Role | Description |
|---|---|
openbao |
OpenBAO secrets management server |
dns |
PowerDNS server for internal DNS |
zot |
Container image registry |
cluster-control-plane |
Kubernetes control plane node |
cluster-worker |
Kubernetes worker node |
After installation, services are accessible via DNS names on the catalyst.local domain (or your configured domain).
To access services in your browser:
- Configure your machine to use the PowerDNS server for DNS resolution
- Point your DNS to the host with the
dnsrole
Available services:
grafana.catalyst.local- Observability dashboardsprometheus.catalyst.local- Metricsopenbao.catalyst.local- Secrets management UIzot.catalyst.local- Container registry
DNS Resolution:
- Infrastructure services (
openbao,dns,zot) resolve to their host IPs - All other
*.catalyst.localnames resolve to the VIP (handled by Kubernetes ingress)
Foundry stores all state in ~/.foundry/:
~/.foundry/
├── stack.yaml # Stack configuration
├── kubeconfig # Kubernetes access config
└── keys/ # SSH keys (migrated to OpenBAO after install)
If installation is interrupted, simply run foundry stack install again. Foundry tracks progress and resumes from the last checkpoint.
Check current progress:
foundry config show# Stack management
foundry stack install # Install complete stack
foundry stack status # Show installation status
# Configuration
foundry config init # Create new configuration
foundry config validate # Validate configuration
foundry config show # Display current config
# Host management
foundry host add # Add a new host
foundry host list # List all hosts
foundry host configure <name> # Configure a specific host
# Components
foundry component list # List available components
foundry component status # Show component status# Verify host is reachable
ping <host-ip>
# Verify SSH is running
nc -zv <host-ip> 22
# Test SSH connection manually
ssh user@host-ip- Verify PowerDNS is running:
foundry component status dns - Ensure your machine uses the DNS server IP for resolution
- Test with:
dig @<dns-server-ip> grafana.catalyst.local
- Check progress:
foundry config show - Re-run:
foundry stack install(resumes from checkpoint) - Check logs on the host if a specific component fails
- Configuration Guide - Detailed configuration options
- DNS Guide - PowerDNS configuration
- Storage Guide - Longhorn and SeaweedFS
- Observability Guide - Prometheus, Loki, Grafana
- Backups Guide - Velero backup configuration
- Join the Catalyst Community Discord
- Report issues on GitHub