A lightweight GitOps controller for Kubernetes homelab clusters that automatically applies changes from your Git repository. Edit YAML files, commit to Git, and watch your cluster update automatically!
- Universal Resource Support: Deploy any Kubernetes resource type (Deployments, Services, ConfigMaps, Secrets, StatefulSets, DaemonSets, Jobs, CronJobs, Ingress, PVCs, and more)
- GitHub Integration: Webhook-driven updates triggered by Git pushes
- Smart Deployment: Automatically creates or updates resources based on current cluster state
- Multi-Document Support: Process multiple YAML resources in a single file
- In-Cluster & Local: Auto-detects running environment (in-cluster vs local development)
- Health Checks: Built-in liveness and readiness probes
- Graceful Shutdown: Proper signal handling for clean shutdowns
IMPORTANT: Please read this section carefully before deploying TRIGRA to your cluster.
- Cluster Access: TRIGRA requires broad RBAC permissions to create, update, and delete resources across your cluster. Review and customize
rbac.yamlto limit permissions to only what you need. - GitHub Token: Your GitHub Personal Access Token (PAT) grants TRIGRA access to your repositories. Use tokens with minimal required scopes and consider using fine-grained PATs.
- Webhook Secret: Always use a strong, randomly generated webhook secret. Never reuse secrets across environments.
- Secret Management: Never commit
.envfiles orsecret.yamlto version control. Add them to.gitignoreimmediately. - Network Exposure: If exposing TRIGRA externally, use TLS/HTTPS and consider additional authentication layers (e.g., VPN, IP allowlisting).
- Testing First: TRIGRA is designed for homelabs and development environments. For production use:
- Test thoroughly in a non-production cluster first
- Implement proper monitoring and alerting
- Consider using established GitOps tools like ArgoCD or FluxCD for mission-critical workloads
- Resource Limits: Set appropriate resource limits in the deployment to prevent resource exhaustion
- Backup Strategy: Always maintain backups of your cluster state and manifests
- Rollback Plan: Have a rollback strategy in place before deploying changes
- Automatic Deployment: TRIGRA automatically applies changes from Git. A misconfigured manifest can:
- Delete critical resources
- Cause service outages
- Consume excessive cluster resources
- Expose sensitive data
- No Built-in Rollback: TRIGRA does not automatically rollback failed deployments. You must manually revert Git commits or fix issues.
- Namespace Scope: By default, TRIGRA can deploy to any namespace. Limit this in production by adjusting RBAC permissions.
- Validation: TRIGRA applies manifests without extensive validation. Always validate YAML locally before pushing:
kubectl apply --dry-run=client -f your-manifest.yaml kubectl apply --dry-run=server -f your-manifest.yaml
- Start Small: Begin with non-critical workloads in a test namespace
- Use Git Branches: Test changes in feature branches before merging to main
- Enable Notifications: Configure GitHub webhook notifications to monitor deployment events
- Regular Audits: Periodically review deployed resources and RBAC permissions
- Documentation: Document your deployment patterns and maintain a runbook
- Monitoring: Set up monitoring for the TRIGRA controller itself (health checks, logs, metrics)
β Good for:
- Personal homelabs and learning environments
- Development and testing clusters
- Small-scale deployments with trusted contributors
- Rapid prototyping and experimentation
β Not recommended for:
- Production systems without extensive testing
- Multi-tenant clusters without proper isolation
- Environments requiring compliance certifications
- Critical infrastructure without proper safeguards
- Kubernetes cluster (homelab, Minikube, Kind, K3s, etc.)
- Go 1.25+ (for building from source)
- GitHub repository for your manifests
kubectlconfigured to access your cluster
βββββββββββββββ
β GitHub β
β Repository β
ββββββββ¬βββββββ
β Push Event
β (Webhook)
βΌ
βββββββββββββββββββββββ
β Trigra - GitOps Controller β
β β
β βββββββββββββββββββ β
β β Webhook Handler β β
β ββββββββββ¬βββββββββ β
β β β
β ββββββββββΌβββββββββ β
β β Resource Applierβ β
β ββββββββββ¬βββββββββ β
ββββββββββββΌβββββββββββ
β
βΌ
βββββββββββββββ
β Kubernetes β
β Cluster β
βββββββββββββββ
-
Clone the repository:
git clone https://github.com/Taiwrash/trigra.git cd trigra -
Set up environment variables:
cp .env.example .env # Edit .env with your values -
Generate a webhook secret:
openssl rand -hex 32
-
Configure
.env:GITHUB_TOKEN=ghp_your_token_here WEBHOOK_SECRET=your_generated_secret_here SERVER_PORT=8082 NAMESPACE=default
-
Build and run:
go build -o trigra ./cmd/trigra ./trigra
π For detailed deployment instructions, see the Kubernetes Deployment Guide
Quick Start:
-
Using Docker Hub image (no build required):
# Download manifests curl -O https://raw.githubusercontent.com/Taiwrash/trigra/main/deployments/kubernetes/secret.yaml.example curl -O https://raw.githubusercontent.com/Taiwrash/trigra/main/deployments/kubernetes/deployment.yaml curl -O https://raw.githubusercontent.com/Taiwrash/trigra/main/deployments/kubernetes/rbac.yaml curl -O https://raw.githubusercontent.com/Taiwrash/trigra/main/deployments/kubernetes/service.yaml # Create your secret cp secret.yaml.example secret.yaml vim secret.yaml # Add your GitHub token and repo # Deploy kubectl apply -f secret.yaml kubectl apply -f rbac.yaml kubectl apply -f deployment.yaml kubectl apply -f service.yaml
-
Or build from source:
# Build Docker image ./build-docker.sh # Create secret cp deployments/kubernetes/secret.yaml.example deployments/kubernetes/secret.yaml vim deployments/kubernetes/secret.yaml # Deploy kubectl apply -f deployments/kubernetes/
-
Verify deployment:
kubectl get pods -l app=trigra kubectl logs -l app=trigra -f
-
Go to your GitHub repository β Settings β Webhooks β Add webhook
-
Configure:
- Payload URL:
http://your-controller-ip/webhook - Content type:
application/json - Secret: Your
WEBHOOK_SECRETvalue - Events: Select "Just the push event"
- Active: β Checked
- Payload URL:
-
Click Add webhook
-
Test by pushing a YAML file to your repository!
Want to try TRIGRA with ready-made examples? Deploy any example with one command:
curl -fsSL https://raw.githubusercontent.com/Taiwrash/trigra/main/deploy-example.sh | bashThis interactive script lets you choose from:
- π Homepage Dashboard - Full homelab dashboard
- π€ Ollama AI - Run LLMs locally
- π Simple Homepage - Clean landing page
- β¨ Awesome Homepage - Stunning animated design
- π All Examples - Deploy everything!
-
Create a Kubernetes manifest in your Git repository:
# nginx-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx namespace: default spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.25-alpine ports: - containerPort: 80
-
Commit and push:
git add nginx-deployment.yaml git commit -m "Deploy nginx" git push origin main -
Watch the magic happen:
kubectl get deployments -w
You can include multiple resources in a single YAML file using --- separator:
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
environment: production
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
# ... deployment spec
---
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
# ... service specThe controller supports all Kubernetes resource types, including:
- Workloads: Deployments, StatefulSets, DaemonSets, Jobs, CronJobs, Pods
- Services: Service, Ingress, NetworkPolicy
- Config: ConfigMap, Secret
- Storage: PersistentVolumeClaim, PersistentVolume, StorageClass
- RBAC: Role, RoleBinding, ClusterRole, ClusterRoleBinding, ServiceAccount
- Custom Resources: Any CRD installed in your cluster
- Liveness:
http://controller:8082/health - Readiness:
http://controller:8082/ready
# View controller logs
kubectl logs -f deployment/trigra
# Follow logs in real-time
kubectl logs -f -l app=trigra- Never commit secrets: Use
.gitignoreto exclude.envandsecret.yamlfiles - Use Kubernetes Secrets: Store sensitive data in Kubernetes secrets, not in Git
- Limit RBAC permissions: Adjust
rbac.yamlto grant only necessary permissions - Use private repositories: Keep your infrastructure manifests in private repos
- Rotate tokens: Regularly rotate your GitHub PAT and webhook secrets
- Check webhook delivery in GitHub (Settings β Webhooks β Recent Deliveries)
- Verify the service is accessible:
kubectl get svc trigra - Check controller logs:
kubectl logs -f deployment/trigra - Ensure webhook secret matches in both GitHub and Kubernetes secret
- Check controller logs for errors
- Verify RBAC permissions:
kubectl auth can-i create deployments --as=system:serviceaccount:default:trigra - Validate YAML syntax:
kubectl apply --dry-run=client -f your-file.yaml
Update RBAC permissions in deployments/kubernetes/rbac.yaml to include the required resources.
See the deployments/examples/ directory for ready-to-use manifests:
deployment.yaml- Simple Nginx deployment with resource limitsservice.yaml- ClusterIP service exampleconfigmap.yaml- ConfigMap with multiple data files
Deploy Homepage - a highly customizable application dashboard for your homelab:
- ServiceAccount with proper RBAC permissions
- ConfigMap with customizable dashboard settings
- Kubernetes integration to monitor your cluster
- Widgets for cluster metrics, resources, and search
- Service bookmarks and custom services
- Ingress for external access
Quick Deploy:
kubectl apply -f deployments/examples/homepage-dashboard.yaml
# Access via http://dashboard.local (configure your ingress/DNS)Features:
- π Real-time Kubernetes cluster monitoring
- π Customizable service bookmarks
- π¨ Multiple themes and layouts
- π Resource usage widgets
- π Integrated search
- π 100+ service integrations
Run local LLMs (Llama, Gemma, Mistral, etc.) on your cluster:
- PersistentVolumeClaim for model storage (50GB)
- Deployment with resource limits (configurable for GPU)
- Both ClusterIP and NodePort services
- Ingress for API access
- Usage instructions ConfigMap
Quick Deploy:
kubectl apply -f deployments/examples/ollama-ai-model.yaml
# Access the pod and pull a model
kubectl exec -it deployment/ollama -- ollama pull gemma:2b
kubectl exec -it deployment/ollama -- ollama run gemma:2b
# Or access via NodePort: http://<node-ip>:30434Supported Models: llama2, gemma (2b/7b), mistral, codellama, and more!
We love your input! We want to makeBy contributing to Trigra, you agree that your contributions will be licensed under its MIT License.porting a bug
- Discussing the current state of the code
- Submitting a fix
- Proposing new features
Please read our CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We are committed to making our community inclusive and welcoming. Please read and follow our Code of Conduct.
This project is licensed under the MIT License - see the LICENSE file for details.
Built with:
Happy GitOps-ing! π