Kubernetes on Proxmox.
Fully automated.

From a bare Proxmox instance to a production-ready Kubernetes cluster — in under 5 minutes. One Bash script, zero dependencies.

Coming soon...
View Docs
proxkube.dev — k8s-hetzner — 00:04:12 
 K8s Setup  ·  k8s-hetzner  ·  00:04:12                       11:14:47
 RUNNING     ████████████████████████████░░░░  80%  16/20

── Phases ──────────────────────────────────────────────────────────────────
  1.  Preflight Check          11.  Control Plane init
  2.  Cloud-Init Template      12.  CNI Plugin
  3.  Clone VMs                13.  Join CPs (HA)
  4.  Port Forwarding          14.  Join Workers
  5.  Start VMs + SSH          15.  Labels + Taints
  6.  apt update + Reboot      16.  Network Policies
  7.  SSH Keys + /etc/hosts    17. · Add-ons (Helm...)
  8.  Firewall (nftables)      18. · Fetch kubeconfig
  9.  Kubernetes packages      19. · Write inventory
 10.  HAProxy + keepalived     20. · Take snapshots

── Proxmox ─────────────────────────────────────────────────────────────────
   k8s-cp-1       running     k8s-worker-1   running
   k8s-cp-2       running     k8s-worker-2   running
   k8s-cp-3       running

── Log ─────────────────────────────────────────────────────────────────────
  [11:14:29]  Worker-2 joined successfully.
  [11:14:31]  Applying node labels and taints...
  [11:14:47]  ✓ All 5 Nodes Ready.

[q] Quit  [+/-] Log lines

Why proxkube

Everything included. Nothing extra.

A single Bash script. No Ansible, no Terraform, no external dependencies.

Fully Automated

Cloud-Init template, network detection, storage detection — everything is automatically discovered and configured.

🔄

Resumption

If setup aborts, resume continues exactly where it left off. No VM is recreated.

🖥️

Live TUI

Built-in flicker-free TUI with 19 phases, progress bar and live log. No separate monitoring tool needed.

🔒

Security Hardened

Secrets encryption at rest, audit logging, firewall source-IP restrictions, Pod Security Standards and proper kubelet TLS — enabled by default.

🏗️

HA Mode

3 Control Planes with HAProxy and keepalived (Virtual IP). If one CP fails, another takes over automatically.

💾

Backup & Restore

etcd backup with auto-rotation, VM snapshots, Velero for Persistent Volumes. Fully automated restore included.

🌐

Hetzner Dedicated

Special mode for Proxmox on Hetzner root servers: private NAT network, port forwarding, iptables-persistent.

📊

Monitoring

Prometheus + Grafana, Loki log aggregation and Falco runtime security — one flag to enable each.

🔐

SSO with Authentik

Protect internal UIs (Traefik, Longhorn) with OAuth2 via Authentik — fully automated, no manual IdP setup.

Ecosystem

Add-ons at the flip of a switch

Just set to true — the rest happens automatically.

Traefik Traefik
cert-manager cert-manager
Cloudflare Cloudflare DNS
ArgoCD ArgoCD
H Headlamp
Vaultwarden Vaultwarden
Longhorn Longhorn
M MetalLB
N NFS Provisioner
Velero Velero
Prometheus Prometheus
Grafana Grafana
metrics-server metrics-server
K Kured
k9 k9s
Helm Helm
Authentik Authentik
Loki Loki
Falco Falco