Architecture¶
Overview¶
graph TB
subgraph Proxmox["Proxmox Host (192.168.178.162)"]
subgraph Cluster["Kubernetes Cluster"]
CP[Control Plane<br/>192.168.178.50]
W1[Worker 1<br/>192.168.178.51]
W2[Worker 2<br/>192.168.178.52]
end
ZFS[(ZFS Pools<br/>flash / spacex)]
end
Internet((Internet)) -->|Cloudflare DNS| Traefik
Traefik -->|Gateway API| Apps
subgraph Apps["Applications"]
HA[Home Assistant]
Immich[Immich]
Grafana[Grafana]
More[...]
end
Cluster -->|NFS-CSI| ZFS
Flux[Flux CD] -->|GitOps| Cluster
GitHub[GitHub Repo] -->|Pull| FluxGitOps Flow¶
sequenceDiagram
participant Dev as Developer
participant GH as GitHub
participant Flux as Flux CD
participant K8s as Cluster
Dev->>GH: git push (main)
Flux->>GH: Poll every 1m
Flux->>K8s: Apply Kustomization
K8s-->>Flux: Status (Ready/Failed)
alt Error
Flux->>Telegram: Error alert
endRepository Structure¶
โโโ clusters/production/ # Flux entry point: defines Kustomizations
โ โโโ secrets.yaml # Kustomization for SOPS secrets
โ โโโ infrastructure.yaml # Kustomization for infrastructure
โ โโโ apps.yaml # Kustomization for applications
โโโ infrastructure/ # Platform components
โ โโโ crds/ # Gateway API CRDs
โ โโโ metallb/ # L2 load balancer
โ โโโ cert-manager/ # TLS wildcard certificates
โ โโโ nfs-csi/ # NFS storage driver
โ โโโ traefik/ # Ingress controller + Gateway
โ โโโ kube-system/ # System patch (metrics-server, etc.)
โ โโโ notifications/ # Flux โ Telegram alert
โโโ apps/ # User applications
โ โโโ authentik/ # SSO / Identity Provider
โ โโโ home-assistant/ # Home automation
โ โโโ immich/ # Photo management
โ โโโ grafana/ # Metrics dashboard
โ โโโ prometheus/ # Monitoring stack
โ โโโ gatus/ # Uptime monitoring
โ โโโ ... # Other apps
โโโ scripts/ # Diagnostic scripts
Kustomization Dependencies¶
graph LR
secrets[secrets] --> infrastructure
infrastructure --> appsFlux applies resources in order: secrets โ infrastructure โ apps. Each level depends on the previous one via dependsOn.