Infrastructure Components¶

Core infrastructure services that support the cluster and user applications.

🔐 Certificate & TLS¶

Cert-Manager — Automatic TLS certificate management
Issuers — Let's Encrypt and certificate issuers

🌐 Networking & Routing¶

Traefik — Ingress controller and reverse proxy
Traefik Edge — Edge routing configuration
Cloudflare Tunnel — Secure tunneling to Cloudflare
MetalLB — Load balancer for bare-metal Kubernetes
MetalLB Config — Load balancer configuration

🔍 Monitoring & Observability¶

Prometheus — Metrics collection and storage
Promtail — Log aggregation agent
Loki — Log aggregation and storage
VictoriaMetrics — Time-series database
Gatus — Health check and status monitoring

💾 Storage & Backup¶

Longhorn — Distributed block storage
Kopia — Backup and restoration system

🛡️ Security & Access Control¶

Authelia — Single Sign-On and MFA
LLDAP — Lightweight LDAP server
Vaultwarden — Password manager (Bitwarden compatible)

⚙️ Utilities¶

Redis — Cache and message broker
CrowdSec — Intrusion detection
Sablier — Auto-scaling and sleep mode
Skooner — Kubernetes dashboard
DNS Failover — DNS redundancy
Stalwart — Mail server
Observability Sources — Data source configuration

📊 Resource Overview¶

Component	CPU	Memory	Storage	Purpose
Prometheus	500m	1Gi	10Gi	Metrics
Loki	200m	512Mi	10Gi	Logs
VictoriaMetrics	500m	1Gi	20Gi	Time-series DB
Cert-Manager	100m	256Mi	-	TLS certs
Traefik	200m	256Mi	-	Ingress
MetalLB	100m	256Mi	-	Load balancer
Longhorn	Varies	Varies	-	Storage
Others	<100m	64-256Mi	-	Utilities

🔧 Configuration & Customization¶

Each infrastructure component can be customized via: - Kustomize overlays for environment-specific changes - ConfigMaps for application configuration - Secrets for sensitive credentials (sealed with SealedSecrets) - Custom CRDs for advanced configuration

📚 More Information¶

See individual component documentation for: - Deployment architecture - Configuration options - Resource requirements - Integration points - Troubleshooting guides