Changelog

Technical evolution of the infrastructure stack, tracking the migration from standalone Docker hosts to a fully automated, GitOps-managed Kubernetes cluster.

Phase 5: GitOps & Cluster Hardening (July 2025 - Present)

Shifted control plane management to ArgoCD and expanded storage capabilities.

GitOps Implementation:
- Deployed ArgoCD in an App-of-Apps pattern to manage cluster state (89c51aa).
- Integrated Sealed Secrets (implied via vault diffs) and Cert-Manager for automated TLS management (76000f8).
- Migrated core services (Traefik, MetalLB) to Helm charts managed via ArgoCD manifests.
Storage Architecture:
- Implemented Longhorn with iSCSI support for distributed block storage (48aec11).
- Added NFS Provisioner (e1a2248) for ReadWriteMany volumes capabilities.
Networking:
- Centralized primary server IP logic (97a5d6c) to support HA control plane capability.
- Replaced Netcup DNS webhooks with Cloudflare for Caddy ACME challenges (9cb90a8).
Observability:
- Added healthcheck definitions to Docker Compose services (0e8e07e) and K3s probes.

Phase 4: IaaC Refactoring & Proxmox API Integration (Nov 2024 - June 2025)

Refactored Ansible roles for modularity and implemented Proxmox API automation for "click-less" provisioning.

Proxmox Automation:
- Developed roles/proxmox to interface with Proxmox API: automated VM creation, cloning from templates, and Cloud-Init injection (f2ea03b).
- Configured PCI Passthrough (591342f) and hardware acceleration for media transcoding nodes.
- Added cron-based VM state reconciliation (a1da69a).
Ansible Restructuring:
- Inventory Refactor: Moved from root-level inventory files to a hierarchical vars/ structure (609e000).
- Linting Pipeline: Integrated ansible-lint and pre-commit hooks (6eef96b) to enforce YAML standards and best practices.
- Vault Security: Configured .gitattributes to enable ansible-vault view for cleartext diffs in git (c3905ed).
Identity Management:
- Deployed Keycloak (42196a3) for OIDC/SAML authentication across the stack.

Phase 3: The Kubernetes Migration (Sep 2024 - Oct 2024)

Architectural pivot from Docker Compose to K3s.

Control Plane Setup:
- Bootstrapped K3s cluster with dedicated server/agent split.
- Configured HAProxy/Nginx load balancers (51a49d0) for API server high availability.
Node Provisioning:
- Standardized node bootstrapping (kernel modules, sysctl params) for K3s compatibility.
- Deployed specialized storage nodes for Longhorn (7d58de9).
Decommissioning:
- Drained and removed legacy Docker hosts (0aed818).
- Migrated stateful workloads (Postgres) to cluster-managed resources.

Phase 2: Docker Service Expansion (2023 - 2024)

Vertical scaling of Docker hosts and introduction of the monitoring stack.

Service Stack:
- Deployed the *arr suite (Sonarr, Radarr, etc.) and Jellyfin with hardware mapping (3d7f143).
- Integrated Paperless-ngx with Redis and Tika consumption (3f88065).
- Self-hosted Gitea and GitLab (later removed) for source control.
Observability V1:
- Deployed Prometheus and Grafana stack (b3ae5ef).
- Added Node Exporter and SmartCTL Exporter (0a361d9) to bare metal hosts.
- Implemented Uptime Kuma for external availability monitoring.
Reverse Proxy:
- Transitioned ingress from Traefik v2 to Nginx Proxy Manager, then to Caddy for simpler configuration management (a9af3c7, 1a1b8cb).

Phase 1: Genesis & Networking (Late 2022)

Initial infrastructure bring-up.

Base Configuration:
- Established Ansible role structure for baseline system hardening (SSH, users, packages).
- Configured Wireguard mesh for secure inter-node communication (2ba4259).
- Set up Backblaze B2 offsite backups via Restic/Rclone (b371e24).
Network:
- Experimented with macvlan Docker networks for direct container IP assignment.

4.0 KiB Raw Permalink Blame History