diff --git a/README.md b/README.md
index 2ed4cd4..0a94ece 100644
--- a/README.md
+++ b/README.md
@@ -14,46 +14,45 @@ A production-grade homelab running on bare-metal Proxmox, with a 17-node Kuberne
 ```mermaid
 graph TB
     subgraph ext[" External"]
-        CF["Cloudflare\nCDN + DNS"]
+        CF["Cloudflare CDN"]
         Admin["Remote Admin"]
     end
 
     subgraph vps["Edge VPS"]
-        WG["WireGuard\nVPN Gateway"]
-        TraefikVPS["Traefik\nReverse Proxy"]
-        Pangolin["Pangolin\nTunnel Server"]
+        WG["WireGuard VPN Gateway"]
+        TraefikVPS["Traefik"]
+        Pangolin["Pangolin Tunnel Server"]
     end
 
     subgraph proxmox["Proxmox Cluster — 5 physical nodes"]
-        subgraph cp["Control Plane  ×3  (HA etcd)"]
+        subgraph cp["Control Plane x3  —  HA etcd + kube-vip"]
             S["k3s-server"]
         end
-        LB["nginx\nLoad Balancer"]
-        subgraph workers["Worker Nodes  ×14"]
+        subgraph workers["Worker Nodes x14"]
             W["k3s-agent"]
         end
-        DH["docker-host\nIntel QuickSync GPU"]
-        NFS["NFS Server\nDedicated storage node"]
+        DH["docker-host — Intel QuickSync GPU"]
+        NFS["NFS Server — dedicated storage node"]
     end
 
     subgraph k8s["Kubernetes"]
-        subgraph platform["Platform layer"]
+        subgraph platform["Platform"]
             direction LR
-            MetalLB["MetalLB"]
-            Traefik["Traefik"]
-            Longhorn["Longhorn"]
-            ArgoCD["ArgoCD"]
-            Prometheus["Prometheus\n+ Grafana"]
-            ECK["Elastic Stack\n(ECK)"]
-            Istio["Istio\nAmbient"]
+            MetalLB
+            Traefik
+            Longhorn
+            ArgoCD
+            Prometheus
+            ECK["Elastic Stack"]
+            Istio["Istio Ambient"]
         end
         subgraph apps["Applications"]
             direction LR
-            Immich["Immich"]
+            Immich
             VW["Vaultwarden"]
             HA["Home Assistant"]
-            Media["Arr Stack\n+ Jellyfin"]
-            Other["Paperless · N8n\nNtfy · Gitea · …"]
+            Media["Arr Stack + Jellyfin"]
+            Other["Paperless, N8n, Ntfy ..."]
         end
     end
 
@@ -62,11 +61,10 @@ graph TB
     CF -->|Cloudflare tunnel| k8s
     TraefikVPS --> Pangolin
     Pangolin -->|Newt client| k8s
-    LB --> cp
     cp --- workers
     workers --- Longhorn
     NFS -->|NFS mount| Media
-    DH -->|Jellyfin\nDocker| Media
+    DH -->|Docker| Media
 ```
 
 ---
@@ -78,12 +76,11 @@ graph TB
 | Physical | `aya01` | Proxmox node + NFS server | Dedicated storage — no VMs |
 | Physical | `lulu` | Proxmox node | k3s agents |
 | Physical | `inko01` | Proxmox node | k3s server + agents + docker host |
-| Physical | `naruto01` | Proxmox node | k3s server + agents + LB |
+| Physical | `naruto01` | Proxmox node | k3s server + agents |
 | Physical | `mii01` | Proxmox node | k3s server + agents |
-| VM | `k3s-server-{10,11,12}` | K3s control plane (HA etcd) | 2 vCPU · 4 GB RAM · 64 GB |
+| VM | `k3s-server-{10,11,12}` | K3s control plane (HA etcd + kube-vip VIP) | 2 vCPU · 4 GB RAM · 64 GB |
 | VM | `k3s-agent-{10…23}` | K3s worker nodes ×14 | 2 vCPU · 4 GB RAM · 128 GB |
 | VM | `docker-host11` | Docker host w/ GPU passthrough | 2 vCPU · 4 GB RAM · 192 GB · Intel QuickSync |
-| VM | `k3s-loadbalancer` | nginx LB fronting control plane | 1 vCPU · 2 GB RAM |
 | VM | `docker-lb` | Caddy reverse proxy (LAN only) | 1 vCPU · 2 GB RAM |
 | VPS | `mii` | Edge node (Netcup) | WireGuard · Traefik · Pangolin |
 
@@ -97,6 +94,7 @@ All VMs run **Debian 12** on `virtio` network bridges, provisioned from cloud-in
 |-----------|-------------|---------|
 | **ArgoCD** | Helm (App-of-Apps) | GitOps CD — all cluster state driven from Git |
 | **ArgoCD Image Updater** | Helm | Watches registries, commits updated image tags back to Git |
+| **kube-vip** | DaemonSet on control plane | HA VIP for the K8s API server |
 | **Traefik** | k3s built-in | Ingress controller, fronted by MetalLB |
 | **MetalLB** | Helm (ArgoCD) | Bare-metal load balancer, assigns IPs from reserved pool |
 | **Cert-Manager** | Helm (ArgoCD) | Automated TLS via Let's Encrypt DNS-01 (Cloudflare API) |
@@ -130,7 +128,7 @@ All VMs run **Debian 12** on `virtio` network bridges, provisioned from cloud-in
 | **Gitea Runner** | CI/CD runner | – |
 | **Zeroclaw** | Per-user instances (×3) via Kustomize overlays | – |
 | **Arr Stack** | Media automation suite | Prowlarr · Sonarr · Radarr · Unpackarr |
-| **qBittorrent** | Torrent clients (×2) | Gluetun VPN sidecar · ProtonVPN |
+| **qBittorrent** | Torrent clients (×2) with VPN isolation | Gluetun sidecar |
 | **Jellyfin** | Media server with hardware transcoding | Docker · Intel QuickSync |
 
 ---
@@ -159,8 +157,7 @@ ansible-homelab/          # Ansible roles + playbooks for all VM provisioning
 │   ├── common/           # Base OS config, SSH hardening, node-exporter
 │   ├── k3s_server/       # HA control plane install + taint config
 │   ├── k3s_agent/        # Worker node install
-│   ├── k3s_loadbalancer/ # nginx LB config
-│   ├── kube_vip/         # VIP setup
+│   ├── kube_vip/         # HA VIP (kube-vip DaemonSet on control plane nodes)
 │   ├── docker_host/      # Docker + GPU passthrough
 │   ├── proxmox/          # Proxmox node config
 │   └── edge_vps/         # VPS services (WireGuard, Traefik, Pangolin)