Infrastructure Overview
Overview of the infrastructure components that support the RCIIS DevOps platform.
| Component |
Purpose |
| Kubernetes |
Container orchestration |
| Talos Linux |
Immutable OS for Kubernetes (SQAT/testing/prod) |
| Proxmox VE |
Virtualization platform for Talos clusters |
| Kind |
Local development clusters |
| OpenTofu/Terraform |
Infrastructure provisioning |
Infrastructure Components by Category
Networking
| Component |
Purpose |
| Cilium |
eBPF-based CNI with network policies |
| MetalLB |
LoadBalancer for bare-metal clusters |
| CoreDNS |
Cluster DNS resolution |
| Ingress-NGINX |
External traffic routing |
Certificates
| Component |
Purpose |
| Cert-Manager |
Automated TLS certificate provisioning |
| Let's Encrypt |
Free SSL/TLS certificates |
GitOps & Deployment
| Component |
Purpose |
| ArgoCD |
Continuous deployment and GitOps |
| Argo Rollouts |
Progressive delivery and canary deployments |
| Helm |
Package management |
| Kustomize |
Configuration customization |
Storage
| Component |
Purpose |
| OpenEBS |
Local dynamic volume provisioning |
| Rook-Ceph |
Distributed storage for SQAT/prod |
| CloudNative PG |
PostgreSQL operator |
| Snapshot Controller |
CSI VolumeSnapshots |
Object Storage
| Component |
Purpose |
| MinIO Operator |
S3-compatible storage operator |
| MinIO Tenant |
Application object storage |
Observability
| Component |
Purpose |
| Prometheus |
Metrics collection and alerting |
| Grafana |
Visualization and dashboards |
| Loki |
Log aggregation |
| Fluent-bit |
Log shipping |
| Blackbox Exporter |
Probe-based monitoring |
| SNMP Exporter |
Network device metrics |
| Cilium Hubble |
Network observability |
Backup & Recovery
| Component |
Purpose |
| Velero |
Cluster backup and restore |
Optimization
| Component |
Purpose |
| Descheduler |
Pod rebalancing |
| Goldilocks |
Resource recommendations |
Identity & Access
| Component |
Purpose |
| Keycloak |
Identity provider and SSO |
| SOPS + Age |
Secret encryption |
Architecture Patterns
High Availability
- Multi-replica deployments
- Load balancing and failover
- Health checks and self-healing
Security
- Defense in depth
- Principle of least privilege
- Encryption at rest and in transit
- Network policies with Cilium
For detailed information about specific components, refer to the individual infrastructure documentation sections.