il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ilnmors-homelab/docs/adr/001-architecture.md
il a7365da431 1.0.0 Release IaaS
2026-03-15 04:41:02 +09:00

2.2 KiB
Raw Permalink Blame History

ADR 001 - Architecture

Date

  • Feb/23/2026
    • First documentation
  • Mar/4/2026
    • Refining sentences

Status

  • Accepted

Context

  • Maintaining multi nodes requires a huge amount of resources, including hardware, electricity, even administrative efforts
  • All units which responsible for a single role should follow the Principle of Least Privilege (PoLP).
  • All units should be interchangeable on standard to avoid vendor lock-in.

Consideration

Hypervisor

  • Proxmox Virutal Environment (PVE)
    • Based on Debian.
    • PVE uses qm command which is not a standard to implement the virtual environment.
  • VMware ESXi
    • Based on UNIX, deveoped by VMware (Licence is not free)
  • Hyper-V
    • Based on Microsoft Windows (Licence is not free)
  • Debian Stable
    • Based on standard linux (conservative)
    • Standard virtualization technology 'Libvirt, QEMU, KVM'

Container

  • Docker
    • Daemon is used to run containers
    • Root authority required
    • Socket and network problem is complex (Docker bridge)
    • docker-compose is an orchestration tool
  • Rootless Podman
    • Daemonless design
    • Root authority not required
    • Orchestration is integrated into systemd
    • PASTA dumps packet via host-gateway
  • K8S, K3S
    • HA is based on reprovisioning
    • Guarantee availability to create and destroy node dynamically

IaC

  • Terraform
    • Strength for initiating low-level and dynamic multi node environment
  • Ansible
    • Declaritive and easy yaml grammar
    • SSH is the way to set

Decisions

  • Use Libvirt/KVM/QEMU on pure linux (Debian stable).
  • Separate all services by VM, and podman rootless containers without K3S.
    • Orchestration stack is not needed in single node system
    • Services will be defined by Quadelt to integrate into systemd and to manage them declaratively
    • IaC will be implemented by Ansible only declaratively
  • All VMs and services are isolated logically by VLAN and nftables

Consequences

  • All VMs have independent borderline by VLAN and nftables
  • All services have independent namespaces by podman subuid without daemon
  • Ansible can manage all configurations of services and VMs declaratively
Reference in New Issue View Git Blame Copy Permalink