Core components overview

• Authelia IdP: Authentication and authorization, provides SSO and OIDC

  • LLDAP: User directory, only used by Authelia

• Cilium: Internal Kubernetes networking plugin.

• cert-manager: Creates SSL certificates for services in the Kubernetes cluster.

• external-secrets: Managed Kubernetes secrets.

• Gitea internal Git server: Cluster internal Git server.

• ingress-nginx: Ingress controller to expose HTTP traffic to pods over DNS.

• OpenEBS is used to provision local volumes via the storage class openebs-hostpath.

• Rook Ceph is used to provide the default storage.

• SOPS: Managed secrets for Kubernetes, Ansible and Terraform which are committed to Git.

• Vault: Cluster internal secrets store.

• VolSync: Regular backups via Restic into S3 storage. During bootstrap the volumes are restored from these backups.