/// INFRASTRUCTURE OVERVIEW ///
FLEETCOMMAND
kubeadm cluster — homelab — colorado
4 Nodes
21 Services
2.7TB Storage
UP Cluster
01 — network topology
INTERNET cthegoalie.com CLOUDFLARE DDNS + DNS + CDN Zone: 890b628b... HOME ROUTER 192.168.50.1 Port forwards → 50.100 WIREGUARD VPN 192.168.51.0/24 NodePort/udp HOME LAN 192.168.50.0/24 Flannel CNI Pi-hole DNS CONTROL PLANE fleetcommand 192.168.50.100 ARM64 — RPI WORKER thanatos 192.168.50.101 x86_64 · 1.8TB WORKER nidhoggur 192.168.50.102 x86_64 · 1.8TB WORKER chimera 192.168.50.103 x86_64 · 1.8TB LONGHORN 2× REPLICATION PRIVATE REGISTRY thanatos — NodePort mcp-charlotte · tiaborp-client · ... MONITORING STACK Prometheus / Grafana / Loki
02 — cluster nodes
Control Plane
fleetcommand
192.168.50.100
ARM64 — RASPBERRY PI
roleadmin
rolekubeadm control-plane
disk59GB root
storageLonghorn + toleration
iSCSIopen-iscsi
ONLINE
Worker Node
thanatos
192.168.50.101
x86_64
roleadmin
disk~1.8TB (LVM)
registryprivate (NodePort)
Longhornreplica node
ONLINE
Worker Node
nidhoggur
192.168.50.102
x86_64
roleadmin
disk~1.8TB (LVM)
Longhornreplica node
Kanikobuild node
ONLINE
Worker Node
chimera
192.168.50.103
x86_64
roleadmin
disk~1.8TB (LVM)
Longhornreplica node
FlannelCNI plugins
ONLINE
03 — deployed services
🔒 Networking & Security
WireGuard VPN
Remote access via cthegoalie.com
wireguard
NodePort
Pi-hole
DNS + ad blocking, local resolver
pihole
:53
Private Registry
Container image registry (registry:2)
registry
NodePort
ingress-nginx
L7 proxy, TLS termination
ingress-nginx
:443
🚀 Applications
Tiaborp / Stoat
Chat platform + React client
stoat
:443
Samba
File shares (hostNetwork)
samba
:445
Penpot
Open-source design tool
penpot
NodePort
Made of Velvet
Static site (nginx, cached)
madeofvelvet
:443
🎮 Game Servers
Necesse
Survival game server (UDP)
necesse
NodePort
Project Zomboid
Survival horror server
game-servers
NodePort
Stoneblock
Minecraft modded server
game-servers
NodePort
Hytale
Game server
game-servers
NodePort
04 — storage & networking
💾 Longhorn Distributed Storage
CLUSTER USAGE (estimated) ~45% of 2.7TB usable
thanatos
1.8TB
raw LVM
nidhoggur
1.8TB
raw LVM
chimera
1.8TB
raw LVM
⟳ 2× REPLICATION — survives 1 node failure
storageClass longhorn
provisioning thin — dynamic PVCs
iSCSI open-iscsi on all nodes
expansion online ↑ only (no shrink)
registry PVC 50Gi — thanatos (NodePort)
🌐 Network Configuration
home subnet 192.168.50.0/24
vpn subnet 192.168.51.0/24
router 192.168.50.1
CNI Flannel
DNS Pi-hole @ 192.168.50.100:53
DDNS cthegoalie.com → Cloudflare
NodePort range 30000–32767
Samba hostNetwork:true — port 445
workstation Omarchy (Arch) — Wayland
VPN client WireGuard — 192.168.51.x
🌍 External Domains
💬
chat.tiaborp.com
Stoat production chat — ingress-nginx → stoat/web
🧪
experimental.tiaborp.com
React client (tiaborp-client) — CNAME → chat.tiaborp.com
🔒
cthegoalie.com (NodePort)
WireGuard VPN endpoint (UDP)
05 — mcp servers & monitoring
🤖 Cluster-Hosted MCP Servers
namespace: mcp — all images in private registry
kubernetes-mcp
Kubernetes cluster operations
NodePort
📁
filesystem-mcp
Obsidian vault via git-sync (Cthegoalie/obsidian-vault)
NodePort
🌐
charlotte-mcp
Web browsing via Puppeteer + supergateway
NodePort
BUILD SYSTEM
Kaniko in-cluster builds → push to private registry (NodePort)
Triggered via cluster/services/registry/kaniko/build.sh
Worker nodes run jobs (x86_64, more disk than Pi)
📊 Monitoring Stack
Prometheus
Metrics collection & alerting
monitoring
Grafana
Dashboards & visualization
monitoring
Loki
Log aggregation & querying
monitoring
Kubernetes Dashboard
Token-based cluster UI
kubernetes-dashboard
🔑 Secrets Architecture
Passwords via secretKeyRef — NOT in YAML
Single source of truth: secrets-backup.sh
In .gitignore — never committed
Services: necesse · pihole · wireguard · penpot
Control Plane
Worker Nodes
MCP / AI
Registry / Build
Game Servers
Monitoring
kubeadm · flannel CNI · longhorn · 192.168.50.0/24