Michael DiLeo
7327d77dcd
Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
163 lines
5.8 KiB
Plaintext
163 lines
5.8 KiB
Plaintext
graph TB
|
|
%% External Users and Services
|
|
subgraph "Internet"
|
|
User[👤 Users]
|
|
Dev[👨💻 Developers with Tailscale]
|
|
end
|
|
|
|
%% Cloudflare Infrastructure
|
|
subgraph "Cloudflare Infrastructure"
|
|
subgraph "Cloudflare Edge"
|
|
CDN[🌐 Cloudflare CDN<br/>Global Edge Network]
|
|
ZT[🔒 Zero Trust Tunnels<br/>Secure Gateway]
|
|
end
|
|
|
|
subgraph "CDN Endpoints"
|
|
CDN_PX[📸 pm.keyboardvagabond.com<br/>Pixelfed CDN]
|
|
CDN_PF[📋 pfm.keyboardvagabond.com<br/>PieFed CDN]
|
|
CDN_M[🐦 mm.keyboardvagabond.com<br/>Mastodon CDN]
|
|
end
|
|
|
|
subgraph "Zero Trust Domains"
|
|
ZT_AUTH[🔐 auth.keyboardvagabond.com<br/>Authentik SSO]
|
|
ZT_REG[📦 <YOUR_REGISTRY_URL><br/>Harbor Registry]
|
|
ZT_OBS[📊 obs.keyboardvagabond.com<br/>OpenObserve]
|
|
ZT_MAST[🐦 mastodon.keyboardvagabond.com<br/>Mastodon Web]
|
|
ZT_STREAM[📡 streamingmastodon.keyboardvagabond.com<br/>Mastodon Streaming]
|
|
ZT_PX[📸 pixelfed.keyboardvagabond.com<br/>Pixelfed]
|
|
ZT_PF[📋 piefed.keyboardvagabond.com<br/>PieFed]
|
|
ZT_PIC[🖼️ picsur.keyboardvagabond.com<br/>Picsur]
|
|
end
|
|
end
|
|
|
|
%% Tailscale Infrastructure
|
|
subgraph "Tailscale Network (100.64.0.0/10)"
|
|
TS_CONTROL[🎛️ Tailscale Control Plane<br/>tailscale.com]
|
|
TS_CLIENT[💻 Client IP: <TAILSCALE_CLIENT_IP><br/>kubectl context]
|
|
end
|
|
|
|
%% Backblaze B2 Storage
|
|
subgraph "Backblaze B2 Storage"
|
|
B2_PX[📦 pixelfed-bucket]
|
|
B2_PF[📦 piefed-bucket]
|
|
B2_M[📦 mastodon-bucket]
|
|
B2_BACKUP[💾 Longhorn Backups]
|
|
end
|
|
|
|
%% NetCup Cloud Infrastructure
|
|
subgraph "NetCup Cloud - VLAN 1004963 (10.132.0.0/24)"
|
|
subgraph "Node n1 (<NODE_1_EXTERNAL_IP>)"
|
|
subgraph "Control Plane + Worker"
|
|
API[🎯 Kubernetes API<br/>:6443]
|
|
TALOS1[⚙️ Talos API<br/>:50000/50001]
|
|
|
|
subgraph "Infrastructure Pods"
|
|
NGINX[🌐 NGINX Ingress<br/>hostNetwork mode]
|
|
CILIUM1[🛡️ Cilium CNI<br/>Host Firewall]
|
|
LONGHORN1[💽 Longhorn Storage]
|
|
CLOUDFLARED[☁️ Cloudflared<br/>Zero Trust Client]
|
|
TS_ROUTER[🔗 Tailscale Subnet Router<br/>keyboardvagabond-cluster]
|
|
end
|
|
|
|
subgraph "Application Pods"
|
|
POSTGRES[🗄️ PostgreSQL Cluster<br/>CloudNativePG]
|
|
REDIS[📋 Redis]
|
|
HARBOR[📦 Harbor Registry]
|
|
OPENOBS[📊 OpenObserve]
|
|
AUTHENTIK[🔐 Authentik SSO]
|
|
end
|
|
end
|
|
end
|
|
|
|
subgraph "Node n2 (<NODE_2_EXTERNAL_IP>)"
|
|
subgraph "Worker Node"
|
|
TALOS2[⚙️ Talos API<br/>:50000/50001]
|
|
|
|
subgraph "Infrastructure Pods n2"
|
|
CILIUM2[🛡️ Cilium CNI<br/>Host Firewall]
|
|
LONGHORN2[💽 Longhorn Storage<br/>2-replica]
|
|
end
|
|
|
|
subgraph "Application Pods n2"
|
|
MASTODON[🐦 Mastodon]
|
|
PIXELFED[📸 Pixelfed]
|
|
PIEFED[📋 PieFed]
|
|
PICSUR[🖼️ Picsur]
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
%% Connections - External User Access
|
|
User --> CDN
|
|
User --> ZT
|
|
|
|
%% CDN to Storage
|
|
CDN_PX --> B2_PX
|
|
CDN_PF --> B2_PF
|
|
CDN_M --> B2_M
|
|
|
|
%% Zero Trust Tunnels (Secure)
|
|
ZT_AUTH -.->|"🔒 Secure Tunnel"| AUTHENTIK
|
|
ZT_REG -.->|"🔒 Secure Tunnel"| HARBOR
|
|
ZT_OBS -.->|"🔒 Secure Tunnel"| OPENOBS
|
|
ZT_MAST -.->|"🔒 Secure Tunnel"| MASTODON
|
|
ZT_STREAM -.->|"🔒 Secure Tunnel"| MASTODON
|
|
ZT_PX -.->|"🔒 Secure Tunnel"| PIXELFED
|
|
ZT_PF -.->|"🔒 Secure Tunnel"| PIEFED
|
|
ZT_PIC -.->|"🔒 Secure Tunnel"| PICSUR
|
|
|
|
%% Tailscale Connections
|
|
Dev --> TS_CONTROL
|
|
TS_CLIENT --> TS_CONTROL
|
|
TS_CONTROL -.->|"🔗 Mesh VPN"| TS_ROUTER
|
|
|
|
%% Tailscale Administrative Access
|
|
TS_CLIENT -.->|"🔗 kubectl via <NODE_1_IP>:6443"| API
|
|
TS_CLIENT -.->|"🔗 talosctl"| TALOS1
|
|
TS_CLIENT -.->|"🔗 talosctl"| TALOS2
|
|
|
|
%% Internal Cluster Networking
|
|
NGINX --> MASTODON
|
|
NGINX --> PIXELFED
|
|
NGINX --> PIEFED
|
|
NGINX --> PICSUR
|
|
NGINX --> HARBOR
|
|
NGINX --> OPENOBS
|
|
NGINX --> AUTHENTIK
|
|
|
|
%% Database Connections
|
|
MASTODON --> POSTGRES
|
|
PIXELFED --> POSTGRES
|
|
PIEFED --> POSTGRES
|
|
PICSUR --> POSTGRES
|
|
AUTHENTIK --> POSTGRES
|
|
PIEFED --> REDIS
|
|
|
|
%% Storage Connections
|
|
MASTODON --> B2_M
|
|
PIXELFED --> B2_PX
|
|
PIEFED --> B2_PF
|
|
LONGHORN1 --> B2_BACKUP
|
|
LONGHORN2 --> B2_BACKUP
|
|
|
|
%% Cilium Host Firewall Rules
|
|
CILIUM1 -.->|"🛡️ Firewall Rules"| API
|
|
CILIUM1 -.->|"🛡️ Firewall Rules"| TALOS1
|
|
CILIUM2 -.->|"🛡️ Firewall Rules"| TALOS2
|
|
|
|
%% Network Labels
|
|
classDef external fill:#e1f5fe
|
|
classDef cloudflare fill:#ff9800,color:#fff
|
|
classDef tailscale fill:#4caf50,color:#fff
|
|
classDef secure fill:#f44336,color:#fff
|
|
classDef storage fill:#9c27b0,color:#fff
|
|
classDef node fill:#2196f3,color:#fff
|
|
classDef blocked fill:#757575,color:#fff,stroke-dasharray: 5 5
|
|
|
|
class User,Dev external
|
|
class CDN,ZT,CDN_PX,CDN_PF,CDN_M,ZT_AUTH,ZT_REG,ZT_OBS,ZT_MAST,ZT_STREAM,ZT_PX,ZT_PF,ZT_PIC cloudflare
|
|
class TS_CONTROL,TS_CLIENT,TS_ROUTER tailscale
|
|
class CILIUM1,CILIUM2,API,TALOS1,TALOS2 secure
|
|
class B2_PX,B2_PF,B2_M,B2_BACKUP,LONGHORN1,LONGHORN2 storage
|
|
class NGINX,POSTGRES,REDIS,MASTODON,PIXELFED,PIEFED,PICSUR,HARBOR,OPENOBS,AUTHENTIK,CLOUDFLARED node |