🦆
THE POND

The Architecture

A high-availability K3s cluster leveraging a zero-trust perimeter, declarative infrastructure, and message-driven microservices.

System Architecture Diagram

Zero-Trust Edge

Cloudflare tunnels route traffic through Traefik, which delegates all authentication checks to the Authelia SSO mesh before hitting internal services.

Event-Driven Core

Microservices write state and telemetry to Kafka topics, decoupling producers from consumers and enabling replayable, resilient event sourcing.

Declarative State

The entire stack—namespaces, persistent volumes, networking policies, and deployment artifacts—is managed exclusively via Terraform automation.