Migrated development and production workloads from public cloud VM instances to a colocated bare-metal HCI cluster, significantly reducing operational costs without sacrificing reliability or developer experience.
HCI Layer
The compute and storage layer uses Proxmox VE for virtualization and Ceph for distributed block/object storage. Ceph replication across nodes provides fault tolerance without relying on cloud-managed storage.
Kubernetes on Bare Metal
Self-managed Kubernetes clusters run on top of the HCI layer. Traefik handles ingress routing; ArgoCD drives GitOps-based continuous delivery, ensuring the cluster state always matches what is declared in Git.
GitOps Workflow
All infrastructure changes flow through GitLab CI pipelines. Ansible playbooks managed via Semaphore handle provisioning and configuration drift correction. The pipeline includes integrated vulnerability scanning with Grype and automated release tagging.
Cost Impact
Migrating from cloud VM subscriptions to bare-metal Kubernetes reduced infrastructure costs substantially. A secondary optimization involved transitioning public IPv4 subscriptions to IPv6-native networking with Cloud NAT (NAT64/NAT44), eliminating per-IP charges while maintaining full internet reachability.
Security
HashiCorp Vault centralizes secrets management. CrowdSec operates as a distributed IPS layer, and OS-level plus edge cloud firewalls enforce perimeter security. A multiprotocol VPN server restricts access to critical management interfaces.