Skip to content

Infrastructure Lab

Project Phases

Phase 1: Local Infrastructure

Provision and harden a Debian LXC container on Proxmox. Deploy a Python application managed by systemd. - Admin Box Setup - ADR-001: Hardening Script

Phase 2: Cloud Architecture

Design an AWS VPC with network segmentation. - Network Architecture - AWS Clickops Deployment

Phase 3: Containerization

Cloud-Native Builds & GHCR - Containerization - ADR-004: Workload Architecture

Phase 4: Infrastructure as Code (IaC)

Transition from manual ClickOps to fully automated, declarative provisioning using OpenTofu. Introduction of a stateful persistence layer. - Infrastructure as Code - ADR-005: Managed Database

Phase 5: Orchestration

Lightweight Kubernetes (K3s) on a Proxmox VM, IaC for Proxmox, and workload orchestration. - ADR-006: Lightweight Kubernetes (K3s) on Proxmox VM - K3s Architecture on Proxmox VM - ADR-007: IaC for Proxmox - Kubernetes

Phase 6: Persistence & Data Ops

Stateful workloads, dynamic provisioning and disaster recovery. - ADR-008: Redis Persistence & DR - Redis & Disaster Recovery

Phase 7: Ingress

Expose the Status API via HTTPS using the built-in Traefik Ingress Controller and automate TLS with cert-manager. - ADR-009: Ingress and Automated TLS - Kubernetes Port-Forwarding: Debugging - ADR-010: DNS-01 Challenge and Cloudflare Delegation

Phase 8: Package Management

Migrate Kubernetes manifests into a Helm chart. - ADR-011: Helm Package Management - ADR-012: Migrate Redis to Helm

Tech Stack

Proxmox · Debian LXC · Bash · systemd · FastAPI · UFW · GitHub Actions · uv · Docker

Quick Start

# 1. Run the hardening script (Creates user, sets up UFW, and fetches GitHub SSH keys)
lxc exec admin-box -- bash /root/setup_me.sh

# 2. SSH into the container using the newly provisioned user
ssh adminsetup@<container-ip>

# 3. Clone the repository and run the automated deployment
git clone https://github.com/Upwind1647/infrastructure-lab.git
cd infrastructure-lab
bash scripts/deploy.sh

# 4. Verify application is running locally via Docker and reachable via UFW
curl localhost:8000