Network Overview

Environment is segmented into 4 VLANs serving client devices, internal and external services as well as internet connected "things". Ubiquity Unifi wireless access points, core "8-port" and distribution "16-port" switches make up the internal network infrastructure. OPNsense handles secure gateway and routing.

Services

Core services, like remote access, DNS and DHCP operate from the network gateway. Ad-blocking is handled by PiHole. Unbound DNS with blocklists on OPNsense is configured as a secondary.

A three node Proxmox cluster handles compute environments for applications and observability tooling. K3s, Docker and standalone virtual machines are the major technologies used to operate the compute layer.

Traefik, a lightweight application proxy is used to load balance services as a Docker container and as the ingress provider for K3s.

Network and system logs are centrally collected through Vector to an OpenSerach cluster.

Architecture Diagram