The address plan and naming
A small, boring, consistent address plan saves you a surprising amount of grief. Here's the whole thing.
Network: 10.100.100.0/24, private, no internet-facing addresses.
| Address | Role |
|---|---|
10.100.100.1 |
pfSense — the gateway/router for the subnet |
10.100.100.254 |
Jump host (bastion) |
10.100.100.2–.6 |
Core services (Git, Docs, Monitoring, Loki, Registry) |
10.100.100.7 |
Kubernetes control plane (master) |
10.100.100.8–.10 |
Kubernetes workers |
10.100.100.11 |
CI build runner |
10.100.100.12 |
NFS storage server |
10.100.100.13–.15 |
Databases (PostgreSQL / MariaDB / MySQL) |
10.100.100.100–.110 |
MetalLB pool (LoadBalancer service IPs) |
A handy convention: every VM's last octet is its Proxmox VM ID minus 100. So VM ID 107 is 10.100.100.7, 112 is .12, 115 is .15, and so on. It sounds trivial, but being able to look at a VM ID and know its IP (and vice-versa) removes a whole category of "wait, which box is this?" moments.
Names: public services are something.example.com (e.g. git.example.com, registry.example.com, kong-admin.example.com) and all resolve to the gateway's public IP, where HAProxy sorts out which backend they belong to. Internally, machines just use their hostnames (GIT-Server, K8s-Master, MySQL-Server, and so on).
No comments to display
No comments to display