DevOps - Kubernetes
Syphe IT DevOps Manual
DevOps Architecture & Operations Manual
Syphe IT Hybrid Cluster Management & Deployment Standards
01 Infrastructure Overview
The architecture is a Hybrid-Cloud Kubernetes Cluster utilizing a split-plane design to balance local control with cloud scalability.
- Control Plane (Master Node): On-premises iMac running Ubuntu 24.04 LTS.
- Data Plane (Worker Node): Oracle Cloud Infrastructure (OCI) Compute Instance (Ubuntu 24.04).
- Network Bridge: FortiWifi 60E Site-to-Site SSL VPN providing a transparent Layer 3 link between the local subnet and OCI VCN.
Hybrid Infrastructure Topology
02 Containerized Workloads (The Service Stack)
The cluster hosts three mission-critical services, all scheduled to run on the OCI Worker Node for maximum public availability.
| Service | Container Image | Description |
|---|---|---|
| Syphe Website | ord.ocir.io/.../syphewebsite:latest |
Custom Nginx-based frontend for corporate presence. |
| Nextcloud | nextcloud:latest |
Private cloud storage and collaboration suite. |
| OnlyOffice | onlyoffice/documentserver:latest |
Real-time document editing integrated with Nextcloud. |
03 DevOps Workflow: The CI/CD Pipeline
The deployment lifecycle follows a "Build-Push-Pull" methodology to ensure code integrity and minimal downtime.
Code is updated on the Development Laptop. Files are synchronized to the iMac Build Station via rsync or scp. Target Directory:
/home/k8s_master/syphewebsitefiles/Syphe/Docker on the Master Node packages the source code into a standardized image. Tagged with
:latest or semantic versions. docker build -t ord.ocir.io/[tenancy]/syphewebsite:latest .The Master Node authenticates with OCIR. The image is pushed to the cloud-native registry, acting as the "Single Source of Truth."
Kubernetes Master updates the Deployment manifest. Kubelet on the OCI Worker receives the instruction. Containerd pulls the layers. Zero-Downtime Rollout performed.
Automated CI/CD Lifecycle
04 Operational Maintenance & Security
Security Standards
- Perimeter: FortiWifi 60E provides Deep Packet Inspection (DPI) for all VPN traffic.
- Secrets: Sensitive data stored as Kubernetes Secrets (Base64 encoded), never hard-coded in YAML.
- Networking: Calico CNI manages internal Pod-to-Pod communication.
Health & Monitoring
- Kubelet Integrity: iMac Master continuously monitors the OCI Worker via VPN.
- Self-Healing: Kubernetes automatically restarts crashed pods (e.g., OnlyOffice) within seconds.
- Image Integrity:
imagePullPolicy: Alwaysensures no stale code is run.
5. Disaster Recovery Summary
Master Failure: YAML manifests backed up in
/home/k8s_master/backups/.Worker Failure: Provision new OCI instance and
kubeadm join via VPN.Registry Failure: Local Docker image copies cached on iMac as secondary backup.