Platform Architecture¶
How the Minnova Platform is built and why it works.
Design Principles¶
1. GitOps Everything¶
Every change flows through Git. No manual kubectl commands, no clicking in dashboards.
Developer pushes code → ArgoCD detects change → Kubernetes applies update
Benefits:
- Full audit trail of every change
- Easy rollbacks (just revert the commit)
- Environment consistency guaranteed
2. Cloud Agnostic¶
The platform runs on any Kubernetes cluster:
| Cloud | Supported |
|---|---|
| Hetzner (K3s) | Production-tested |
| AWS (EKS) | Supported |
| GCP (GKE) | Supported |
| Azure (AKS) | Supported |
| Bare metal | Supported |
Same components, same workflows, regardless of where you deploy.
3. Batteries Included¶
Everything you need for production from day one:
Platform/
├── Networking → Traefik (ingress, TLS, routing)
├── GitOps → ArgoCD (deployments from Git)
├── Database → CloudNative-PG (Postgres with backups)
├── Monitoring → Prometheus + Grafana + Loki
├── Identity → Authentik (SSO, user management)
├── Security → CrowdSec (threat detection)
└── Secrets → SOPS (encrypted in Git)
Architecture Overview¶
flowchart TB
subgraph Internet
Users[Users]
end
subgraph Cloudflare[Cloudflare Edge]
DDoS[DDoS Protection]
CDN[CDN]
ZeroTrust[Zero Trust]
end
subgraph K8s[Kubernetes Cluster]
subgraph Platform[Platform Layer]
Traefik[Traefik<br/>Ingress]
ArgoCD[ArgoCD<br/>GitOps]
Authentik[Authentik<br/>Identity/SSO]
end
subgraph Apps[Your Applications]
App1[App 1]
App2[App 2]
AppN[App N]
end
subgraph Data[Data Layer]
CNPG[CloudNative-PG<br/>PostgreSQL + Backups]
end
subgraph Observability[Observability]
Prometheus[Prometheus]
Loki[Loki]
Grafana[Grafana]
end
end
Users --> DDoS --> Traefik
Traefik --> App1 & App2 & AppN
App1 & App2 & AppN --> CNPG
App1 & App2 & AppN --> Prometheus
App1 & App2 & AppN --> Loki
ArgoCD -.->|deploys| AppsComponent Details¶
Networking Layer¶
Traefik handles all incoming traffic:
- Automatic TLS certificates via Let's Encrypt
- Path and host-based routing
- Rate limiting and middleware
- WebSocket support
Cloudflare provides edge protection:
- DDoS mitigation
- Zero Trust access (optional)
- Global CDN for static assets
Application Layer¶
ArgoCD manages deployments:
- Watches Git repos for changes
- Applies Kubernetes manifests automatically
- Drift detection and self-healing
- Multi-environment support
Image Updater handles container images:
- Detects new image tags/digests
- Updates deployments automatically
- Supports semantic versioning
Data Layer¶
CloudNative-PG provides PostgreSQL:
- High availability with automatic failover
- Point-in-time recovery
- Scheduled backups to S3/R2
- Connection pooling (PgBouncer)
Observability Layer¶
Prometheus collects metrics:
- Application and infrastructure metrics
- Custom dashboards per app
- Alerting rules
Loki aggregates logs:
- Centralized log storage
- Label-based querying
- Integrated with Grafana
Grafana provides visualization:
- Pre-built dashboards
- Custom dashboards per team
- Alert management UI
Security Layer¶
Authentik manages identity:
- Single Sign-On (OIDC, SAML)
- User provisioning
- Multi-factor authentication
CrowdSec detects threats:
- Behavioral analysis
- Community threat intelligence
- Automatic IP blocking
SOPS handles secrets:
- Encrypted at rest in Git
- Decrypted at deploy time
- Age or cloud KMS keys
Deployment Models¶
Self-Hosted¶
You run the platform on your infrastructure:
- Full control and ownership
- We provide setup and documentation
- Optional ongoing support
Minnova-Managed¶
We run the platform for you:
- Hosted on Minnova infrastructure
- 24/7 monitoring and incident response
- Updates and security patches included
Hybrid¶
Your apps on your cluster, platform support from us:
- Best of both worlds
- You own the infrastructure
- We handle platform operations
Getting Started¶
- Choose your cloud - Where do you want to run?
- Provision cluster - We help you set up Kubernetes
- Deploy platform - ArgoCD bootstraps everything
- Deploy your apps - Push to Git, watch them go live
Contact us to get started.