Introduction¶
Welcome to the Skatzi Platform — a cloud-native infrastructure built on Kubernetes, GitOps, and modern DevOps practices, hosted on Hetzner Cloud.
What is Skatzi?¶
Skatzi is a production Kubernetes platform providing a full DevOps environment for development teams. It delivers centralized platform services — identity, secrets, container registry, Git hosting, monitoring and communication — consumed by workload clusters.
The platform runs on Talos OS (immutable, API-driven Kubernetes OS) on Hetzner Cloud (nbg1), managed entirely as code via Flux CD.
Platform Components¶
| Component | Purpose | URL |
|---|---|---|
| Keycloak | Identity & SSO | keycloak.prod.skatzi.com |
| Harbor | Container registry | harbor.prod.skatzi.com |
| Gitea | Git hosting & CI/CD (Act runners) | gitea.prod.skatzi.com |
| Mattermost | Team communication | mattermost.prod.skatzi.com |
| OpenBao | Secrets management (Vault-compatible) | openbao.prod.skatzi.com |
| Prometheus | Metrics & alerting | prometheus.prod.skatzi.com |
| Grafana | Dashboards & observability | grafana.prod.skatzi.com |
| CloudNative-PG | PostgreSQL operator | — |
| Platform Docs | This documentation site | docs.prod.skatzi.com |
Shared Infrastructure¶
- Cilium — eBPF-based CNI with Gateway API support and Hubble observability
- MetalLB — LoadBalancer via Hetzner floating IP
- cert-manager — Automated TLS via Let's Encrypt
- External Secrets Operator — Syncs secrets from OpenBao into Kubernetes
- Flux CD — GitOps reconciliation from this repository
Secrets Architecture¶
Secrets are stored in OpenBao and synced into Kubernetes via External Secrets Operator. Workload clusters authenticate to OpenBao using dedicated AppRoles and read secrets over https://openbao.prod.skatzi.com. Cluster-scoped secrets (e.g. image pull secrets) are distributed to all namespaces automatically via ClusterExternalSecret.
Network Model¶
- External traffic enters via Hetzner floating IP → MetalLB → Gateway API (Cilium)
- TLS terminated at the gateway with a wildcard cert for
*.prod.skatzi.com - Routing defined via HTTPRoute resources per service
Getting Started¶
- 🛠️ Contributing to the platform? → Contribution Guide
- 🔧 Operating the platform? → Operations
- 📐 Understanding the design? → Principles