💾 STORAGE & DATA

Persistent Everything

Distributed block storage, S3-compatible object storage, enterprise container registry, and operator-managed databases — all on your own hardware.

STORAGE ARCHITECTURE

Block Storage

Longhorn

3-way replicated distributed volumes. Auto-provisioned via StorageClass. Snapshots + backup to S3.

Object Storage

Garage

S3-compatible API for backups, logs, and large files. Self-hosted, no egress fees.

Container Registry

Harbor

Trivy vulnerability scanning, OIDC auth, image signing, replication policies.

Backup

Velero

Cluster-wide backup and disaster recovery. Scheduled snapshots to S3.

Longhorn Replication

Every volume is replicated across 3 nodes. Lost a node? Your data is still available on the other two.

graph TD
  PVC["PersistentVolumeClaim"]:::pvc
  CSI["Longhorn CSI Driver
Dynamic provisioning"]:::csi
  R1["Replica 1
worker-103"]:::replica
  R2["Replica 2
worker-104"]:::replica
  R3["Replica 3
controlplane-102"]:::replica
  SNAP["Scheduled Snapshots"]:::snapshot
  S3["Garage S3
Offsite backup"]:::s3

  PVC --> CSI
  CSI --> R1
  CSI --> R2
  CSI --> R3
  R1 --> SNAP
  R2 --> SNAP
  R3 --> SNAP
  SNAP --> S3

  classDef pvc fill:#1e293b,stroke:#e2e8f0,color:#e2e8f0,stroke-width:2px
  classDef csi fill:#2e1a47,stroke:#a78bfa,color:#c4b5fd,stroke-width:2px
  classDef replica fill:#14332a,stroke:#4ade80,color:#86efac,stroke-width:2px
  classDef snapshot fill:#2e2a0e,stroke:#facc15,color:#fde68a,stroke-width:2px
  classDef s3 fill:#0e3a3a,stroke:#06b6d4,color:#67e8f9,stroke-width:2px

Harbor Registry Pipeline

Push → Scan → Sign → Deploy. Every image goes through vulnerability assessment before it runs.

Push

docker push harbor.apps.edgeprime.io/...

→↓

Scan

Trivy vulnerability scanner

→↓

Sign

Image signature verification

→↓

Deploy

ArgoCD pulls from Harbor

Storage Components

Longhorn

production

Cloud-native distributed block storage with 3-way replication, snapshots, and backups.

Role: Primary storage class for all stateful workloads with automatic replication

Harbor

production

Enterprise container registry with vulnerability scanning, image signing, and RBAC.

Role: Private registry with Trivy scanning, OIDC auth, and replication policies

Garage

production

S3-compatible distributed object storage designed for self-hosted deployments.

Role: Cost-effective object storage for backups, logs, and unstructured data

Velero

deployed

Kubernetes backup and disaster recovery tool with snapshot and restore capabilities.

Role: Cluster-wide backup to S3 with scheduled policies

🗄️ Databases & Messaging

Managed PostgreSQL, Redis-compatible cache, distributed KV store, Kafka streaming, and multi-model databases.

CloudNativePG

production

Kubernetes operator for PostgreSQL with HA clustering, automated failover, and point-in-time recovery.

Role: Manages PostgreSQL clusters for 5+ applications (Keycloak, Backstage, Matomo, etc.)

Dragonfly

production

Redis-compatible in-memory data store with superior performance through modern algorithms.

Role: High-performance caching layer replacing Redis

Strimzi (Apache Kafka)

production

Kubernetes operator for Apache Kafka with native CRD-based management.

Role: Event streaming platform for asynchronous communication

TiKV

production

Distributed transactional key-value store with ACID transactions and Raft consensus.

Role: Backend storage engine for SurrealDB with strong consistency

SurrealDB

production

Multi-model database supporting document, graph, and key-value data models.

Role: Flexible database for applications needing graph + document queries

Qdrant

production

Vector database for similarity search, powering semantic search and AI applications.

Role: Vector embeddings store for AI/ML workloads

← BACK TO FULL STACK