Services Catalog
Inventory of all services deployed in the fzymgc-house cluster.
Quick Reference
| Service |
URL |
Namespace |
Category |
| Vault |
vault.fzymgc.house |
vault |
Platform |
| Authentik |
auth.fzymgc.house |
authentik |
Platform |
| Grafana |
grafana.fzymgc.house |
grafana |
Platform |
| ArgoCD |
argocd.fzymgc.house |
argocd |
Platform |
| Windmill |
windmill.fzymgc.house |
windmill |
Application |
| Mealie |
mealie.fzymgc.house |
mealie |
Application |
| Longhorn |
longhorn.fzymgc.house |
longhorn-system |
Infrastructure |
| Traefik |
Internal |
traefik |
Infrastructure |
| VictoriaMetrics |
Internal |
prometheus |
Observability |
| Loki |
Internal |
loki |
Observability |
Vault
| Property |
Value |
| URL |
vault.fzymgc.house |
| Alt URLs |
vault-0.fzymgc.house, vault-1.fzymgc.house, vault-2.fzymgc.house |
| Namespace |
vault |
| Ingress Type |
TCP Passthrough (TLS termination at Vault) |
| Auth Method |
OIDC (Authentik) |
| Vault Path |
secret/fzymgc-house/cluster/vault/* |
| Status |
Operational |
Authentik
| Property |
Value |
| URL |
auth.fzymgc.house |
| Namespace |
authentik |
| Ingress Type |
Traefik IngressRoute |
| Auth Method |
Native (IdP) |
| Vault Path |
secret/fzymgc-house/cluster/authentik |
| Status |
Operational |
Grafana
| Property |
Value |
| URL |
grafana.fzymgc.house |
| Namespace |
grafana |
| Ingress Type |
Helm Managed |
| Auth Method |
OIDC (Authentik) |
| Vault Path |
secret/fzymgc-house/cluster/grafana |
| Status |
Operational |
ArgoCD
| Property |
Value |
| URL |
argocd.fzymgc.house |
| Namespace |
argocd |
| Ingress Type |
Helm Managed |
| Auth Method |
OIDC (Authentik) |
| Vault Path |
secret/fzymgc-house/cluster/argocd/* |
| Status |
Operational |
Application Services
Windmill
| Property |
Value |
| URL |
windmill.fzymgc.house |
| Alt URL |
windmill.k8s.fzymgc.house |
| Namespace |
windmill |
| Ingress Type |
Traefik IngressRoute |
| Auth Method |
OIDC (Authentik) |
| Vault Path |
secret/fzymgc-house/cluster/windmill |
| Status |
Operational |
Mealie
| Property |
Value |
| URL |
mealie.fzymgc.house |
| Alt URL |
mealie.k8s.fzymgc.house |
| Namespace |
mealie |
| Ingress Type |
Traefik IngressRoute |
| Auth Method |
Forward-Auth (Authentik) |
| Vault Path |
secret/fzymgc-house/cluster/mealie |
| Status |
Operational |
Infrastructure Services
Traefik
| Property |
Value |
| URL |
Internal only |
| Namespace |
traefik |
| Ingress Type |
N/A (is the ingress controller) |
| Auth Method |
None |
| Ports |
80 (HTTP), 443 (HTTPS) |
| Status |
Operational |
Longhorn
| Property |
Value |
| URL |
longhorn.fzymgc.house |
| Namespace |
longhorn-system |
| Ingress Type |
Traefik IngressRoute |
| Auth Method |
Forward-Auth (Authentik) |
| Status |
Operational |
| Property |
Value |
| URL |
Internal only |
| Namespace |
metallb |
| Ingress Type |
N/A (provides LoadBalancer IPs) |
| Auth Method |
None |
| IP Pools |
192.168.20.145-149, 192.168.20.155-159 |
| Status |
Operational |
cert-manager
| Property |
Value |
| URL |
Internal only |
| Namespace |
cert-manager |
| Ingress Type |
N/A |
| Auth Method |
None |
| Issuers |
Let's Encrypt (production), Self-signed (internal) |
| Status |
Operational |
External Secrets Operator
| Property |
Value |
| URL |
Internal only |
| Namespace |
external-secrets |
| Ingress Type |
N/A |
| Auth Method |
Vault Kubernetes Auth |
| ClusterSecretStore |
vault |
| Status |
Operational |
Cloudflared
| Property |
Value |
| URL |
N/A (outbound tunnel) |
| Namespace |
cloudflared |
| Purpose |
External ingress via Cloudflare Tunnel |
| Status |
Operational |
Observability Services
VictoriaMetrics
| Property |
Value |
| URL |
Internal only |
| Namespace |
prometheus |
| Ingress Type |
None |
| Auth Method |
None |
| Purpose |
Metrics storage (Prometheus-compatible) |
| Status |
Operational |
Loki
| Property |
Value |
| URL |
Internal only |
| Namespace |
loki |
| Ingress Type |
None |
| Auth Method |
None |
| Purpose |
Log aggregation |
| Status |
Operational |
Grafana Alloy
| Property |
Value |
| URL |
Internal only |
| Namespace |
monitoring-alloy |
| Purpose |
Metrics/logs collection (replaces Promtail) |
| Status |
Operational |
GitOps Services
| Property |
Value |
| URL |
Internal only |
| Namespace |
hcp-terraform |
| Purpose |
Terraform Cloud workspace management |
| Status |
Operational |
Actions Runner Controller
| Property |
Value |
| URL |
Internal only |
| Controller Namespace |
arc-systems |
| Runners Namespace |
arc-runners |
| Purpose |
GitHub Actions self-hosted runners |
| Status |
Operational |
External Services
| Service |
Purpose |
Management |
| Cloudflare |
DNS, Tunnels, WAF |
Terraform (tf/cloudflare) |
| HCP Terraform |
Infrastructure automation |
Web UI |
| GitHub |
Source control, Actions |
Web UI |
| Let's Encrypt |
TLS certificates |
cert-manager |
Auth Method Reference
| Method |
Description |
Configuration |
| OIDC |
Direct OpenID Connect authentication |
Authentik provider integration |
| Forward-Auth |
Traefik middleware proxies auth to Authentik |
forwardAuth middleware |
| Certificate |
mTLS client certificate |
Vault PKI integration |
| None |
No authentication required |
Internal services only |
Ingress Type Reference
| Type |
Description |
TLS Handling |
| Traefik IngressRoute |
Native Traefik CRD |
Traefik terminates TLS |
| TCP Passthrough |
Raw TCP proxy |
Backend terminates TLS |
| Helm Managed |
Ingress defined in Helm values |
Varies by chart |
| Cloudflare Tunnel |
External via cloudflared |
Cloudflare terminates |
| kube-vip VIP |
Direct LoadBalancer IP |
Service handles TLS |
Adding a New Service
- Create Kubernetes manifests in
argocd/app-configs/<service>/
- Configure ingress (IngressRoute or Ingress resource)
- Set up authentication:
- OIDC: Create Authentik application and provider
- Forward-Auth: Add middleware reference
- Add secrets to Vault if needed
- Create ExternalSecret for Kubernetes secret sync
- Update this catalog