Architecture Decision Records (ADRs)

Project-wide decision log for HybridOps.Studio. Each ADR captures context, options, the decision, and consequences, with links to code, diagrams, evidence, and runbooks where relevant.

Access flags (public, mixed, academy) follow the documentation access model in ADR-0021.

---

Spotlight

• ADR-0100 — HPC Extension Strategy: scope and approach for a Slurm-based HPC extension within HybridOps.Studio.

---

Categories

00 Governance (8) · 01 Networking (11) · 02 Platform (11) · 03 Security (5) · 04 Observability (2) · 05 Data Storage (3) · 06 Cicd Automation (12) · 07 Disaster Recovery (1) · 08 Cost Optimisation (1) · Platform (2)

---

Index

All ADRs — (search by ID or domain as needed)

All ADRs (56) — click to browse

• ADR-0001 — ADR Process and Documentation Conventions — Accepted · public
• ADR-0002 — Source of Truth: NetBox-Driven Inventory — Accepted · public
• ADR-0003 — Secrets Management Strategy for Hybrid Kubernetes & Platform Workloads — Superseded · public
• ADR-0012 — Control Node Runs as a VM (Cloud-Init); LXC Reserved for Light Helpers — Accepted · public
• ADR-0013 — PostgreSQL Runs in LXC (State on Host-Mounted Storage; Backups First-Class) — Superseded · public
• ADR-0014 — RKE2 Runs on Full VMs (Rocky Linux 9 Base) with Simple LB and Storage — Superseded · public
• ADR-0015 — Network Infrastructure Assumptions for Packer Builds — Superseded · public
• ADR-0016 — Adopt Packer + Cloud-Init for VM Template Standardization — Accepted · public
• ADR-0017 — Operating System Baseline for HybridOps.Studio — Accepted · public
• ADR-0018 — LXC Containers for Lightweight Workloads on Proxmox — Accepted · public
• ADR-0020 — Secrets Strategy — Azure Key Vault primary; encrypted vault bundle for bootstrap/CI/DR; Vault optional later — Accepted · public
• ADR-0021 — Documentation Access and Gating Model — Accepted · public
• ADR-0022 — Documentation, Public Site, and Academy Strategy — Accepted · public
• ADR-0023 — Showcase Packaging for Academy Labs — Proposed · public
• ADR-0100 — HPC Extension Strategy for HybridOps.Studio — Proposed · public
• ADR-0101 — VLAN Allocation Strategy — Accepted · public
• ADR-0102 — Proxmox as Intra-Site Core Router — Accepted · public
• ADR-0103 — Inter-VLAN Firewall Policy — Accepted · public
• ADR-0104 — Static IP Allocation with Terraform IPAM — Accepted · public
• ADR-0105 — Dual Uplink Design (Ethernet/WiFi Failover) — Accepted · public
• ADR-0106 — Dual ISP Load Balancing for Resiliency — Accepted · public
• ADR-0107 — VyOS as Cost-Effective Edge Router — Accepted · public
• ADR-0108 — Full Mesh Topology for High Availability — Accepted · public
• ADR-0109 — NCC primary hub with routed Azure spoke connectivity — Accepted · public
• ADR-0110 — VRRP Between Cisco IOS and Arista vEOS — Proposed · public
• ADR-0115 — Linux Edge WAN with strongSwan and FRR for Hybrid Cloud Connectivity — Accepted · public
• ADR-0201 — EVE-NG Network Lab Architecture — Accepted · public
• ADR-0202 — Adopt RKE2 as Primary Runtime for Platform and Applications — Accepted · public
• ADR-0203 — Adopt Argo CD as GitOps Controller for Application Delivery — Accepted · public
• ADR-0204 — RKE2 Runs on Rocky VMs on Enterprise Hypervisors — Accepted · public
• ADR-0205 — Infrastructure as Code Engine: Terraform with Terragrunt Composition — Accepted · public
• ADR-0206 — Define Module → Driver → Profile → Pack execution contract (v1) — Proposed · public
• ADR-0207 — Adopt pack layout packs///stack (Option B) — Proposed · public
• ADR-0208 — Execute Terragrunt packs in isolated workdir with generated inputs.auto.tfvars.json — Proposed · public
• ADR-0209 — Adopt Modules + Drivers + Profiles + Packs + Probes as the Core Execution Architecture — Proposed · public
• ADR-0301 — pfSense as Firewall for Flow Control — Proposed · public
• ADR-0302 — Fortigate Variant for Edge Firewall — Proposed · public
• ADR-0303 — Adopt Trivy for Container Image Vulnerability Scanning in CI/CD — Proposed · public
• ADR-0401 — Unified Observability with Prometheus — Accepted · public
• ADR-0402 — Use Prometheus Federation as Central DR Signal Plane — Accepted · public
• ADR-0501 — PostgreSQL Runs on Dedicated VM with Host-Managed Storage and DR Replication — Accepted · public
• ADR-0502 — Use External Secrets Operator with Azure Key Vault for Application Secrets — Accepted · public
• ADR-0503 — Use Longhorn as RKE2 Storage Layer for Stateful Kubernetes Workloads — Accepted · public
• ADR-0600 — Adopt Environment Guard Framework (EGF) for Ansible Governance Pipeline — Accepted · public
• ADR-0601 — Hybrid Network Automation: Nornir + Ansible Integration — Accepted · public
• ADR-0602 — NETCONF and Nornir Automation for CSR1000v — Accepted · public
• ADR-0603 — Run Jenkins Controller on Control Node, Agents on RKE2 — Accepted · public
• ADR-0604 — Standardise Packer Image Pipeline for Proxmox Templates — Accepted · public
• ADR-0605 — Terraform Execution Modes and HCP Workspace Governance for Multi-Cloud and On-Prem — Accepted · public
• ADR-0606 — Standardise HybridOps Ansible collections release process — Proposed · public
• ADR-0607 — Adopt a tools-enabled Jenkins agent image for HybridOps.Studio CI — Accepted · public
• ADR-0608 — Docker Engine baseline for control nodes and container hosts — Accepted · public
• ADR-0609 — Normalize Terragrunt live stacks via generated alias tree — Accepted · public
• ADR-0610 — Standardise environment bootstrap scripts for cloud and Proxmox credentials — Accepted · public
• ADR-0701 — Use GitHub Actions as Stateless DR Orchestrator — Accepted · public
• ADR-0801 — Treat Cost as a First-Class Signal for DR and Cloud Bursting — Accepted · public

---

Related

• HOWTOs
• Runbooks
• Network design
• Network routing contract

Back to Docs Home