Architecture Decision Records (ADRs)

ADRs capture why HybridOps is built the way it is. Each record explains the context, the options considered, the decision taken, and the consequences that follow from it.

Use ADRs for design intent. Use runbooks and module contracts for the current operating path. Superseded and deprecated ADRs stay published for traceability.

---

Browse by domain

Governance (4) · Networking (10) · Platform (12) · Security (6) · Observability (2) · Data Storage (4) · CI/CD Automation (12) · Disaster Recovery (1) · Cost Optimisation (1)

---

Full decision log

Use the full index when you need a specific ADR number, domain, or historical decision trail.

Published ADRs (52)

• ADR-0002 — Source of Truth: NetBox-Driven Inventory — Accepted · Public
• ADR-0003 — Secrets Management Strategy for Hybrid Kubernetes & Platform Workloads — Superseded · Public
• ADR-0012 — Control Node Runs as a VM (Cloud-Init); LXC Reserved for Light Helpers — Accepted · Public
• ADR-0013 — PostgreSQL Runs in LXC (State on Host-Mounted Storage; Backups First-Class) — Superseded · Public
• ADR-0014 — RKE2 Runs on Full VMs (Rocky Linux 9 Base) with Simple LB and Storage — Superseded · Public
• ADR-0015 — Network Infrastructure Assumptions for Packer Builds — Superseded · Public
• ADR-0016 — Adopt Packer + Cloud-Init for VM Template Standardization — Accepted · Public
• ADR-0017 — Operating System Baseline — Accepted · Public
• ADR-0018 — LXC Containers for Lightweight Workloads on Proxmox — Accepted · Public
• ADR-0020 — Secrets Strategy: Azure Key Vault primary; encrypted vault bundle for bootstrap/CI/DR; Vault optional later — Accepted · Public
• ADR-0101 — VLAN Allocation Strategy — Accepted · Public
• ADR-0102 — Proxmox as Intra-Site Core Router — Accepted · Public
• ADR-0103 — Inter-VLAN Firewall Policy — Accepted · Public
• ADR-0104 — Static IP Allocation with Terraform IPAM — Accepted · Public
• ADR-0105 — Dual Uplink Design (Ethernet/WiFi Failover) — Accepted · Public
• ADR-0106 — Dual ISP Load Balancing for Resiliency — Accepted · Public
• ADR-0107 — VyOS as Cost-Effective Edge Router — Accepted · Public
• ADR-0108 — Full Mesh Topology for High Availability — Accepted · Public
• ADR-0109 — NCC primary hub with routed Azure spoke connectivity — Accepted · Public
• ADR-0115 — Legacy Linux Edge WAN with strongSwan and FRR — Superseded · Public
• ADR-0201 — EVE-NG Network Lab Architecture — Accepted · Public
• ADR-0202 — Adopt RKE2 as Primary Runtime for Platform and Applications — Accepted · Public
• ADR-0203 — Adopt Argo CD as GitOps Controller for Application Delivery — Accepted · Public
• ADR-0204 — RKE2 Runs on Rocky VMs on Enterprise Hypervisors — Accepted · Public
• ADR-0205 — Infrastructure as Code Engine: Terraform with Terragrunt Composition — Accepted · Public
• ADR-0206 — Define Module → Driver → Profile → Pack execution contract (v1) — Proposed · Public
• ADR-0207 — Adopt pack layout packs///stack (Option B) — Proposed · Public
• ADR-0208 — Execute Terragrunt packs in isolated workdir with generated inputs.auto.tfvars.json — Proposed · Public
• ADR-0209 — Adopt Modules + Drivers + Profiles + Packs + Probes as the Core Execution Architecture — Accepted · Public
• ADR-0301 — Deprecated pfSense Flow-Control Plane — Deprecated · Public
• ADR-0302 — Deprecated Fortigate Edge Firewall Variant — Deprecated · Public
• ADR-0303 — Adopt Trivy for Container Image Vulnerability Scanning in CI/CD — Proposed · Public
• ADR-0401 — Unified Observability with Prometheus — Accepted · Public
• ADR-0402 — Use Prometheus Federation as Central DR Signal Plane — Accepted · Public
• ADR-0501 — PostgreSQL Runs on Dedicated VM with Host-Managed Storage and DR Replication — Accepted · Public
• ADR-0502 — Use GCP Cloud SQL as the Managed PostgreSQL DR Target — Accepted · Public
• ADR-0502 — Use External Secrets Operator with Azure Key Vault for Application Secrets — Accepted · Public
• ADR-0503 — Use Longhorn as RKE2 Storage Layer for Stateful Kubernetes Workloads — Accepted · Public
• ADR-0504 — External Secrets Operator with GCP Secret Manager for On-Prem Platform Workloads — Accepted · Public
• ADR-0600 — Adopt Environment Guard Framework (EGF) for Ansible Governance Pipeline — Accepted · Public
• ADR-0601 — Hybrid Network Automation: Nornir + Ansible Integration — Accepted · Public
• ADR-0602 — NETCONF and Nornir Automation for CSR1000v — Accepted · Public
• ADR-0603 — Run Jenkins controller on the control node and move build execution to agents — Accepted · Public
• ADR-0604 — Standardise Packer Image Pipeline for Proxmox Templates — Accepted · Public
• ADR-0605 — Terraform Execution Modes and HCP Workspace Governance for Multi-Cloud and On-Prem — Accepted · Public
• ADR-0606 — Standardise Ansible collections release process — Accepted · Public
• ADR-0607 — Standardise the CI agent tools image for Docker and RKE2 Jenkins agents — Accepted · Public
• ADR-0608 — Docker Engine baseline for control nodes and container hosts — Accepted · Public
• ADR-0609 — Normalize Terragrunt live stacks via generated alias tree — Accepted · Public
• ADR-0610 — Standardise environment bootstrap scripts for cloud and Proxmox credentials — Accepted · Public
• ADR-0701 — Use GitHub Actions as Stateless DR Orchestrator — Accepted · Public
• ADR-0801 — Treat Cost as a First-Class Signal for DR and Cloud Bursting — Accepted · Public

---

Related

• HOWTOs
• Runbooks
• Network design
• Network routing contract

Back to Docs Home