Skip to main content

Deployment Overview

The Event Registration Platform is deployed as a containerized application on a Kubernetes-based homelab cluster, providing reliability, scalability, and automated updates.
The deployment architecture follows modern GitOps-style practices and includes:

  • K3s Kubernetes cluster
  • Containerized Laravel backend
  • React.js + Inertia frontend build
  • CloudNativePG for PostgreSQL
  • Longhorn for persistent storage
  • Traefik as ingress controller
  • Vault Secrets Operator for secret injection
  • GitHub Actions CI/CD pipelines

This page introduces the high-level deployment architecture and workflow.

Kubernetes Architecture

The platform runs on a multi-node K3s cluster with components distributed across compute nodes for resilience.

Core Workloads

  • Laravel API Deployment

    • Stateless container running PHP-FPM + Nginx
    • Connected to CloudNativePG for database access
    • Receives secrets dynamically from Vault

  • Frontend Build

    • The React/Inertia frontend is built during CI
    • Static assets are served by the backend container

  • PostgreSQL (CloudNativePG)

    • Highly available Postgres cluster
    • Automated backups and PITR (Point-in-Time Recovery)
    • Integrated monitoring dashboards

  • Ingress (Traefik)

    • Handles routing, TLS termination, and certificates
    • Provides public and internal endpoints

  • Storage (Longhorn)

    • Replicated block storage for database PVCs
    • Ensures persistence across node failures

Secret Management (Vault)

The platform uses Vault Secrets Operator (VSO) to automate secret injection:

  • Database credentials
  • App key / encryption key
  • JWT validation keys (Authentik provider data)
  • API keys (if required)

How it works

  1. Vault stores secrets at secure paths.
  2. VSO monitors corresponding VaultStaticSecret manifests.
  3. Kubernetes syncs secrets into the namespace as native Secret objects.
  4. Deployments restart automatically using Reloader when secrets change.

This creates a fully automated and auditable secrets pipeline.

Deployment Workflow

The platform uses GitHub Actions to automate testing, building, and deploying.

Pipeline Steps

  1. Run Tests

    • PHPUnit for backend
    • ESLint / frontend build checks

  2. Build Docker Images

    • Laravel backend image
    • Bundled frontend assets included in the container

  3. Push to Container Registry

    • GitHub Container Registry or self-hosted registry

  4. Trigger Kubernetes Deployment

    • Manifest update via kubectl apply
    • Or Flux-style GitOps (if enabled)

  5. Automatic Rollout

    • Kubernetes replaces old pods
    • Health checks ensure readiness
    • Rollback occurs automatically on failure

CI/CD Goals

The CI/CD system is built with the following goals:

Zero-downtime deployments via rolling updates

Automated secret syncing through Vault

Automated builds for backend + frontend

Reproducible containers with pinned dependencies

Consistent deployments across environments

Self-healing workloads via Kubernetes