Current: 2026-01-27
Hardware
Network Hardware
Only relevant devices are displayed, “leaf” switches and APs are excluded.
| Device | Role |
|---|---|
| Unifi UDM Pro Max | Firewall |
| Unifi USW Pro 24 PoE | Switch |
| Unifi USW Aggregation | 10 Gig Switch |
Server Hardware
| Host | CPU | RAM | HDDs | SSDs | NICs |
|---|---|---|---|---|---|
| harvester-01 | i5-10400 | 128GB | 3 x 8TB | 1 x 4TB, 1 x 250GB | 1 x 1Gb, 1 x 10Gb |
| harvester-02 | i5-10400 | 128GB | 3 x 8TB | 1 x 4TB, 1 x 250GB | 1 x 1Gb, 1 x 10Gb |
| harvester-03 | i5-10400 | 128GB | 3 x 8TB | 1 x 4TB, 1 x 250GB | 1 x 1Gb, 1 x 10Gb |
| harvester-04 | i5-10400 | 128GB | 3 x 8TB | 1 x 4TB, 1 x 250GB | 1 x 1Gb, 1 x 10Gb |
| TrueNAS | i3-14100 | 128GB | 8 x 10TB | 1 x 1TB | 1 x 10Gb |
Network
Physical Layout (L1)
Logical Layout (L2/3)
Servers
TrueNAS
TrueNAS is used by every cluster via the democratic-csi, while providing S3 services via garage.
Application Clusters
The lab consists of four RKE2 clusters:
- Harvester
- Rancher
- Internal
- DMZ
Harvester
For this Harvester deployment all nodes have the OS installed on a 250GB NVME SSD, while all 4TB NVME SSDs are dedicated to Longhorn for VM and application storage. Unlike in my previous lab deployments Harbor has been deployed to the Harvester cluster itself, and I have made a new addition to the Harvester deployment by adding KASM.
Rancher
The Rancher cluster is effectively a C&C cluster, if you are familiar with Rancher MCM this is not surprising. I have added a couple extra deployments to the Rancher cluster though, mainly, ArgoCD, however I have started cutting down on using Argo for Fleet.
Internal
This is a smaller cluster mostly consisting of applications of dubious security, no need to be exposed, or simply more sensitive.
DMZ (You are here)
Finally the DMZ cluster is the primary cluster for the lab. It exists in its own network as one would expect.