Technical Documentation

Level 2: Technical Implementation

Architecture patterns, infrastructure templates, security baselines, and provider-specific guides for implementing sovereign cloud infrastructure.

Audience: Solutions Architects, Technical Leads, DevOps Engineers, Security Architects, Platform Engineers.

Prerequisite: Familiarity with Level 1 Strategic Framework, particularly the Architecture Principles and Reference Architecture.

Technical Sections

Infrastructure Templates

OpenTofu modules, Kubernetes configurations, Helm charts, and GitOps setup for sovereign cloud infrastructure.

OpenTofu | Kubernetes | Helm | ArgoCD

Migration Patterns

Proven patterns for migrating workloads including lift-and-shift, refactoring, and workload-specific guides.

Databases | Containers | Email | Storage

Security Hardening

Security baselines, encryption configuration, identity federation, and compliance automation.

Zero Trust | Encryption | IAM | Compliance

Operational Runbooks

Incident response, disaster recovery, change management, and capacity planning procedures.

SRE | DR | Monitoring | On-Call

Transition & Coexistence

Managing projects in-flight, extended parallel operation, data synchronisation between clouds, and industry lessons learned.

Dual-Run | CDC | Contract Exit | Case Studies

Provider Guides

European provider-specific configuration, evaluation criteria, and comparison matrices.

OVHcloud | Hetzner | Scaleway | IONOS

CloudStack Use Cases

Building sovereign hyperscalers with Apache CloudStack, open-source FaaS, and international cooperative implementation models.

CloudStack | OpenFaaS | Cooperative Model

Existing Microsoft Replacements

Proven implementations from Denmark, Schleswig-Holstein, France, Italy, and Spain. 450,000+ workstations migrated. Harvestable by the Cooperative.

NEW: GendBuntu | LinEx | LiMux lessons

Technology Validation

Independent assessment of CloudStack and open-source stack maturity. Honest risk analysis, OCI Dedicated Region alternative, acceptance criteria.

CRITICAL: Read before approving investment

Core Technology Stack

Level 2 documentation is built around the following sovereign-compatible technology stack. All components are open source or available from non-US providers.

Layer Primary Technology Alternatives
Container Orchestration Kubernetes (vanilla) K3s, Rancher, OpenShift (OKD)
Infrastructure as Code OpenTofu Pulumi, Crossplane
GitOps ArgoCD Flux
Object Storage MinIO Ceph RADOS Gateway, SeaweedFS
Database PostgreSQL MariaDB, CockroachDB
Cache Valkey / Redis KeyDB, Dragonfly
Message Queue Apache Kafka RabbitMQ, NATS
Identity & Access Keycloak Authentik, Zitadel
Secrets Management OpenBao SOPS, Sealed Secrets
API Gateway Kong Traefik, APISIX
Service Mesh Istio Linkerd, Cilium Service Mesh
Monitoring Prometheus + Grafana VictoriaMetrics, Thanos
Logging Loki + Grafana OpenSearch, Graylog
SIEM Wazuh OpenSearch SIEM
CI/CD GitLab CI (self-hosted) Tekton, Jenkins
Container Registry Harbor GitLab Registry, Quay

Getting Started

Recommended Reading Order

  1. Provider Guides
    Understand the European provider landscape and select your target platform(s).
  2. Infrastructure Templates
    Review the OpenTofu modules and Kubernetes configurations for your chosen provider.
  3. Security Hardening
    Understand security baselines and compliance requirements before deployment.
  4. Migration Patterns
    Select the appropriate pattern for your workload types.
  5. Operational Runbooks
    Prepare for day-2 operations including incident response and DR.

Development Status

Section Status Content Available
Infrastructure Templates Structure Only Index page, section outline, template placeholders
Migration Patterns Structure Only Index page, pattern descriptions, workload categories
Security Hardening Structure Only Index page, security domains, baseline outline
Operational Runbooks Structure Only Index page, runbook categories, procedure outline
Provider Guides Structure Only Index page, provider overview, evaluation criteria
CloudStack Use Cases Complete Hyperscaler architecture, 11 use cases, AWS service mapping, FaaS alternatives, international cooperative model
Existing Microsoft Replacements Complete Denmark, Schleswig-Holstein, France GendBuntu, Italy, Spain LinEx/Guadalinex, Munich lessons, EU OSOR resources
Technology Validation Complete CloudStack production evidence, scalability testing, CloudStack vs OpenStack vs OpenNebula comparison, OCI Dedicated Region alternative, risk assessment, acceptance criteria

Contributing: Level 2 documentation will be developed iteratively as pilot implementations proceed. Technical teams undertaking early migrations are encouraged to contribute patterns, templates, and lessons learned.

About Documentation Levels
Start: Infrastructure Templates