H HybridOps
Menu

Blueprints

Deployable operating patterns built from reusable modules. Choose a blueprint, then execute with policy profiles.

Module Catalog

Reusable module families that compose the blueprints.

Core
  • core/hetzner/edge-network
  • core/identity/bootstrap
  • core/ipam/netbox-base
  • core/vpn/ipsec-bgp
Platform
  • platform/observability/thanos-edge
  • platform/decision/service
  • platform/dns/cutover
  • platform/dr/activate
Workloads
  • workloads/keycloak/base
  • workloads/nextcloud/base
  • workloads/moodle/base
  • workloads/academy/docsgpt

Execution Architecture

Operational topology used by the featured blueprints.

Full topology: on-prem primary runtime, always-on edge decisioning, event-driven cloud burst and DR. Hover any box for detail.

Prometheus scrapes on-prem cluster metrics and remote-writes them to the Thanos edge receiver for a global view.

The Decision service evaluates policy rules against aggregated Thanos metrics. If thresholds breach, it emits action signals.

DNS cutover module executes the traffic shift. Evidence envelopes are written to external object storage.

Cloud target cluster activates (warm or cold), DR data promotes, and failover ingress begins receiving traffic.

HybridOps Executive Architecture Three-zone topology showing on-prem primary, Hetzner edge decisioning, and cloud burst/DR targets with data and control flows. HybridOps v1 baseline: on prem primary, always-on edge decisioning, event-driven cloud burst and DR On Prem Primary Hetzner Edge · Always On Cloud Burst / DR RKE2 workload cluster Primary runtime for platform and apps Prometheus per site Scrape cluster, services, and infra metrics GitOps agent Desired state sync for on prem workloads Stateful services externalized, replicated by policy. WAN edge HA pair IPsec, BGP, floating IP, secure ingress Thanos Receive + Query Global metrics view for policy and ops Decision Policy loop DNS cutover Action module Evidence envelopes correlate with run IDs. Cold / warm cluster target Provisioned only on burst or DR event DR data target Replica promotion or backup restore endpoint Failover ingress Receives traffic after DNS cutover External object storage (GCS): Long-term metrics blocks and DR drill evidence. Independent from on-prem. remote_write burst / DR trigger DNS action metrics blocks Data flow Control / policy action Key surface On-prem · Edge · Cloud Animated pulse

For detailed signal and control mapping, see the docs and ADR references in documentation.

Primitive chain

Every blueprint execution flows through the same four-primitive model.

HybridOps execution flow: Module to Driver to Profile to Pack to Evidence

WAN topology

Hetzner edge pair, BGP peering to GCP hub, and HA VPN tunnels — as deployed by the networking blueprints.

HybridOps WAN topology: on-prem to Hetzner edge pair to GCP hub with BGP and HA VPN
Training track
Join HybridOps Academy

Structured labs for DR drills, burst operations, and evidence-first runbooks for real delivery teams.

Join Academy Open Academy