Application Layer¶
Scope¶
The application layer documents every deployed workload that delivers user or operator functionality on top of the platform layers.
Components that belong here¶
This includes the majority of top-level directories in the repository, such as:
- Identity and security services like authelia and crowdsec-lapi
- Collaboration and source-control services like gitea, gitlab, and nextcloud
- Observability workloads like loki, mimir, and kube-prometheus-stack
- Utility and personal services like mealie, photoprism, seafile, gotify, and many others
Mandatory model¶
Every application should have:
- One service page under docs/services/SERVICE_NAME.md
- One runbook under docs/runbooks/SERVICE_NAME.md if the service is Tier 0 or Tier 1, stateful, or externally exposed
What each application page must cover¶
- Why the service exists and who owns it
- Where it is deployed and in which namespace
- Which manifests, overlays, or Helm definitions deploy it
- What it depends on for identity, storage, ingress, and backup
- How operators and users access it
Catalogue expectation¶
The service catalogue should eventually become the fastest way to answer:
- Which services are internet-facing
- Which services are stateful
- Which services depend on a given storage class, ingress path, or identity provider
- Which services require immediate runbook coverage because of blast radius or data importance