Skip to main content

Deep Dive

These articles are for readers who want to understand why Soverstack is built the way it is. They are not how-to guides — for those, see the Getting Started section. Each piece focuses on one architectural decision, the trade-offs we considered, and the reasoning behind the choice we made.

What each article covers

Each box maps to one article. The arrows show conceptual dependencies: bootstrap produces the cluster, the mesh and network model run on top of it, scopes describe what gets deployed where, and sizing quantifies the result.

Articles

  • Why a Software Mesh — Why Soverstack runs WireGuard everywhere instead of leaning on vSwitch, vRack, or any other provider-specific L2.
  • The Datacenter Bootstrap — How three isolated servers become a single encrypted Proxmox+Ceph cluster without any chicken-and-egg dependency.
  • VM-First Architecture — Why the foundation runs as Proxmox VMs and not as containers — and what that buys you when things fail.
  • Network Isolation Architecture — Two IP pools, four reserved networks, and the line between latency-critical VLAN traffic and encrypted mesh traffic.
  • Deployment Scopes — Global, regional, zonal: where each workload lives and why moving them around breaks the model.
  • Infrastructure Sizing — The full tool stack, VM count by tier, and what hardware you actually need to run it.
  • Public IP Strategy — Provider IPs, leased IPs, owned IPs with BGP — costs, trade-offs, and when each makes sense.