Kubernetes & Mesh
Private WireGuard mesh and managed load balancing across every node.
The mesh-controller generates a WireGuard keypair per node and renders a consistent peer table for the whole topology. The lb-controller renders nginx from your upstream edges and provisions the load balancer. Full Kubernetes cluster lifecycle is driven from pdctl k8s.
Technical docsHow it works
- 01 mesh-controller takes the topology and emits per-peer wg-quick configs keyed by node.
- 02 The agent installs the mesh config on each server over mTLS.
- 03 lb-controller renders nginx from the upstream edge set and provisions an LB node.
- 04 pdctl k8s manages clusters, node pools, deploys, scaling, ingress and secrets.
Technical docs
Technical docs Go deeper
Full technical reference — setup, schema and worked examples.