Deploy IPFS nodes inside Kubernetes and bind them to the ZeroTier overlay network for secure, decentralized storage.
Part of the FlatRacoon Network Stack.
βββββββββββββββββββββββ
β Public IPFS β
β (optional gate) β
ββββββββββββ¬βββββββββββ
β (if enabled)
ββββββββββββΌβββββββββββ
β Gateway Node β
β (public bridge) β
ββββββββββββ¬βββββββββββ
β
βββββββββββββββββββββββββΌββββββββββββββββββββββββ
β ZeroTier Overlay (encrypted mesh) β
βββββββββββββββββββββββββΌββββββββββββββββββββββββ
β
βββββββββββββββββββββββββΌββββββββββββββββββββββββ
β β β
ββββββββΌβββββββ ββββββββΌβββββββ ββββββββΌβββββββ
β IPFS Node ββββββββββΊβ IPFS Node ββββββββββΊβ IPFS Node β
β (private) β swarm β (private) β swarm β (private) β
βββββββββββββββ βββββββββββββββ βββββββββββββββ-
IPFS daemon configuration - Kubo node settings for private operation
-
Kubernetes manifests - StatefulSet, PVC, Services
-
Bootstrap and peer discovery - Private swarm key, bootstrap list
-
Private routing - ZeroTier-only binding, no public DHT
ipfs-overlay/
βββ manifests/
β βββ statefulset.yaml # IPFS nodes with persistent storage
β βββ service.yaml # Internal cluster service
β βββ pvc.yaml # Persistent volume claims
β βββ configmap.yaml # IPFS configuration
β βββ secret.yaml # Swarm key
βββ configs/
β βββ ipfs-config.ncl # Nickel IPFS configuration
β βββ swarm.ncl # Swarm key generation
β βββ bootstrap.ncl # Bootstrap peer list
βββ scripts/
β βββ init-node.sh # Node initialization
β βββ generate-swarm-key.sh
β βββ health-check.sh
βββ Justfile
βββ README.adoc
βββ STATE.scm
βββ META.scm
βββ ECOSYSTEM.scm| Input | Description | Source |
|---|---|---|
|
Private swarm encryption key |
Generated or poly-secret-mcp |
Bootstrap nodes |
Initial peer addresses |
configs/bootstrap.ncl |
ZeroTier interface |
Network interface for binding |
zerotier-k8s-link |
Storage class |
Kubernetes storage provisioner |
Cluster configuration |
| Output | Description |
|---|---|
Private IPFS cluster |
Encrypted, ZeroTier-bound IPFS swarm |
Distributed storage layer |
Content-addressed storage for stack |
Gateway (optional) |
HTTP gateway for content retrieval |
Pinning service |
Persistent content pinning |
-
zerotier-k8s-link - IPFS binds exclusively to ZT interface
-
twingate-helm-deploy - External access via Twingate gateway
-
poly-observability-mcp - Storage metrics and health
{
"module": "ipfs-overlay",
"version": "0.1.0",
"layer": "storage",
"requires": ["kubernetes", "zerotier-k8s-link"],
"provides": ["distributed-storage", "content-addressing", "pinning"],
"config_schema": "configs/schema.ncl",
"health_endpoint": "/ipfs/health",
"metrics_endpoint": "/ipfs/metrics",
"api_endpoint": "/api/v0"
}# 1. Ensure ZeroTier overlay is running
just -f ../zerotier-k8s-link/Justfile status
# 2. Generate or retrieve swarm key
just generate-swarm-key
# Or: just fetch-swarm-key # from Vault
# 3. Deploy IPFS nodes
just deploy
# 4. Verify cluster formation
just cluster-status
# 5. Test content pinning
echo "Hello FlatRacoon" | just pin-content# Generate new swarm key
echo -e "/key/swarm/psk/1.0.0/\n/base16/\n$(tr -dc 'a-f0-9' < /dev/urandom | head -c 64)" > swarm.key{
"Bootstrap": [],
"Addresses": {
"Swarm": [
"/ip4/0.0.0.0/tcp/4001",
"/ip6/::/tcp/4001"
],
"API": "/ip4/127.0.0.1/tcp/5001",
"Gateway": "/ip4/127.0.0.1/tcp/8080"
},
"Swarm": {
"AddrFilters": null,
"DisableBandwidthMetrics": false,
"DisableNatPortMap": true
},
"Discovery": {
"MDNS": {
"Enabled": false
}
},
"Routing": {
"Type": "none"
}
}| Phase |
Production-ready |
| Completion |
100% |
| Next |
Helm chart alternative, automated cluster scaling |
See TOPOLOGY.md for a visual architecture map and completion dashboard.