Skip to content
Minecraft Hosting Docs

Infrastructure — K3s on Contabo (multi-region)

This page summarizes the proposal to run the platform as one K3s cluster per region on Contabo dedicated servers. For the full engineering write-up (K3s HA design, bare-metal ingress, storage, IaC, migration, cost, and the ADR), see docs/infrastructure-k3s-contabo.md in the repository.

Interactive explorer

Section titled “Interactive explorer”

A self-contained interactive version — topology toggles, a step-through of the connect/wake request flow, a global-vs-regional inventory filter, a clickable Contabo region map, and a live cost model — is served alongside these docs:

Open the Infrastructure Explorer ↗

The idea in one paragraph

Section titled “The idea in one paragraph”

The platform was built provider-agnostic — the Terraform cluster module states that retargeting means "replace the resources here while keeping the same module interface." Swapping managed AWS EKS for self-managed K3s on Contabo is exactly that swap, and the region model is already in the data layer (servers.region).

Section titled “Recommended shape”

Global brain, regional muscle. A single global control plane (API · Postgres · billing · auth) plus one self-contained K3s data plane per Contabo region (operator · Velocity edge · DragonflyDB · tenants).

  • Stays global & untouched: Cloudflare DNS/Workers/R2, Upstash, the API and Postgres system of record.
  • Replicated per region: a full K3s cluster (3 HA server nodes with embedded etcd + N RAM-bound agent nodes), the operator, DragonflyDB, the Velocity proxy fleet, and the tenant game servers placed there.

What actually changes

Section titled “What actually changes”

| Concern | Today (EKS) | On Contabo + K3s | | --- | --- | --- | | Minecraft edge LB | AWS NLB | MetalLB / kube-vip on the server's public IP | | Secret store | AWS IRSA | 1Password / Vault (templates already in repo) | | NetworkPolicy | EKS CNI | Calico / Cilium (Flannel won't enforce policy) | | World PVCs | EBS | Longhorn / local-path | | Control-plane ingress | Cloudflare Tunnel | unchangedcloudflared dials out |

Trade-off

Section titled “Trade-off”

You trade managed-control-plane convenience for 3–5× lower infra cost at equal RAM (the binding constraint for Minecraft), unlimited egress, and included NVMe. Part of that delta is ops labor you now own — budget engineering time, not just euros. Validate with a single-region pilot before committing.