Hybrid Deployment — Option C (ADR-005)
Architecture: ECS Fargate Stream 1 (AI Services) + K3S GitOps Stream 2 (DevOps Platform). Start with Stream 1 (BC1) and activate Stream 2 when enterprise triggers are met.
Two Streams
Stream 1: ECS Fargate — CloudOps + FinOps (AI Services)
| Attribute | Value |
|---|
| Domain | CloudOps + FinOps (AI Services) |
| Services | Open WebUI (L6), FastAPI+CrewAI (L5) |
| Cost | $180/mo |
| Agent | infrastructure-engineer |
| Local | docker-compose |
| Prod | ECS Graviton4 |
| Attribute | Value |
|---|
| Domain | DevOps (GitOps Platform) |
| Services | ArgoCD, Vault HA, Atlantis, Crossplane, cert-manager, external-dns |
| Cost | $0 on-prem / $120–190 cloud VMs |
| Agent | kubernetes-engineer |
| Local | K3D |
| Prod | K3S 3-node HA |
2026–2030 Enterprise Trend Coverage
| Trend | ECS Only (BC1) | Hybrid (Option C) |
|---|
| Local-first (Docker) | docker-compose ✓ | docker-compose + K3D — same YAML local to prod ✓ |
| Local-AI (Ollama) | docker profile ✓ | K3S GPU nodes + LiteLLM local routing ✓ |
| IoT / Edge | AWS-only ✗ | K3S ARM64 — Raspberry Pi to Graviton4 ✓ |
| On-premises | AWS-only ✗ | K3S bare metal — data sovereignty compliant ✓ |
| Multi-cloud | AWS-only ✗ | Crossplane CRDs — Azure Arc, GKE Autopilot ✓ |
| Air-gapped | needs internet ✗ | K3S offline bundle — defence / classified ✓ |
K3S Activation Triggers
| Trigger | Action | Type | Detail |
|---|
| Multi-cloud / On-prem mandate | Crossplane + K3S edge nodes | Architecture Change | Azure Arc, GKE Autopilot via Crossplane CRDs |
| Team >3 engineers | ArgoCD + Atlantis PR isolation on K3S | Service Addition | Concurrent PR envs with namespace isolation |
| AI sovereignty (data residency) | K3S + Ollama local inference — zero cloud egress | Architecture Change | APRA CPS 234 / GDPR compliant on-prem AI |
Cost Model
Stream 1 Only (BC1 baseline)
- $180/mo — ECS Fargate Graviton4
Stream 2 Added (BC2+)
| Environment | Cost | Detail |
|---|
| On-prem | $0/mo | K3S on existing hardware — zero cloud cost |
| Cloud VMs | $120–190/mo | 3-node HA K3S on EC2/Hetzner/DigitalOcean |
| Combined Hybrid | $300–370/mo | ECS $180 (Stream 1) + K3S $120–190 (Stream 2) |
IaC Reference
K3S IaC: 161 files at DevOps-Terraform/tf-k3s (85% ready). Agent: kubernetes-engineer.