Project

Barnati

Absolute Digital Sovereignty

A sovereign cloud infrastructure platform designed for Ultra High Net Worth Individuals in Monaco and Switzerland. Built solo — from architecture decisions to production deployment. Every tenant gets a dedicated Kubernetes cluster, a dedicated database, and total network isolation.

Open source coming soon barnati.com · Coming soon
KubernetesFluxCDTerraformCrossplaneTraefikExternal SecretsDatadogGitLab CIScaleway

Context

The problem

Data sovereignty

UHNWI clients cannot afford shared infrastructure. A breach or a misconfiguration in a neighbour's environment must be physically impossible, not just logically isolated.

Operational complexity

Managing N independent environments manually does not scale. Every tenant needs the same stack, the same security posture, the same observability — deployed consistently and updated centrally.

Compliance & control

Clients in Monaco and Switzerland operate under strict privacy requirements. The infrastructure must be auditable, drift-free, and fully documented as code.

System design

Architecture

Barnati architecture diagram Barnati: Internet distributes traffic to main Kapsule control plane and tenant Kapsule clusters side by side, each with dedicated RDB via VPC Internet GitLab — source of truth Load Balancer Load Balancer Load Balancer GitOps Main cluster Control plane FluxCD Crossplane Multi-tenant orch. Proprietary Datadog agent Scaleway RDB Main app VPC provisions Kapsule — tenant A Traefik · Cilium App External Secrets Datadog agent Scaleway RDB Dedicated — tenant A VPC ··· Kapsule — N Traefik · Cilium App Ext. Secrets Datadog agent Scaleway RDB Dedicated — N VPC Scaleway infrastructure Kapsule · Object Storage · Registry · Load Balancer · DNS Proprietary Open source stack Control plane Observability VPC

Technical stack

How it's built

Orchestration

  • Kubernetes (Scaleway Kapsule)
  • FluxCD
  • Helm
  • Cilium

Ingress & Security

  • Traefik
  • External Secrets
  • Cert-Manager

Infrastructure as Code

  • Terraform / OpenTofu
  • Crossplane
  • Scaleway provider

CI/CD

  • GitLab CI
  • Hybrid runner routing
  • Docker
  • Container Registry

Observability

  • Datadog cluster-agent
  • APM
  • Log pipelines
  • Alerting

Database

  • Scaleway RDB
  • Dedicated instance per tenant
  • VPC isolation

Engineering decisions

Why these choices

Why one cluster per tenant instead of namespaces?

Namespace isolation in Kubernetes is logical, not physical. A misconfigured RBAC rule or a CVE in the container runtime can break the boundary. A dedicated cluster per tenant makes cross-tenant access architecturally impossible — there is no shared control plane to compromise.

Why Crossplane over pure Terraform?

Terraform is a one-shot executor — it applies state and exits. Crossplane runs inside the cluster and continuously reconciles infrastructure state against the desired spec. If a resource drifts or is deleted manually, Crossplane recreates it automatically. For a platform that must stay drift-free without human intervention, continuous reconciliation is the right model.

Why FluxCD over ArgoCD?

FluxCD is a CNCF graduated project built as a set of composable controllers rather than a monolithic UI-first tool. It integrates naturally with Crossplane's controller model and has a smaller attack surface. For a security-first platform, fewer moving parts and no web UI exposed by default is the right tradeoff.

Why Scaleway over AWS or GCP?

Data sovereignty for European UHNWI clients requires European infrastructure under European jurisdiction. Scaleway is a French cloud provider fully subject to GDPR, with no US parent company and no CLOUD Act exposure. For clients in Monaco and Switzerland, this is not a preference — it is a requirement.

Status

Current state

Production infrastructure

Main cluster and tenant provisioning pipeline running in production on Scaleway Kapsule.

Multi-tenant orchestration

Proprietary orchestration layer handling tenant lifecycle, billing, and deployment.

Open source release

The tenant stack (Terraform modules, Helm charts, FluxCD configuration) will be released as open source at barriere.me. The orchestration layer and payment infrastructure remain proprietary.