# Feature Proposal: Optional Proxmox Cloud Fabric Add-On
## Integrated Service Discovery, IPAM, DNS, DHCP, Reverse Proxy, and Zero-Trust VPN
## Summary
This proposal suggests introducing an optional, modular **Cloud Fabric** add-on for Proxmox VE that provides:
- Cluster-aware service discovery
- Integrated DNS management
- IP Address Management (IPAM)
- Embedded DHCP per VLAN
- Reverse proxy / ingress control plane
- Built-in zero-trust VPN mesh (WireGuard-based)
The goal is to evolve Proxmox VE from a virtualization platform into a lightweight private cloud control plane for homelabs, SMBs, and edge environments, without impacting enterprise users who rely on external infrastructure services.
## Motivation
Currently, Proxmox VE relies on external systems for:
- DNS
- DHCP
- IPAM
- Reverse proxy / ingress
- VPN access
In modern workloads (Kubernetes, microservices, distributed databases, analytics clusters), service identity and network automation are essential.
Platforms such as the following offer more integrated networking or service abstraction layers:
- OpenStack
- VMware vSphere
- TrueNAS SCALE
Adding an optional Proxmox Cloud Fabric module would significantly improve:
- Cluster ergonomics
- Service lifecycle automation
- Secure remote access
- SMB private cloud viability
## Proposed Architecture
### 1) Service Discovery (Cluster-Aware DNS)
Embed a lightweight DNS service such as:
- CoreDNS
Integrated with:
- Proxmox cluster state
- Corosync replication
- VM/CT lifecycle events
Behavior:
- VM creation -> automatic A/PTR record
- VM migration -> DNS auto-update
- VM deletion -> record cleanup
- Cluster-wide `.pve.local` zone (configurable)
Example:
- `vm-101.pve.local -> 10.10.10.21`
- `k3s-master.pve.local -> 10.10.20.5`
### 2) IP Address Management (IPAM)
New UI section:
- `Datacenter -> Network -> IPAM`
Features:
- Cluster-wide IP visibility
- VLAN-to-subnet mapping
- Static IP reservation
- Conflict detection
- VM <-> IP relationship mapping
- Allocation history
All state replicated via `/etc/pve`.
### 3) Embedded DHCP (Optional Per VLAN)
Per VLAN configuration:
- Enable/disable DHCP
- Define pools
- Static reservations
- Auto-bind DHCP + DNS records
Possible backend:
- `dnsmasq`
- Kea DHCP
Strictly optional.
### 4) Reverse Proxy / Ingress Control Plane
New UI section:
- `Datacenter -> Edge / Ingress`
Features:
- Map hostname -> VM -> port
- Automatic DNS entry
- TLS enablement
- Let's Encrypt integration
- Certificate auto-renewal
This avoids requiring separate Nginx/Traefik VMs for basic ingress use cases.
### 5) Built-In Zero-Trust VPN Mesh
WireGuard-based cluster mesh similar to:
- Tailscale
- WireGuard
Features:
- Node identity management
- Device enrollment
- Secure mesh between nodes
- Private DNS integration
- Access control policies
- No port forwarding required
This would dramatically improve secure remote management and lab accessibility.
## Deployment Model
This feature should be:
- Optional package (e.g., `pve-fabric`)
- Disabled by default
- Installable via `apt`
- Modular (DNS-only, VPN-only, etc.)
It should not increase base system complexity for enterprise users who rely on external DNS/IPAM solutions.
## Security Considerations
- Services must be sandboxed
- Clear separation between management and fabric plane
- Explicit enablement required
- Strong default firewall rules
- API authentication integrated with Proxmox RBAC
## Target Audience
- Homelab users
- SMB private cloud deployments
- Edge computing setups
- Kubernetes-on-Proxmox users
- Dev/test environments
## Benefits
- Reduces infrastructure sprawl
- Simplifies cluster networking
- Improves service lifecycle automation
- Enhances Proxmox competitiveness
- Makes Proxmox a lightweight private cloud OS
## Non-Goals
- Replacing enterprise-grade DNS/IPAM (e.g., Infoblox)
- Forcing integrated networking on all users
- Becoming a full OpenStack competitor
## Implementation Suggestion
### Phase 1
- Embedded CoreDNS
- Auto-registration hooks
### Phase 2
- IPAM UI
- DHCP integration
### Phase 3
- Reverse proxy control plane
### Phase 4
- WireGuard mesh VPN with identity management
## Integrated Service Discovery, IPAM, DNS, DHCP, Reverse Proxy, and Zero-Trust VPN
## Summary
This proposal suggests introducing an optional, modular **Cloud Fabric** add-on for Proxmox VE that provides:
- Cluster-aware service discovery
- Integrated DNS management
- IP Address Management (IPAM)
- Embedded DHCP per VLAN
- Reverse proxy / ingress control plane
- Built-in zero-trust VPN mesh (WireGuard-based)
The goal is to evolve Proxmox VE from a virtualization platform into a lightweight private cloud control plane for homelabs, SMBs, and edge environments, without impacting enterprise users who rely on external infrastructure services.
## Motivation
Currently, Proxmox VE relies on external systems for:
- DNS
- DHCP
- IPAM
- Reverse proxy / ingress
- VPN access
In modern workloads (Kubernetes, microservices, distributed databases, analytics clusters), service identity and network automation are essential.
Platforms such as the following offer more integrated networking or service abstraction layers:
- OpenStack
- VMware vSphere
- TrueNAS SCALE
Adding an optional Proxmox Cloud Fabric module would significantly improve:
- Cluster ergonomics
- Service lifecycle automation
- Secure remote access
- SMB private cloud viability
## Proposed Architecture
### 1) Service Discovery (Cluster-Aware DNS)
Embed a lightweight DNS service such as:
- CoreDNS
Integrated with:
- Proxmox cluster state
- Corosync replication
- VM/CT lifecycle events
Behavior:
- VM creation -> automatic A/PTR record
- VM migration -> DNS auto-update
- VM deletion -> record cleanup
- Cluster-wide `.pve.local` zone (configurable)
Example:
- `vm-101.pve.local -> 10.10.10.21`
- `k3s-master.pve.local -> 10.10.20.5`
### 2) IP Address Management (IPAM)
New UI section:
- `Datacenter -> Network -> IPAM`
Features:
- Cluster-wide IP visibility
- VLAN-to-subnet mapping
- Static IP reservation
- Conflict detection
- VM <-> IP relationship mapping
- Allocation history
All state replicated via `/etc/pve`.
### 3) Embedded DHCP (Optional Per VLAN)
Per VLAN configuration:
- Enable/disable DHCP
- Define pools
- Static reservations
- Auto-bind DHCP + DNS records
Possible backend:
- `dnsmasq`
- Kea DHCP
Strictly optional.
### 4) Reverse Proxy / Ingress Control Plane
New UI section:
- `Datacenter -> Edge / Ingress`
Features:
- Map hostname -> VM -> port
- Automatic DNS entry
- TLS enablement
- Let's Encrypt integration
- Certificate auto-renewal
This avoids requiring separate Nginx/Traefik VMs for basic ingress use cases.
### 5) Built-In Zero-Trust VPN Mesh
WireGuard-based cluster mesh similar to:
- Tailscale
- WireGuard
Features:
- Node identity management
- Device enrollment
- Secure mesh between nodes
- Private DNS integration
- Access control policies
- No port forwarding required
This would dramatically improve secure remote management and lab accessibility.
## Deployment Model
This feature should be:
- Optional package (e.g., `pve-fabric`)
- Disabled by default
- Installable via `apt`
- Modular (DNS-only, VPN-only, etc.)
It should not increase base system complexity for enterprise users who rely on external DNS/IPAM solutions.
## Security Considerations
- Services must be sandboxed
- Clear separation between management and fabric plane
- Explicit enablement required
- Strong default firewall rules
- API authentication integrated with Proxmox RBAC
## Target Audience
- Homelab users
- SMB private cloud deployments
- Edge computing setups
- Kubernetes-on-Proxmox users
- Dev/test environments
## Benefits
- Reduces infrastructure sprawl
- Simplifies cluster networking
- Improves service lifecycle automation
- Enhances Proxmox competitiveness
- Makes Proxmox a lightweight private cloud OS
## Non-Goals
- Replacing enterprise-grade DNS/IPAM (e.g., Infoblox)
- Forcing integrated networking on all users
- Becoming a full OpenStack competitor
## Implementation Suggestion
### Phase 1
- Embedded CoreDNS
- Auto-registration hooks
### Phase 2
- IPAM UI
- DHCP integration
### Phase 3
- Reverse proxy control plane
### Phase 4
- WireGuard mesh VPN with identity management
