TazLab K8s Bootstrap Logic
TazLab uses a “Clean Handoff” strategy during cluster bootstrap, transitioning responsibility from imperative scripts to autonomous GitOps.
The Handoff Cycle
- Stage 1: OS & VMs (
ephemeral-castle):create.shbrings up Proxmox VMs and Talos OS.- It applies the first
flux bootstrapcommand, linking the cluster to thetazlab-k8sGit repo.
- Stage 2: Root Sync (
flux-system):- Flux reconciles
./clusters/tazlab-k8s/. - It identifies all
Kustomizationresources in that directory.
- Flux reconciles
- Stage 3: DAG Execution:
- Flux starts applying Level 0 layers (Namespaces, Core Operators).
- It uses HealthChecks to block Level 1 (Bridge/Monitoring) until the network is stable.
- Stage 4: Application Readiness:
- Application pods (Level 3) use wait-for-db init-containers to stay in
Initstate until the PostgreSQL instance (Level 3) is healthy.
- Application pods (Level 3) use wait-for-db init-containers to stay in
Cold-Start Resiliency
During a full cluster “Rebirth”, many resources start simultaneously.
- ESO Delay: Applications will wait for secrets to be projected from Infisical.
- PGO Recovery: Databases will wait for volume restoration from S3 via Longhorn.
- Self-Healing: If a layer fails, Flux retries every 2 minutes (
retryInterval).
Reconciling the Hub
Once the Traefik LoadBalancer IP is assigned by MetalLB, create.sh completes its observation loop and the cluster is considered in Steady State.
See Also
- DAG: Flux DAG - The specific dependency chain.
- Protocol: Rebirth Protocol - The parent process.
- Hub: TazLab K8s Hub