TazLab K8s Flux DAG (Dependency Graph)

The cluster desired state is reconciled through a rigorous graph of Flux Kustomizations. This DAG ensures that foundational resources (Namespaces, CNI, DNS) are healthy before higher-level operators or applications are applied.

The Sequential Build Chain

The following order is defined by the dependsOn property in clusters/tazlab-k8s/:

1. The Foundation (Level 0 - Paralell)

  • infrastructure-operators-namespaces: Creates namespaces.
    • HealthCheck: Waits for kube-flannel (DaemonSet) and coredns (Deployment).
  • infrastructure-operators-core: Installs Traefik, cert-manager, reloader.
  • infrastructure-operators-data: Installs PostgreSQL operator (PGO).

2. Physical Bridge (Level 1)

  • infrastructure-bridge: Configures IngressClass and ClusterIssuer.
    • DependsOn: namespaces, operators-core.
  • infrastructure-monitoring: Installs Prometheus/Grafana stack.
    • DependsOn: namespaces.

3. Identity & Secrets (Level 2)

  • infrastructure-configs: Deploys ExternalSecret resources.
    • DependsOn: infrastructure-bridge.

4. Workloads & Storage (Level 3 - Parallel)

  • infrastructure-instances: Deploys PostgresCluster, traefik service, longhorn ingress.
    • DependsOn: infrastructure-configs, infrastructure-operators-data.
  • apps-static: Deploys hugo-blog.
    • DependsOn: infrastructure-configs.
  • apps-static-wiki: Deploys hugo-wiki.
    • DependsOn: infrastructure-configs.
  • apps-data: Deploys mnemosyne-mcp.
    • DependsOn: infrastructure-configs.
  • apps-openclaw: Deploys openclaw.
    • DependsOn: infrastructure-configs.

5. Access Management (Level 4)

  • infrastructure-auth: Deploys Dex and OAuth2 Proxy.
    • DependsOn: infrastructure-instances.

Synchronization Strategy

  • Wait Mechanism: Only Level 0 and Level 1 use Flux wait: true or healthChecks.
  • Resource Ready: From Level 3 onwards, Flux is configured with wait: false. We rely on initContainers (wait-for-db) to handle application-level readiness without blocking the GitOps engine.

See Also