TazLab K8s Repository Mapping
This page provides a high-resolution map of the tazlab-k8s repository. It is designed to help agents locate specific configuration files and understand the functional split.
Root Directory Organization
| Directory | Content Type | Ownership |
|---|---|---|
clusters/tazlab-k8s/ | Flux Kustomization entrypoints. | Flux Root |
infrastructure/operators/ | HelmRelease + HelmRepository + namespace.yaml. | Binaries (The Engine) |
infrastructure/configs/ | ExternalSecret + Static ConfigMaps. | State & Secrets |
infrastructure/instances/ | Custom Resources (CRs) like PostgresCluster. | Active Objects |
infrastructure/automation/ | ImagePolicy + ImageRepository. | Deployment Cycle |
infrastructure/auth/ | Dex and OAuth2 Proxy configs. | Access Control |
apps/base/ | Generic manifests (Deployments, Services). | App Template |
apps/cluster/ | Passthrough kustomization.yaml for overlays. | Cluster Hook |
Critical Manifests Checklist
The “Engine” (operators/)
operators/core/: Bundles Traefik, cert-manager, reloader.operators/monitoring/: Grafana and Prometheus.operators/postgres-operator/: Crunchy PGO.
The “Hearts” (instances/)
instances/tazlab-db/cluster.yaml: The PostgreSQL cluster definition.instances/traefik/service.yaml: MetalLB LoadBalancer IP assignment.instances/openclaw/pvc.yaml: Persistent volume for the AI agent.
The “Bridge” (configs/)
configs/wildcard-tls/: Wildcard cert delivery for ALL namespaces.configs/github-external-secret.yaml: The token Flux uses to write back image updates.
Variable Substitution (cluster-vars)
All Kustomizations under clusters/tazlab-k8s/ use substituteFrom to source variables from a ConfigMap named cluster-vars.
- Source: Provisioned by
ephemeral-castleduring bootstrap. - Usage:
${base_domain},${traefik_lb_ip},${cluster_name}.
See Also
- DAG: Flux DAG - How these files are build sequentially.
- Hub: TazLab K8s Hub