TazLab K8s GitOps Structure

The tazlab-k8s repository is organized to separate generic application logic from cluster-specific overrides. This allows for clean GitOps management via Flux CD.

The Base Inventory (/apps/base/)

This directory contains the core manifests for each application. These files define the “what” (the application itself) without worrying about “where” (cluster specifics).

1. hugo-blog

  • hugo-blog.yaml: Deployment (Nginx + static files) and Service.
  • middlewares.yaml: Traefik rules for HTTPS and path manipulation.
  • redirect-middleware.yaml: Handles tazlab.net -> blog.tazlab.net redirects.
  • certificate.yaml: Defines the certificate request for cert-manager.

2. hugo-wiki

  • hugo-wiki.yaml: The deployment of the wiki static site (this wiki).

3. mnemosyne-mcp

  • deployment.yaml: The Go-based MCP server.
  • service.yaml: Internal access point.
  • rbac.yaml: Permissions for the server to interact with the cluster.
  • external-secret.yaml: Injects the Gemini API key from the secret store.

Infrastructure Core Inventory (/infrastructure/)

This is where the cluster “engine” is defined, split into operators and their instances.

1. Operators (/infrastructure/operators/)

These are the Helm-managed binaries that control the cluster.

  • core/: Bundles Traefik, cert-manager, and Reloader.
  • data/: The PostgreSQL Operator (Crunchy PGO).
  • monitoring/: kube-prometheus-stack (Grafana + Prometheus).
  • namespaces/: Explicit declarations for all cluster namespaces.

2. Instances (/infrastructure/instances/)

The actual working objects managed by the operators.

  • tazlab-db/: The PostgresCluster resource for the shared database.
  • traefik/: The Traefik Service (type: LoadBalancer) and global middlewares.
  • longhorn/: Ingress and storage classes for the block storage system.
  • dex/: Identity provider configuration.
  • pgadmin/: Database management UI.
  • homepage/: The TazLab dashboard.

3. Automation (/infrastructure/automation/)

Contains ImagePolicy and ImageRepository for:

  • hugo-blog
  • hugo-wiki
  • mnemosyne-mcp
  • openclaw

The Entry Point (/clusters/tazlab-k8s/)

This is what Flux actually watches. It contains a flat list of Kustomizations that point to the folders above:

  • apps-static.yaml -> ./apps/cluster/hugo-blog
  • apps-static-wiki.yaml -> ./apps/cluster/hugo-wiki
  • apps-data.yaml -> ./apps/cluster/mnemosyne-mcp
  • infrastructure-operators-core.yaml -> ./infrastructure/operators/core
  • … and so on for each layer of the Flux DAG.

See Also