1.1 KiB
1.1 KiB
Stable Private-Only Baseline
This document defines the current engineering target for this repository.
Topology
- 1 control plane
- 2 workers
- private Hetzner network
- Tailscale operator access
In Scope
- Terraform infrastructure bootstrap
- Ansible k3s bootstrap
- Flux core reconciliation
- Hetzner CCM
- Hetzner CSI
- External Secrets Operator with Doppler
- Tailscale private access
- Observability stack
Out of Scope
- HA control plane
- public ingress or DNS
- public TLS
- app workloads
- DR / backup strategy
- upgrade strategy
Phase Gates
- Terraform apply completes for the default topology.
- k3s server bootstrap completes and kubeconfig works.
- Workers join and all nodes are Ready.
- Flux source and infrastructure reconciliation are healthy.
- CCM is Ready.
- CSI is Ready and a PVC can bind.
- External Secrets sync required secrets.
- Tailscale private access works.
- Observability is healthy and reachable privately.
- Terraform destroy succeeds cleanly or via workflow retry.
Success Criteria
The baseline is considered stable only after two consecutive fresh rebuilds pass all phase gates with no manual fixes.