HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
48a80c362cab559b16cc0f93b27aa8553cf0db31
HetznerTerra/STABLE_BASELINE.md
MichaelFisher1997 522626a52b
Some checks failed
Deploy Cluster / Terraform (push) Successful in 1m48s
Details
Deploy Cluster / Ansible (push) Failing after 4m7s
Details
refactor: simplify stable cluster baseline
2026-03-20 02:24:37 +00:00

1.1 KiB
Raw Blame History

Stable Private-Only Baseline

This document defines the current engineering target for this repository.

Topology

  • 1 control plane
  • 2 workers
  • private Hetzner network
  • Tailscale operator access

In Scope

  • Terraform infrastructure bootstrap
  • Ansible k3s bootstrap
  • Flux core reconciliation
  • Hetzner CCM
  • Hetzner CSI
  • External Secrets Operator with Doppler
  • Tailscale private access
  • Observability stack

Out of Scope

  • HA control plane
  • public ingress or DNS
  • public TLS
  • app workloads
  • DR / backup strategy
  • upgrade strategy

Phase Gates

  1. Terraform apply completes for the default topology.
  2. k3s server bootstrap completes and kubeconfig works.
  3. Workers join and all nodes are Ready.
  4. Flux source and infrastructure reconciliation are healthy.
  5. CCM is Ready.
  6. CSI is Ready and a PVC can bind.
  7. External Secrets sync required secrets.
  8. Tailscale private access works.
  9. Observability is healthy and reachable privately.
  10. Terraform destroy succeeds cleanly or via workflow retry.

Success Criteria

The baseline is considered stable only after two consecutive fresh rebuilds pass all phase gates with no manual fixes.

Reference in New Issue View Git Blame Copy Permalink