Kubernetes

All workloads run on a Talos-based Kubernetes cluster managed through k8s-lab.

Cluster

  • OS: Talos Linux
  • Ingress: Traefik with dual-hostname pattern (public authenticated + local unauthenticated)
  • GitOps: ArgoCD for deployment, Kargo for promotion
  • Secrets: Central secret store in central-secret-store namespace
  • Storage: PVC-based with code-server-storage shared across workloads

Deployment Pattern

Most applications follow the “dojo pattern”:

  1. K8s manifests in the repo (k8s/base/)
  2. ArgoCD Application seed in k8s-lab/other-seeds/
  3. Automated sync with prune + self-heal
  4. Dual ingress hostnames via traefik-ingress helm chart

Systems

Workloads