Pulumi-based management-cluster bootstrap and provisioning control plane for the RK2Lab ecosystem.

This repository owns provisioning lifecycle logic that is intentionally separated from rke2lab runtime/manifests docs.

Primary near-term scope:

• Stage A bootstrap of the management cluster (bioskop)

• Deterministic readiness gating

• Exported bootstrap outputs for Stage B handoff

Current runtime path is intentionally Stage A-only. Workload-cluster (nikopol, etc.) provisioning manifests are applied after management bootstrap as Stage B concerns.

Initial scaffold created. First implementation target is the Stage A bootstrap contract.

• docs/bootstrap-contract.adoc — source-of-truth contract for inputs/outputs/readiness/failure semantics

• docs/provisioning-slice-architecture.adoc — slice-as-component architecture for hot-reload without instance renewal, storage policies (STATIC/HOT_RELOAD), three-slice model (infrastructure/k8s/node), and C4 diagrams

• docs/fluent-pipeline-grammar.adoc — type-state enforced multi-stage workflow grammar with scoped lambdas, explicit conjunctions, and per-topic error handling

• docs/daemonset-host-assets-architecture.adoc — daemonset execution contract, shared policy helpers, host asset materialization flow, and encoded payload ownership for host-mutating runtime workflows

• docs/troubleshooting-workflow.adoc — canonical troubleshooting workflow covering operation-mode notes, .local.d/share helper scripts, RKE2LAB_SHARED_DIR execution, and repo promotion rules for durable diagnostics

• docs/systemd-dbus-adapter-architecture.adoc — split, review-oriented architecture set for the systemd adapter/proxy (context/container/component/sequence diagrams)

  • See also Runtime placement and Pulumi ownership for the explicit master-node proxy placement and Pulumi lifecycle ownership model.

• docs/incus-distribution-contract.adoc — reverse-engineered Incus distribution contract for seed/control-node provisioning

• docs/stagea-stageb-handoff-contract.adoc — explicit handoff assets between Stage A bootstrap and Stage B CAPI/CAPN reconciliation

• docs/post-bootstrap-in-cluster-ownership-plan.adoc — canonical post-bootstrap ownership plan covering CAPI machine lifecycle, GitOps add-on reconciliation, workflow/pipeline controller responsibilities, node-local reconcilers, and C4 review diagrams

• docs/kdns-debug-operator-view.adoc — operator-focused note describing how KDNS debugability is selected through Pulumi policy and applied to the rendered workload

• docs/rke2lab-authored-notes-import.adoc — imported historical planning notes from rke2lab carried forward as curated context

• src/main/java/ — Java Pulumi application

• Pulumi.yaml — Pulumi project metadata

• pom.xml — Maven build configuration

1. Define contract and acceptance checks in docs/bootstrap-contract.adoc

2. Capture and normalize Incus distribution contract from rke2lab in docs/incus-distribution-contract.adoc

3. Define Stage A → Stage B handoff asset contract in docs/stagea-stageb-handoff-contract.adoc

4. Implement minimal pulumi up path for management-cluster seed

5. Export kubeconfig + endpoint outputs for Stage B consumers