2 July 2026

Hello from the cluster

How this page got here: a commit, a multi-arch image, and a GitOps reconcile — with no hands on the cluster.

platformgitopskubernetes


You are reading a page that was never deployed. It was declared.

This site runs on Dream Code Factory's own platform: a Kubernetes cluster on immutable Talos Linux nodes in Falkenstein, Germany, provisioned by OpenTofu, fronted by Traefik through the Gateway API, with TLS from Let's Encrypt. Every layer of that sentence exists as text in a git repository.

The path this post took

The journey from a writer's keyboard to your screen has exactly three stops:

  1. Commit. This post is an .mdx file in the website repository. It landed on the main line as a reviewed pull request, like every other change — code, infrastructure, or prose.
  2. Build. CI compiled the site and baked it into a container image, built for both amd64 and arm64, and pushed it to the registry. The content ships inside the image: the artifact you test is the artifact you run.
  3. Reconcile. A one-line change in the GitOps repository pointed the cluster at the new image tag. Argo CD noticed the desired state had moved and made reality match it.

No kubectl apply. No SSH session. No dashboard. We call this property "nothing clicked" — if it isn't declared in git, it isn't running.

Why go to this trouble?

Because the interesting promise isn't that this site is up; it's that the whole platform is reproducible and portable. A deliberate seam separates the platform from its workloads, so the substrate underneath — the provider, even the Kubernetes distribution — can be swapped without rewriting a single workload. Combined with an .eu domain in the EU's own registry, EU DNS, and EU servers, that seam is what turns "servers in Europe" into something stronger: jurisdictional sovereignty.

This blog documents how the platform gets built — the decisions, the trade-offs, and the occasional dead end. The next posts walk through the foundations: provisioning the cluster with OpenTofu, bootstrapping Argo CD so it manages itself, and putting a real domain with real certificates in front of it.

Welcome aboard. Everything you'll read here shipped the same way this page did.