# BetelgeuseBytes K8s — Full Stack (kubectl-only)

**Nodes**
- Control-plane + worker: hetzner-1 (95.217.89.53)
- Worker: hetzner-2 (138.201.254.97)

## Bring up the cluster
```bash
ansible -i ansible/inventories/prod/hosts.ini all -m ping
ansible-playbook -i ansible/inventories/prod/hosts.ini ansible/playbooks/site.yml
```

## Apply apps (edit secrets first)
```bash
kubectl apply -f k8s/00-namespaces.yaml
kubectl apply -f k8s/01-secrets/
kubectl apply -f k8s/storage/storageclass.yaml

kubectl apply -f k8s/postgres/
kubectl apply -f k8s/redis/
kubectl apply -f k8s/elastic/elasticsearch.yaml
kubectl apply -f k8s/elastic/kibana.yaml

kubectl apply -f k8s/gitea/
kubectl apply -f k8s/jupyter/
kubectl apply -f k8s/kafka/kafka.yaml
kubectl apply -f k8s/kafka/kafka-ui.yaml
kubectl apply -f k8s/neo4j/

kubectl apply -f k8s/otlp/
kubectl apply -f k8s/observability/fluent-bit.yaml
kubectl apply -f k8s/prometheus/
kubectl apply -f k8s/grafana/
```

## DNS
A records:
- apps.betelgeusebytes.io → 95.217.89.53, 138.201.254.97

CNAMEs → apps.betelgeusebytes.io:
- gitea., kibana., grafana., prometheus., notebook., broker., neo4j., otlp.

(HA later) cp.k8s.betelgeusebytes.io → <VPS_IP>, 95.217.89.53, 138.201.254.97; then set control_plane_endpoint accordingly.