home-cluster/talos/README.md

78 lines
2.3 KiB
Markdown
Raw Normal View History

2025-05-06 01:10:24 +02:00
# Deploy Talos with the help of talhelper <!-- omit in toc -->
2025-05-06 01:06:52 +02:00
2025-05-06 01:05:47 +02:00
- [Required packages](#required-packages)
- [Helpful vscode extension](#helpful-vscode-extension)
- [Configure sops and age](#configure-sops-and-age)
- [talhelper](#talhelper)
- [Encryption setup](#encryption-setup)
- [talos secret](#talos-secret)
- [talhelper environment vars](#talhelper-environment-vars)
- [talhelper genconfig](#talhelper-genconfig)
- [talconfig.yaml](#talconfigyaml)
2025-05-06 00:56:54 +02:00
Change into the directory `$HOME/Documents/home-cluster/talos`
# Required packages
```bash
brew install talosctl talhelper sops age
```
## Helpful vscode extension
```bash
vscode extension @signageos/vscode-sops
```
# Configure sops and age
```bash
# When decrypting a file with the corresponding identity, SOPS will look for a text
# file named keys.txt located in a sops subdirectory of your user configuration directory.
mkdir -p $HOME/Library/Application\ Support/sops/age
# Generate the key pair
age-keygen -o $HOME/Library/Application\ Support/sops/age/keys.txt
```
# talhelper
## Encryption setup
2025-05-06 01:12:14 +02:00
Create the file `.sops.yaml` and copy the following content into it. Replace `YOUR_PULBIC_AGE_KEY` with the public key that you can find in your previously genereted keys.txt.
2025-05-06 00:56:54 +02:00
> [!NOTE]
> Do not change the indentation!
```yaml
---
creation_rules:
- age: >-
YOUR_PULBIC_AGE_KEY
```
## talos secret
Generate and encrypt your new talos secret.
```bash
talhelper gensecret > talsecret.sops.yaml
sops -e -i talsecret.sops.yaml
```
> [!CAUTION]
> Do not update or change `talsecret.sops.yaml`.
## talhelper environment vars
Create and encrypt the talenv.yaml to store sensitive data used during `talhelper genconfig`
```bash
vi talenv.yaml
sops -e -i talenv.yaml
```
## talhelper genconfig
The command `talhelper genconfig` will create a `.gitignore`, `talosconfig` and `CLUSTERNAME_HOSTNAMEs.yaml` under clusterconfig.
> [!CAUTION]
> The `.gitignore` contains all genereted files from `talhelper genconfig` because those files contain unencrypted secrets.
2025-05-06 01:04:44 +02:00
## talconfig.yaml
Create a talconfig.yaml. Take inspiration from the [talhelper template](https://github.com/budimanjojo/talhelper/blob/master/example/talconfig.yaml) and the [configuration parameters](https://budimanjojo.github.io/talhelper/latest/reference/configuration/).
```bash
vi talconfig.yaml
```