feat: start with talos
This commit is contained in:
commit
ace89ded66
7 changed files with 175 additions and 0 deletions
60
talos/README.md
Normal file
60
talos/README.md
Normal file
|
@ -0,0 +1,60 @@
|
|||
Change into the directory `$HOME/Documents/home-cluster/talos`
|
||||
|
||||
# Required packages
|
||||
```bash
|
||||
brew install talosctl talhelper sops age
|
||||
```
|
||||
## Helpful vscode extension
|
||||
```bash
|
||||
vscode extension @signageos/vscode-sops
|
||||
```
|
||||
|
||||
# Configure sops and age
|
||||
```bash
|
||||
# When decrypting a file with the corresponding identity, SOPS will look for a text
|
||||
# file named keys.txt located in a sops subdirectory of your user configuration directory.
|
||||
mkdir -p $HOME/Library/Application\ Support/sops/age
|
||||
|
||||
# Generate the key pair
|
||||
age-keygen -o $HOME/Library/Application\ Support/sops/age/keys.txt
|
||||
```
|
||||
|
||||
# talhelper
|
||||
## Encryption setup
|
||||
Create and copy the following content into your `.sops.yaml`. Replace `YOUR_PULBIC_AGE_KEY` with the public key that you can find in your previously genereted keys.txt.
|
||||
|
||||
> [!NOTE]
|
||||
> Do not change the indentation!
|
||||
|
||||
```yaml
|
||||
---
|
||||
creation_rules:
|
||||
- age: >-
|
||||
YOUR_PULBIC_AGE_KEY
|
||||
```
|
||||
|
||||
## talos secret
|
||||
Generate and encrypt your new talos secret.
|
||||
```bash
|
||||
talhelper gensecret > talsecret.sops.yaml
|
||||
|
||||
sops -e -i talsecret.sops.yaml
|
||||
```
|
||||
|
||||
> [!CAUTION]
|
||||
> Do not update or change `talsecret.sops.yaml`.
|
||||
|
||||
## talhelper environment vars
|
||||
Create and encrypt the talenv.yaml to store sensitive data used during `talhelper genconfig`
|
||||
```bash
|
||||
vi talenv.yaml
|
||||
|
||||
sops -e -i talenv.yaml
|
||||
```
|
||||
|
||||
## talhelper genconfig
|
||||
The command `talhelper genconfig` will create a `.gitignore`, `talosconfig` and `CLUSTERNAME_HOSTNAMEs.yaml` under clusterconfig.
|
||||
|
||||
> [!CAUTION]
|
||||
> The `.gitignore` contains all genereted files from `talhelper genconfig` because those files contain unencrypted secrets.
|
||||
|
Loading…
Add table
Add a link
Reference in a new issue