2.7 KiB
Deploy Talos with the help of talhelper
Required packages
brew install talosctl talhelper sops age
Helpful vscode extension
vscode extension @signageos/vscode-sops
Configure sops and age
# When decrypting a file with the corresponding identity, SOPS will look for a text
# file named keys.txt located in a sops subdirectory of your user configuration directory.
mkdir -p $HOME/Library/Application\ Support/sops/age
# Generate the key pair
age-keygen -o $HOME/Library/Application\ Support/sops/age/keys.txt
talhelper
Change into the directory $HOME/Documents/home-cluster/talos
Encryption setup
Create the file .sops.yaml and copy the following content into it. Replace YOUR_PULBIC_AGE_KEY with the public key that you can find in your previously genereted keys.txt.
Note
Do not change the indentation!
---
creation_rules:
- age: >-
YOUR_PULBIC_AGE_KEY
talos secret
Generate and encrypt your new talos secret.
talhelper gensecret > talsecret.sops.yaml
sops -e -i talsecret.sops.yaml
Caution
Do not update or change
talsecret.sops.yaml.
talhelper environment vars
Create and encrypt the talenv.yaml to store sensitive data used during talhelper genconfig
vi talenv.yaml
sops -e -i talenv.yaml
talhelper genconfig
The command talhelper genconfig will create a .gitignore, talosconfig and CLUSTERNAME_HOSTNAMEs.yaml under clusterconfig.
Caution
The
.gitignorecontains all genereted files fromtalhelper genconfigbecause those files contain unencrypted secrets.
talconfig.yaml
Create a talconfig.yaml. Take inspiration from the talhelper template and the configuration parameters.
vi talconfig.yaml
Talos image factory
Vist the website https://factory.talos.dev
- Hardware Type: Bare-metal Machine
- Choose Talos Linux Version: 1.10.0 (use the latest stable version)
- Machine Architecture: amd64
- System Extensions:
- siderolabs/i915 (intel gpu drivers)
- siderolabs/intel-ucode (intel microcode)
- Customization: skip
- Schematic Ready: Download the iso