2.4 KiB
Deploy Talos with the help of talhelper
Change into the directory $HOME/Documents/home-cluster/talos
Required packages
brew install talosctl talhelper sops age
Helpful vscode extension
vscode extension @signageos/vscode-sops
Configure sops and age
# When decrypting a file with the corresponding identity, SOPS will look for a text
# file named keys.txt located in a sops subdirectory of your user configuration directory.
mkdir -p $HOME/Library/Application\ Support/sops/age
# Generate the key pair
age-keygen -o $HOME/Library/Application\ Support/sops/age/keys.txt
talhelper
Encryption setup
Create and copy the following content into your .sops.yaml. Replace YOUR_PULBIC_AGE_KEY with the public key that you can find in your previously genereted keys.txt.
Note
Do not change the indentation!
---
creation_rules:
- age: >-
YOUR_PULBIC_AGE_KEY
talos secret
Generate and encrypt your new talos secret.
talhelper gensecret > talsecret.sops.yaml
sops -e -i talsecret.sops.yaml
Caution
Do not update or change
talsecret.sops.yaml.
talhelper environment vars
Create and encrypt the talenv.yaml to store sensitive data used during talhelper genconfig
vi talenv.yaml
sops -e -i talenv.yaml
talhelper genconfig
The command talhelper genconfig will create a .gitignore, talosconfig and CLUSTERNAME_HOSTNAMEs.yaml under clusterconfig.
Caution
The
.gitignorecontains all genereted files fromtalhelper genconfigbecause those files contain unencrypted secrets.
talconfig.yaml
Create a talconfig.yaml. Take inspiration from the talhelper template and the configuration parameters.
vi talconfig.yaml