Mathis/dev-cluster
1
0
Fork 0
mirror of https://github.com/lordmathis/dev-cluster.git synced 2025-12-22 16:44:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move README to project root

Browse Source
This commit is contained in:
Matúš Námešný
2024-12-25 11:25:21 +01:00
parent e23f279cb7
commit bbfab5d400
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
provisioning/README.md
View File

@@ -1,99 +0,0 @@
# Dev-Cluster GitOps Provisioning
Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzner Cloud, set up for GitOps with Flux CD.
## Prerequisites
- [OpenTofu](https://opentofu.org/docs/intro/install/)
- [SOPS](https://github.com/mozilla/sops)
- [Age](https://github.com/FiloSottile/age)
- A Hetzner Cloud account and API token
- Cloudflare DNS API token
- A GitHub account and personal access token (for Flux)
- S3 compatible storage credentials
## Deployment
1. **Generate an Age key:**
```
age-keygen -o key.txt
```
2. **Edit `.sops.yaml` file in your project root:**
```yaml
creation_rules:
- unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
age: <your-age-public-key>
```
Replace `<your-age-public-key>` with the public key from your `key.txt` file.
3. **Create a `secrets.yaml` file with your sensitive data:**
```yaml
username: <your-username>
user_hashed_password: <your-hashed-password>
user_ssh_public_key: <your-ssh-public-key>
```
4. **Encrypt the secrets file:**
```
sops -e secrets.yaml > secrets.enc.yaml
```
5. **Create a `terraform.tfvars` file for your Hetzner Cloud token and Cloudflare Token:**
```hcl
hcloud_token = "your-hetzner-cloud-token"
cloudflare_api_token = "your-cloudflare-token
```
6. **Create `s3_env.yaml` file with your S3 compatible storage credentials**
`AWS_ENDPOINT_URL_S3`
`AWS_ACCESS_KEY_ID`
`AWS_REGION`
`AWS_SECRET_ACCESS_KEY`
7. **Encrypt the `s3_env.yaml` file:**
```bash
sops -e s3_env.yaml > s3_env.enc.yaml
```
8. **Run OpenTofu:**
```bash
sops exec-env s3_env.enc.yaml 'tofu init'
sops exec-env s3_env.enc.yaml 'tofu apply'
```
## Post Deployment
1. **Connect to the server**
Replace username with your username and public ip with the output value of `tofu apply`
```bash
ssh ${username}@${public_ip}
```
2. **Create sops secret**
Use the key generated in step 1. of the deployment
```bash
kubectl create ns flux-system
echo 'AGE-SECRET-KEY-...' | kubectl create secret generic sops-age \
--namespace=flux-system \
--from-file=age.agekey=/dev/stdin
```
3. **Bootstrap flux**
```
export GITHUB_TOKEN=${github_token} && flux bootstrap github --owner=${github_username} --repository=${github_repo} --path=clusters/prod --personal
```