Mathis/dev-cluster
1
0
Fork 0
mirror of https://github.com/lordmathis/dev-cluster.git synced 2025-12-22 16:44:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2041126539e2e4b6ceb131e822c67f014a50e425
dev-cluster/provisioning
History
LordMathis 2041126539 Update provisioning secret
2024-12-23 19:53:39 +01:00
..
.terraform.lock.hcl
Update versions
2024-12-23 18:49:04 +01:00
cloud-init.yaml
Fix cloud init script
2024-12-23 18:48:43 +01:00
main.tf
Update versions
2024-12-23 18:49:04 +01:00
README.md
Update provisioning secret
2024-12-23 19:53:39 +01:00
s3_env.enc.yaml
Fix aws url
2024-09-14 21:37:46 +02:00
secrets.enc.yaml
Update provisioning secret
2024-12-23 19:53:39 +01:00
variables.tf
Add cloudflare
2024-09-20 16:52:20 +02:00

README.md

Dev-Cluster GitOps Provisioning

Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzner Cloud, set up for GitOps with Flux CD.

Prerequisites

  • OpenTofu
  • SOPS
  • Age
  • A Hetzner Cloud account and API token
  • Cloudflare DNS API token
  • A GitHub account and personal access token (for Flux)
  • S3 compatible storage credentials

Deployment

  1. Generate an Age key:

    age-keygen -o key.txt

  2. Edit .sops.yaml file in your project root:

    creation_rules:
  - unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
    age: <your-age-public-key>

    Replace <your-age-public-key> with the public key from your key.txt file.

  3. Create a secrets.yaml file with your sensitive data:

    username: <your-username>
user_hashed_password: <your-hashed-password>
user_ssh_public_key: <your-ssh-public-key>
github_username: <your-github-username>
github_repo: <your-flux-repo-name>
github_token: <your-github-token>

  4. Encrypt the secrets file:

    sops -e secrets.yaml > secrets.enc.yaml

  5. Create a terraform.tfvars file for your Hetzner Cloud token and Cloudflare Token:

    hcloud_token = "your-hetzner-cloud-token"
cloudflare_api_token = "your-cloudflare-token

  6. Create s3_env.yaml file with your S3 compatible storage credentials

    AWS_ENDPOINT_URL_S3 AWS_ACCESS_KEY_ID AWS_REGION AWS_SECRET_ACCESS_KEY

  7. Encrypt the s3_env.yaml file:

    sops -e s3_env.yaml > s3_env.enc.yaml

  8. Run OpenTofu:

    sops exec-env s3_env.enc.yaml 'tofu init'
sops exec-env s3_env.enc.yaml 'tofu apply'

Post Deployment

  1. Connect to the server

    Replace username with your username and public ip with the output value of tofu apply

    ssh ${username}@${public_ip}

  2. Create sops secret

    Use the key generated in step 1. of the deployment

    kubectl create ns flux-system
cat age.key | kubectl create secret generic sops-age \
--namespace=flux-system \
--from-file=age.key=/dev/stdin

  3. Bootstrap flux

    export GITHUB_TOKEN=${github_token} && flux bootstrap github --owner=${github_username} --repository=${github_repo} --path=clusters/prod --personal