Dev-Cluster GitOps Provisioning

Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzner Cloud, set up for GitOps with Flux CD.

Prerequisites

OpenTofu
SOPS
Age
A Hetzner Cloud account and API token
Cloudflare DNS API token
A GitHub account and personal access token (for Flux)
S3 compatible storage credentials

Setup Steps

Generate an Age key:
```
age-keygen -o key.txt
```

Edit .sops.yaml file in your project root:

creation_rules:
  - unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
    age: <your-age-public-key>

Replace <your-age-public-key> with the public key from your key.txt file.

Create a secrets.yaml file with your sensitive data:

username: <your-username>
user_hashed_password: <your-hashed-password>
user_ssh_public_key: <your-ssh-public-key>
github_username: <your-github-username>
github_repo: <your-flux-repo-name>
github_token: <your-github-token>

Encrypt the secrets file:

sops -e secrets.yaml > secrets.enc.yaml

Create a terraform.tfvars file for your Hetzner Cloud token:
```
hcloud_token = "your-hetzner-cloud-token"
```
Create s3_env.yaml file with your S3 compatible storage credentials

AWS_ENDPOINT_URL_S3 AWS_ACCESS_KEY_ID AWS_REGION AWS_SECRET_ACCESS_KEY
Encrypt the s3_env.yaml file:
```
sops -e s3_env.yaml > s3_env.enc.yaml
```

Initialize OpenTofu:

sops exec-env s3_env.enc.yaml 'tofu init'

tofu init
tofu plan
tofu apply

1.8 KiB Raw Blame History

Dev-Cluster GitOps Provisioning

Prerequisites

Setup Steps

1.8 KiB

Raw Blame History