Mathis/dev-cluster
1
0
Fork 0
mirror of https://github.com/lordmathis/dev-cluster.git synced 2025-12-23 00:54:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c853cf8946706ac3d49b58f577e85a2f5c3b97b0
dev-cluster/README.md

2.7 KiB
Raw Blame History

Dev-Cluster GitOps Provisioning

Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzner Cloud, set up for GitOps with Flux CD.

Prerequisites

  • Terraform installed
  • SOPS installed
  • Age installed (for encryption)
  • A Hetzner Cloud account and API token
  • A GitHub account and personal access token (for Flux)

Setup Steps

  1. Generate an Age key:

    age-keygen -o key.txt

  2. Create a .sops.yaml file in your project root:

    creation_rules:
  - path_regex: secrets\.enc\.yaml$
    age: <your-age-public-key>

    Replace <your-age-public-key> with the public key from your key.txt file.

  3. Create a secrets.yaml file with your sensitive data:

    username: <your-username>
user_hashed_password: <your-hashed-password>
user_ssh_public_key: <your-ssh-public-key>
github_username: <your-github-username>
github_repo: <your-flux-repo-name>

  4. Encrypt the secrets file:

    sops -e secrets.yaml > secrets.enc.yaml

  5. Create a terraform.tfvars file for your Hetzner Cloud token:

    hcloud_token = "your-hetzner-cloud-token"

  6. Initialize Terraform:

    terraform init

  7. Plan your Terraform deployment:

    terraform plan

  8. Apply your Terraform configuration:

    terraform apply

File Structure

  • main.tf: Main Terraform configuration file
  • variables.tf: Terraform variables definition
  • cloud-init.yaml: Cloud-init configuration template
  • secrets.enc.yaml: Encrypted secrets file (do not commit to version control)
  • terraform.tfvars: Terraform variables values (do not commit to version control)
  • .sops.yaml: SOPS configuration file

Usage

After successful provisioning, you can access your new server using SSH:

ssh <your-username>@<server-ip>

The server IP will be output by Terraform after successful application.

Customization

  • Modify cloud-init.yaml to change the initial server setup.
  • Adjust main.tf to change Hetzner Cloud resources or add additional configurations.

Security Notes

  • Never commit secrets.yaml, secrets.enc.yaml, or terraform.tfvars to version control.
  • Keep your key.txt file secure and backed up. Losing this file means losing access to your encrypted secrets.

Troubleshooting

If you encounter issues:

  1. Check Terraform output for errors.
  2. Review cloud-init logs on the server: /var/log/cloud-init-output.log
  3. Ensure all required variables are correctly set in your encrypted secrets file.

For further assistance, please open an issue in the project repository.