Mathis/dev-cluster
1
0
Fork 0
mirror of https://github.com/lordmathis/dev-cluster.git synced 2025-12-22 08:34:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dd963617eec5a23d5381312b530fa856b238b439
dev-cluster/README.md

119 lines
2.8 KiB
Markdown
Raw Blame History

# Dev-Cluster
![Cluster Health Monitor](https://github.com/lordmathis/dev-cluster/actions/workflows/health_monitor.yaml/badge.svg)
Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzner Cloud, set up for GitOps with Flux CD.
## Prerequisites
- [OpenTofu](https://opentofu.org/docs/intro/install/)
- [SOPS](https://github.com/mozilla/sops)
- [Age](https://github.com/FiloSottile/age)
- A Hetzner Cloud account and API token
- Cloudflare DNS API token
- A GitHub account and personal access token (for Flux)
- S3 compatible storage credentials
## Deployment
1. **Generate an Age key:**
```
age-keygen -o key.txt
```
2. **Edit `.sops.yaml` file in project root:**
```yaml
creation_rules:
- unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
age: <your-age-public-key>
```
Replace `<your-age-public-key>` with the public key from your `key.txt` file.
3. **Create a `secrets.yaml` file with your sensitive data:**
```bash
cd provisioning
```
```yaml
username: <your-username>
user_hashed_password: <your-hashed-password>
user_ssh_public_keys: |
<your-ssh-public-key>
domain_name: <your-domain-name>
```
4. **Encrypt the secrets file:**
```
sops -e secrets.yaml > secrets.enc.yaml
```
5. **Create a `terraform.tfvars` file for your Hetzner Cloud token and Cloudflare Token:**
```hcl
hcloud_token = "your-hetzner-cloud-token"
cloudflare_api_token = "your-cloudflare-token
```
6. **Create `s3_env.yaml` file with your S3 compatible storage credentials**
`AWS_ENDPOINT_URL_S3`
`AWS_ACCESS_KEY_ID`
`AWS_REGION`
`AWS_SECRET_ACCESS_KEY`
7. **Encrypt the `s3_env.yaml` file:**
```bash
sops -e s3_env.yaml > s3_env.enc.yaml
```
8. **Run OpenTofu:**
```bash
sops exec-env s3_env.enc.yaml 'tofu init'
sops exec-env s3_env.enc.yaml 'tofu apply'
```
## Post Deployment
1. **Connect to the server**
Replace username with your username and public ip with the output value of `tofu apply`
```bash
ssh ${username}@${public_ip}
```
2. **Create sops secret**
Use the key generated in step 1. of the deployment
```bash
kubectl create ns flux-system
echo 'AGE-SECRET-KEY-...' | kubectl create secret generic sops-age \
--namespace=flux-system \
--from-file=age.agekey=/dev/stdin
```
3. **Create GitHub access token**
[https://fluxcd.io/flux/installation/bootstrap/github/](https://fluxcd.io/flux/installation/bootstrap/github/)
3. **Bootstrap flux**
```bash
export GITHUB_TOKEN=your_github_token
export GITHUB_USERNAME=your_github_username
export GITHUB_REPO=your_github_repo
flux bootstrap github \
--owner=$GITHUB_USERNAME \
--repository=$GITHUB_REPO \
--components-extra=image-reflector-controller,image-automation-controller \
--path=clusters/prod --personal
```
Reference in New Issue View Git Blame Copy Permalink