k8s-clusters/home/readme.md

# Home Cluster

> **NOTE**: Scripts below are in `fish` shell.

## TODO

- **Netboot**: https://www.sidero.dev/v0.5/getting-started/prereq-dhcp/
  - Can probably leverage `dnsmasq` on the router for this?

## Setup

### Networking

- Prepare networking
  - Internally:
    - Add a DNS entry for the cluster endpoint (router's `/etc/hosts` + `dnsmasq`) to point to the initial node
  - Externally:
    - Add a DNS entry for the cluster endpoint to point to the router
    - Setup the router to forward external requests to the initial node

### Setup Kubernetes Cluster

> **Source**: https://www.talos.dev/v1.1/introduction/getting-started/

```bash
#!/usr/bin/env fish
# these are my values, you will want your own
set CLUSTER_NAME 'home'
set CLUSTER_ENDPOINT 'https://kube-cluster.home.lyte.dev:6443'
set NODE_ADDR '10.0.0.101'
set AGE_KEY (pass age-key | rg '# public key: ' | awk '{printf $4}')
```

- Setup talos directory if needed
  - `mkdir -p talos; cd talos`
- Boot the Talos image on the initial node
- If you are not using _this_ configuration:
  - `talosctl gen config "$CLUSTER_NAME" "$CLUSTER_ENDPOINT"`
  - Edit files as needed
  - `mv talosconfig talosconfig.yaml`
  - Encrypt via `sops` with `age`
    - `for f in *; sops yaml --encrypt --age-key "$AGE_KEY" --in-place "$f"; end`
- Apply the control plane config to the initial node
  - `sops exec-file controlplane.yaml 'talosctl apply-config --insecure --nodes '"$NODE_ADDR"' --file {}'`
  - You will need to wait a bit for the configuration to be applied, Talos to
    install itself, for the node to reboot, and for post-boot initialization
- Setup the client to communicate with the newly-configured node
  - `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["endpoints"][0] "'"$NODE_ADDR"'"' talosconfig.yaml`
  - `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["nodes"][0] "'"$NODE_ADDR"'"' talosconfig.yaml`
  - Optionally also make this the default in `~/.talos/config` with `sops exec-file talosconfig.yaml 'talosctl config merge {}'`
- Bootstrap the cluster
  - `talosctl bootstrap --nodes "$NODE_ADDR"`
  - You will need to wait a bit for Kubernetes to initialize
- Pull down the kubeconfig
  - `talosctl kubeconfig`

Once the cluster has finished initializing _and starting up_, you should be
able to `kubectl get nodes`.

#### Adding Nodes

> **NOTE**: UNTESTED

- Boot the Talos image on the target node
- Add the node to `talosconfig.yaml`
- Apply the appropriate configuration to the target node
  - `sops exec-file "$CONFIG_FILE" 'talosctl apply-config --insecure --nodes "$NODE_ADDR" --file {}'`
  - You will need to wait a bit for Kubernetes to initialize, start up, and
    then join the cluster

#### Removing Nodes

- **TODO**

#### Untaint Masters

Since we're "frugal" (cheap) and we want to use all the hardware for all the
things:

```bash
kubectl taint nodes --all node-role.kubernetes.io/master-
```

### Apply Manifests

```bash
kubectl apply -k manifests
```

### Setting up GitOps

**TODO**

### Storage

**TODO**

## Load Balancing

I can _probably_ handle this with my router?

**TODO**