Cleanup and add echoserver

home/manifests/echoserver/deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: echoserver
+  namespace: echoserver
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: echoserver
+  template:
+    metadata:
+      labels:
+        app: echoserver
+    spec:
+      containers:
+      - image: nginx:1.23.0-alpine
+        imagePullPolicy: IfNotPresent
+        name: echoserver
+        ports:
+        - containerPort: 80
+        env:
+        - name: PORT
+          value: "80"

home/manifests/echoserver/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - service.yaml
+  - deployment.yaml

home/manifests/echoserver/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: echoserver

home/manifests/echoserver/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: echoserver
+  namespace: echoserver
+spec:
+  ports:
+    - port: 80
+      targetPort: 80
+      protocol: TCP
+  type: LoadBalancer
+  selector:
+    app: echoserver

home/readme.md

@@ -1,5 +1,7 @@
 # Home Cluster
 
+> **NOTE**: Scripts below are in `fish` shell.
+
 ## TODO
 
 - **Netboot**: https://www.sidero.dev/v0.5/getting-started/prereq-dhcp/
@@ -20,19 +22,23 @@
 
 > **Source**: https://www.talos.dev/v1.1/introduction/getting-started/
 
+- Setup talos directory if needed
+  - `mkdir -p talos; cd talos`
 - Boot the Talos image on the initial node
 - If you are not using _this_ configuration:
-  - `talosctl gen config "cluster-name" "cluster-endpoint"`
+  - `talosctl gen config "$CLUSTER_NAME" "$CLUSTER_ENDPOINT"`
   - Edit files as needed
+  - Encrypt via `sops` with `age`
+    - `for f in *; sops --encrypt --age-key "$AGE_KEY" --in-place "$f"; end`
 - Apply the control plane config to the initial node
-  - `talosctl apply-config --insecure --nodes "$INITIAL_NODE_ADDR" --file controlplane.yaml`
+  - `sops exec-file controlplane.yaml 'talosctl apply-config --insecure --nodes "$NODE_ADDR" --file {}'`
   - You will need to wait a bit for the configuration to be applied, Talos to
     install itself, for the node to reboot, and for post-boot initialization
 - Setup the client to communicate with the newly-configured node
-  - `talosctl --talosconfig=./talosconfig config endpoint "$INITIAL_NODE_ADDR"`
-    - Optionally also make this the default with `talosctl config merge ./talosconfig`
+  - `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["endpoints"] ["'"$NODE_ADDR"'"]' talosconfig`
+    - Optionally also make this the default in `~/.talos/config` with `sops exec-file talosconfig 'talosctl config merge {}'`
 - Bootstrap the cluster
-  - `talosctl bootstrap --nodes "$INITIAL_NODE_ADDR"`
+  - `talosctl bootstrap --nodes "$NODE_ADDR"`
   - You will need to wait a bit for Kubernetes to initialize
 - Pull down the kubeconfig
   - `talosctl kubeconfig`
@@ -44,12 +50,11 @@ able to `kubectl get nodes`.
 
 > **Note**: UNTESTED
 
-- Boot the Talos ISO on the target node
+- Boot the Talos image on the target node
 - Apply the appropriate configuration to the target node
-  - `talosctl apply-config --insecure --nodes "$TARGET_NODE_ADDR" --file controlplane.yaml`
+  - `sops exec-file "$CONFIG_FILE" 'talosctl apply-config --insecure --nodes "$NODE_ADDR" --file {}'`
   - You will need to wait a bit for Kubernetes to initialize, start up, and
     then join the cluster
-- Add the node to `talosconfig` as needed
 
 #### Untaint Masters
 

home/talos/.gitignore

@@ -1,3 +0,0 @@
-talosconfig
-*.yaml
-!*.encrypted.yaml