diff --git a/home/readme.md b/home/readme.md index 71dc205..b9ba359 100644 --- a/home/readme.md +++ b/home/readme.md @@ -22,21 +22,31 @@ > **Source**: https://www.talos.dev/v1.1/introduction/getting-started/ +```bash +#!/usr/bin/env fish +# these are my values, you will want your own +set CLUSTER_NAME 'home' +set CLUSTER_ENDPOINT 'https://kube-cluster.home.lyte.dev:6443' +set NODE_ADDR '10.0.0.101' +set AGE_KEY (pass age-key | rg '# public key: ' | awk '{printf $4}') +``` + - Setup talos directory if needed - `mkdir -p talos; cd talos` - Boot the Talos image on the initial node - If you are not using _this_ configuration: - `talosctl gen config "$CLUSTER_NAME" "$CLUSTER_ENDPOINT"` - Edit files as needed + - `mv talosconfig talosconfig.yaml` - Encrypt via `sops` with `age` - - `for f in *; sops --encrypt --age-key "$AGE_KEY" --in-place "$f"; end` + - `for f in *; sops yaml --encrypt --age-key "$AGE_KEY" --in-place "$f"; end` - Apply the control plane config to the initial node - - `sops exec-file controlplane.yaml 'talosctl apply-config --insecure --nodes "$NODE_ADDR" --file {}'` + - `sops exec-file controlplane.yaml 'talosctl apply-config --insecure --nodes '"$NODE_ADDR"' --file {}'` - You will need to wait a bit for the configuration to be applied, Talos to install itself, for the node to reboot, and for post-boot initialization - Setup the client to communicate with the newly-configured node - - `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["endpoints"] ["'"$NODE_ADDR"'"]' talosconfig` - - Optionally also make this the default in `~/.talos/config` with `sops exec-file talosconfig 'talosctl config merge {}'` + - `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["endpoints"] ["'"$NODE_ADDR"'"]' talosconfig.yaml` + - Optionally also make this the default in `~/.talos/config` with `sops exec-file talosconfig.yaml 'talosctl config merge {}'` - Bootstrap the cluster - `talosctl bootstrap --nodes "$NODE_ADDR"` - You will need to wait a bit for Kubernetes to initialize diff --git a/home/talos/talosconfig b/home/talos/talosconfig deleted file mode 100644 index 95966e1..0000000 --- a/home/talos/talosconfig +++ /dev/null @@ -1,20 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:FUBoK1fRvUkqeWeGgb1bHzloj4PwbEjlq+Y1tOkAkuY/f/r0RdjMfVXi9xDsWH9CsDo+C1z5hzzG6BULdvdxSuZl8Rqt6rugZ9otHjhrE4Q0VK0qNcV0YAcw7EEVkxTSmfkoUSf/eNLMTtWfvV/Kg/YHcqy+ycfVPHGgHvNgLglwY/gldpYi1nnOzzvLUUDZofLIMnm1tfRxPQdtDCZfr6cdcbVz2/DBAFd5JKxW+jgy0D9CLJZELUzwFgLJyPgs0bzDH+3POWzTilM9W6RDQH78V9He2NO+Id0cV84am+y/FKcN0LVxyE7hnmC90ZTbWwt83+xMKWfK9kYKPFv2W47aahIOm8ATu6YYtplQlaBPQgyvcvrf8lQ/QD11B73TZswL8wr+rzNG+XxqaCiUcxZ5xKHqPLsrF/FrOlA2esfCf/iU955RXIYgYBiKz7Q+UvHtTjPQ62pUQFmGfIHNmlHffOYnYar4ge2ytOzSJOY1RwtmdBS7p9Watot/BEgCJyqyynfmePfKVbJn9u5a4bcvpsnJUV6tQFw1rIbQt8n8l32ShV/aZX50sCfjr6Q99pRwT9GFQ+zgRzNlnB38tKQYnfWg/974gB9L7PoROeLfOiY/xaeZxfH66QnHxswze2dMR/dl4PBovanOf+ttsDZOa7mzx8wxEiNNkzAL64e/65G9geWvTn3MICBDV/IzixNvzS7Wsyvtybocs7/yyr4COEklYnhUOBFYEfm2H5S4yFwbFClXFb7g9AY2j7NR9MiRZu3XtDUPnp0643V1tGE9Ddcv3U9oSdWU6vT8uAEDy0xqBuPuxY8PhPOmFd0f3BQ4XHisVOekIvpWWgf+oIzsE45wWIhzOGTR14pcfVIvCAHFbhFANX4tYKukUYTszrqYsECPx65KHEnZB7hLBv0FRjDHB5genRUOqENvpocvYQZDKPagN/PfvWckLb3GchEubPe5QnqCVF29PVn3Ulr/Tc0E7afdtHkC2367IbHnKiCjRG/UB72XGqtkL8s3XgGxE+vNuEzBTYVGeySF4I4d1BoLa8hO8BMzVmC3IMFto8lH1DuF/8/VOqBQfeZoONpRRvUtFbszFqoI+GnVQmrL4mIikKTGMdTrP/l1xc1QJkuemzM+S3ZSW+D0i+ITBLdJAtcnuDuqp6yw0lLdSgGEKFw6ggLgUZQSh3aIu0BGt3u3KV8ZsrCDa5OOLbzLrYcMaVkLInJeFsfDgaJYsSi9TIwgcOHG0cfFw+TpmoJUMIdwkAhW5yhq4b5nmFZrO1kiWxsu5W3NG+lu/M0TJV+iNWzpXIDdFVJew7pNaw5WfbM5SxNSDNakXwHdJC+5WZ1i6HKyGzKC/xBB98HWCif7NTAjBNcNhrm6HNxGI1kyf7BjPUHl8Aa/tPZJg4IuqzowsIsKkWxgWBDPx035E8nvZ1+sTbXff/vqtIdlTXlUJLz4W+3EVCo79dKiyJ/7tmgPfz0beJaMxKu4KKeopxhq7XmPqRzU950Gzzr57kW/Y5+ChV5lA9u55c52UoTC67eqdw0KNs6lpK2lwqQdZefNx7ktHro6l/K/a8ql8/Lslg4w2wbP8sGrtBI0Ty+G7Dkl6sKJevg6WncVg3PT4jgdYlsDuuURhxGb3U2vC0SIVghf1zHsrKyK/rTOnYMgDcf8aHMYwlikrJVdYNkdFatHaQtMXFpi/NhoBCF/NROKUlHLncQIjSLNJcfHXa0LieglVtNEQyhZ3vSXh5TLEn9roZ+b0vmYjZnBjY4tUIVozcgDy5g7KnSPXu7Sjw7Y7r10+eh7UlQeGR9hUZ5cU7AAHUwLdkauzAfueZjHIKx7tqPmhiJFhuOVyqPlPpQhQi9LahLgY6wH5Q4XTdtCHrJwgG7jR44JFCaraC0Epbea4FJDS2r2pQ4uPYPR2W84rO5kM4ydk/oBJFV2sPYhAMVpXxoC6Q2BUBrElyJghuklbW9xtzEEZ5ADaNWPkfhPHWEpPmkTCihkMSgLRLR2LkgNDL+xj2gfItpHQctMgKwSUsY5MN9rB+XdqrGIPNCMNXeg1EPIG5jwkEv/M7wylUBHBGi5+kkv6EvfXqo9h6wgzg0fNnvLiCatZwsvIGnJ4OfTgYtSsCCptFeedWCmg0BveqNnn4rI3vB0sPrmIeQJ8pjrVVrnvab6dZnTU/y+FfB+,iv:6x0EQU4VG+UoXQRoHHrMSpnJXzlY94mnzWQAV7HD/FU=,tag:kYS5e1ml5inLAzadEakKXg==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TEx6VE9meXdremlCRnYw\ncVdXL3VsbXNtc09rTVBrZWpWNG15U2VUTUh3CnZTS25mVGdMWWFGKzBJUmk4MlNu\nKzc0bjZDVS9VRXdveEUxZmZLT1lEZ0UKLS0tIDFzQlB1ZGV1SFhYUnFRRjJSTENR\nT0kwajVLWEg2QnFBaFQxVUd0ajJIaGsKIKGWG26vdayVGx1lzGbkp9sfdkLGTaiG\nLzUFijaQaDhPU2fcD1eTqcSRO3YIbOag+9RGAmktOat1HfeKUcDBog==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-07-05T18:57:23Z", - "mac": "ENC[AES256_GCM,data:6HhQJRRpb41XMP9taxWV045lZeNCSpfCadocpERvuMeYvD/zr8khvVUa7qJYwho8JtadnlpXxzgZo0egtLgnTf5DQbJSU4teKGTNEgSYmWTBgF8Xl/rOYPLcfR+XaeKrGd/kD3d9hg2d/r+yq96VuVuBCSWTq54bdMsnqNdbO94=,iv:aCeDCPEyy2zuN4hdA8b/LKv18Awq5WAi0aTOxX6w0Ws=,tag:3Xqw3RMz2d4iJfDgydYwLw==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file diff --git a/home/talos/talosconfig.yaml b/home/talos/talosconfig.yaml new file mode 100644 index 0000000..15c466f --- /dev/null +++ b/home/talos/talosconfig.yaml @@ -0,0 +1,30 @@ +context: ENC[AES256_GCM,data:NZOysQ==,iv:gzOWxJneFlV7GPOLEzGWKh22Y9NVX5O8JnczqBuIDcI=,tag:mz9vPyAM8j6cGg0K3HXYuQ==,type:str] +contexts: + home: + endpoints: + - ENC[AES256_GCM,data:5VEOHOW9Wb5uBw==,iv:QdAOk4iB9cOZ72JsL7AsMuDUjbzYvjt/XGa0Tag8Kzk=,tag:69bVCOngR5apk/0hvKF0Qw==,type:str] + nodes: + - ENC[AES256_GCM,data:+5ou1LjHK8I/rw==,iv:NSmOyUckIxCIlJp0zxwUyenyh1y/eVxjzWSTN29KXgg=,tag:pE+VokF9ILfVS0HRnsZtBw==,type:str] + ca: ENC[AES256_GCM,data:cC3shZmH3HMIoIdXzWGfktJ5oWT6KjW9ddzNko6oBpOTC3RFPxTkAp7YLjocUgSjflPLdXKHroGMLDz9GUsnV9B5VSyGSbz8uaR/cbK82I4S7poiZeiQ+elIPjhg+foAjDDdQm9CcSqW/dyf++OocIK20imSklnUQiZ/MfR0wgrcRSPfEs0DYsrXAhbL9k/wJcxkjoTJBkYuYzIB/vqtNqrb0Mc/RZsG5gWIzmITWdvwDTao/j1uN4t2aA9hcerl7RCRznCQtznm6OEk4UWjo1FDA4J15zMIUZBw0DfY/u1/0xSZUCA20iua83D0gyQ32pBGea/yVbOeEX6LMQGQAFCt0JRXPKzSAqBmSUp+Nzm84fo+odHbbU+fVMME0BqSpkF859c73qXniS/2ACKGDcHn40cPDruz3lzHadmdQFOZV/RtriM78vbnBLwjAAVl3wG7+l0yQzFp+k2vjVnCXnnnlvZyt2l7TkcfctS2nRb1tvEfJl42pZxopTaaAYqJSZto3gMGKwZXklT+VBVaOr0p8EDJYsVdRAWNLOgETGueH4yQJQKj4k4GsyHrokHM6FY6ERuEkFtIDgY+wRZBb+ockgJk9vBL4RAxUYgEOfmZ4aWTY+EuzQ6LUy5zvcH6kazJnKJSXoS1NEHxTrJMlu+NRxPYEkdgIhiqpn+zTzQBrxT4igO5RB3vgwL6j8WDnzKI1eITzzN+Q4SZk7vQqP5QTDnjRZZJJY9oPMi9SSrMmBp5s1noOJLIqAwQLKVa5ZjD4MKGQPPhse/1i+Un6IIVwRuQp3rxfL4mm56PwwiBpMvXPAP+EZtr3fqfOIy1MisirTj41gmQtwc8VoQijre8KAKBq/shTQwWy4axLmKBYKnA,iv:8U5eMYpui9k0xcr4qEH8FOdJnLY5G5iC6nBbTjP71Zo=,tag:LV1W9mO3KV1ZfRvxU6pltw==,type:str] + crt: ENC[AES256_GCM,data:JFwroJueVl9UBzFQwe5C+FD/ww7EryBFi+YEMsgp3OzLE9Ci9B14ja8afL7G1c6mr31ZvHFfs4U1Ij5hh2R4jLGQbVCp/OI/5ZxCjzopypxuP2HeAhUgnIwBaS6pQNpCUGHHScc4JpH2rHLi2gPtwuQ5WXsPwtF0TkwCiw1f0+QcPqqWs99D+jm4hiqJEqVoatx79jHEoqviSoll7K3JS3yfB1hfOq05r57c2lHEEJGFn/3aEE7Z7jgYUs2zDvIacUTZN+VWVbb57f4Zle48+xuxuiezJofFOoHWpj+usdipCoV0bpidutIjH2F9nmTeeCcasHDOqMR5IdPcDFCeY7mkY+2qGS+Y9QHAypRs13wMPcrM8iFuOd6eqyzFhHR0bxSmRnsb68CEAF6Bd8Z4s/Z6taOsa/tOm5ittFQwESin3yvHBN1lA66i+zlW0lxKlpSLM2k//AB9lAUaV7yuxUgx2mHQ6bkXXTEA307Eym0HIEqyDGsZGfBSNMVblfDyd5yeKZAPBKugg5xSlZe89j72LeJbT92qutiIOworWCA0DFERo0gKH+UKFTtt2Jw83rX3HfGSkzMtWxo1D+CLMEweqDfcDBht7nQCU9VCkY2sllGhH791+wRklqlgLFvaH7xTFXGkvR+DD8KJdzRybDSW+H+MvWnodUomo0nhCStFY1Gy+HFwLy5VQUTD+6Lwk1BYz0AS3tMvJii/C67JuOUSvrCkv94JgMepoeg1rXuIKIowEqOhz8+XmO6DnASoTASmBweRutm/h9dovfZUq6dymvXYxYxhOQ67LFUq75MQSBBPOjfve1HmsIGGpCtOt9bxZmWtu9YAxPel,iv:Tuy58blNTMHEnLWkgo0sOMjwl41KABK5nqmLOFO9aAQ=,tag:aM29zOmwmoExKqn+UTvrWQ==,type:str] + key: ENC[AES256_GCM,data:OexgSMZDgpdc6jjx+3R1ddXutztaSX8s8p4lt5ufm0bpYvJRztcBYjAw1tpk9Upp15rXRHaZpKDh3mZwsC6j5737pys56tE5F5aOw2UwlstK15XF6zQetzCfJFGwozEcEeDtSPhaThcnVidYP2GU0GUE3uRZBkeDcpkF2yn1azt2qYUe020miOv8JwV6seGXvTvzNGlTIssoyBuqXPI9jJpsXTaI1GqQYDbdggGNWZ1hBiYu,iv:Pn4vIpmyQGZnkF4aA4IdJ2aIDQDI6W/8FHpduKO0kOU=,tag:oS8jNxbJogQAH/Qj2ghY4g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVDJ2TXJ2ZmxUNFFrZmFq + blRubHo4QThrSzFXalVHck82RzVWVzVjSXlZCldoaGpYYk0rSzlpVmdzMzQ0MXRn + c1dxRi9oaVhXc1B4NXNEK3kyQTBnYUkKLS0tIG1kQk1zTm5Mb013YTc4d2JPc3N0 + K0ZSdkdJVERYNUZLeVV3cHJnT3FzekkK2mXf8DZPNU1wN6h96hewpPwUOrGr4Kv9 + jYnpPIrdy0kyAKKEvWZse7PZfOQbKz2XQLYjWbqQnC9gdtC3hRJwlA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-07-06T17:10:52Z" + mac: ENC[AES256_GCM,data:bIQQ8YhWDJgtabQrAPuatRWKaylky513lfMhJMWxNnTTwsZ9z8JvXxfTYYZWzYxBE2oykVykLm4//VPpAhYoNDy8nksZzmmmUtTGVf3WhE5yY5HzLLP3uRtFo6ZEm6X7dXSY9IyXB7DDRxOxQKnMo1jXq8SPS/rOw/qk6kbjnsE=,iv:2SmCY5xp0BRgo7z03YgJHlUb5T69YelztMf/ghsiifc=,tag:236Vnk8D53O9qb69wail0g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3