CLUSTER
This commit is contained in:
parent
55b050588e
commit
aa268d68e1
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
namespace: argocd
|
||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
||||||
|
|
|
@ -45,7 +45,8 @@ set AGE_KEY (pass age-key | rg '# public key: ' | awk '{printf $4}')
|
||||||
- You will need to wait a bit for the configuration to be applied, Talos to
|
- You will need to wait a bit for the configuration to be applied, Talos to
|
||||||
install itself, for the node to reboot, and for post-boot initialization
|
install itself, for the node to reboot, and for post-boot initialization
|
||||||
- Setup the client to communicate with the newly-configured node
|
- Setup the client to communicate with the newly-configured node
|
||||||
- `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["endpoints"] ["'"$NODE_ADDR"'"]' talosconfig.yaml`
|
- `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["endpoints"][0] "'"$NODE_ADDR"'"' talosconfig.yaml`
|
||||||
|
- `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["nodes"][0] "'"$NODE_ADDR"'"' talosconfig.yaml`
|
||||||
- Optionally also make this the default in `~/.talos/config` with `sops exec-file talosconfig.yaml 'talosctl config merge {}'`
|
- Optionally also make this the default in `~/.talos/config` with `sops exec-file talosconfig.yaml 'talosctl config merge {}'`
|
||||||
- Bootstrap the cluster
|
- Bootstrap the cluster
|
||||||
- `talosctl bootstrap --nodes "$NODE_ADDR"`
|
- `talosctl bootstrap --nodes "$NODE_ADDR"`
|
||||||
|
@ -61,11 +62,16 @@ able to `kubectl get nodes`.
|
||||||
> **NOTE**: UNTESTED
|
> **NOTE**: UNTESTED
|
||||||
|
|
||||||
- Boot the Talos image on the target node
|
- Boot the Talos image on the target node
|
||||||
|
- Add the node to `talosconfig.yaml`
|
||||||
- Apply the appropriate configuration to the target node
|
- Apply the appropriate configuration to the target node
|
||||||
- `sops exec-file "$CONFIG_FILE" 'talosctl apply-config --insecure --nodes "$NODE_ADDR" --file {}'`
|
- `sops exec-file "$CONFIG_FILE" 'talosctl apply-config --insecure --nodes "$NODE_ADDR" --file {}'`
|
||||||
- You will need to wait a bit for Kubernetes to initialize, start up, and
|
- You will need to wait a bit for Kubernetes to initialize, start up, and
|
||||||
then join the cluster
|
then join the cluster
|
||||||
|
|
||||||
|
#### Removing Nodes
|
||||||
|
|
||||||
|
- **TODO**
|
||||||
|
|
||||||
#### Untaint Masters
|
#### Untaint Masters
|
||||||
|
|
||||||
Since we're "frugal" (cheap) and we want to use all the hardware for all the
|
Since we're "frugal" (cheap) and we want to use all the hardware for all the
|
||||||
|
@ -75,10 +81,10 @@ things:
|
||||||
kubectl taint nodes --all node-role.kubernetes.io/master-
|
kubectl taint nodes --all node-role.kubernetes.io/master-
|
||||||
```
|
```
|
||||||
|
|
||||||
### Apply Initialization Manifests
|
### Apply Manifests
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
kubectl apply -k manifests/initialization
|
kubectl apply -k manifests
|
||||||
```
|
```
|
||||||
|
|
||||||
### Setting up GitOps
|
### Setting up GitOps
|
||||||
|
|
|
@ -2,9 +2,11 @@ context: ENC[AES256_GCM,data:NZOysQ==,iv:gzOWxJneFlV7GPOLEzGWKh22Y9NVX5O8JnczqBu
|
||||||
contexts:
|
contexts:
|
||||||
home:
|
home:
|
||||||
endpoints:
|
endpoints:
|
||||||
- ENC[AES256_GCM,data:5VEOHOW9Wb5uBw==,iv:QdAOk4iB9cOZ72JsL7AsMuDUjbzYvjt/XGa0Tag8Kzk=,tag:69bVCOngR5apk/0hvKF0Qw==,type:str]
|
- ENC[AES256_GCM,data:om2r6VID3T5zKA==,iv:SheHwLA9l+40WJ50fdjjvOdc1WolemDlqwkrW3cd/bk=,tag:ST2CfIlAxEB7ureLSQKyKA==,type:str]
|
||||||
nodes:
|
nodes:
|
||||||
- ENC[AES256_GCM,data:+5ou1LjHK8I/rw==,iv:NSmOyUckIxCIlJp0zxwUyenyh1y/eVxjzWSTN29KXgg=,tag:pE+VokF9ILfVS0HRnsZtBw==,type:str]
|
- ENC[AES256_GCM,data:KU8HJ8/OxtJlfQ==,iv:riiqdyGe9uwllqJyDH/r35ETRr+cFOze/WmY8A2iRd4=,tag:4C93NVDci811np+WPNBoJg==,type:str]
|
||||||
|
- ENC[AES256_GCM,data:7sk2YeWV3PXq,iv:+V/1HARCqpwlgYguXXD3WbYObyCRMn+M9H6daDO2cpU=,tag:wblsXjYcAE6riDxi89xPiQ==,type:str]
|
||||||
|
- ENC[AES256_GCM,data:0Gkas5pX8ccL6g==,iv:HUqoYPRHVAS/wpsXIQZOd0AiqoK85B+O8wB5uRk1qJI=,tag:VDrDZxCpMKjO0f8GabfxWg==,type:str]
|
||||||
ca: ENC[AES256_GCM,data:cC3shZmH3HMIoIdXzWGfktJ5oWT6KjW9ddzNko6oBpOTC3RFPxTkAp7YLjocUgSjflPLdXKHroGMLDz9GUsnV9B5VSyGSbz8uaR/cbK82I4S7poiZeiQ+elIPjhg+foAjDDdQm9CcSqW/dyf++OocIK20imSklnUQiZ/MfR0wgrcRSPfEs0DYsrXAhbL9k/wJcxkjoTJBkYuYzIB/vqtNqrb0Mc/RZsG5gWIzmITWdvwDTao/j1uN4t2aA9hcerl7RCRznCQtznm6OEk4UWjo1FDA4J15zMIUZBw0DfY/u1/0xSZUCA20iua83D0gyQ32pBGea/yVbOeEX6LMQGQAFCt0JRXPKzSAqBmSUp+Nzm84fo+odHbbU+fVMME0BqSpkF859c73qXniS/2ACKGDcHn40cPDruz3lzHadmdQFOZV/RtriM78vbnBLwjAAVl3wG7+l0yQzFp+k2vjVnCXnnnlvZyt2l7TkcfctS2nRb1tvEfJl42pZxopTaaAYqJSZto3gMGKwZXklT+VBVaOr0p8EDJYsVdRAWNLOgETGueH4yQJQKj4k4GsyHrokHM6FY6ERuEkFtIDgY+wRZBb+ockgJk9vBL4RAxUYgEOfmZ4aWTY+EuzQ6LUy5zvcH6kazJnKJSXoS1NEHxTrJMlu+NRxPYEkdgIhiqpn+zTzQBrxT4igO5RB3vgwL6j8WDnzKI1eITzzN+Q4SZk7vQqP5QTDnjRZZJJY9oPMi9SSrMmBp5s1noOJLIqAwQLKVa5ZjD4MKGQPPhse/1i+Un6IIVwRuQp3rxfL4mm56PwwiBpMvXPAP+EZtr3fqfOIy1MisirTj41gmQtwc8VoQijre8KAKBq/shTQwWy4axLmKBYKnA,iv:8U5eMYpui9k0xcr4qEH8FOdJnLY5G5iC6nBbTjP71Zo=,tag:LV1W9mO3KV1ZfRvxU6pltw==,type:str]
|
ca: ENC[AES256_GCM,data:cC3shZmH3HMIoIdXzWGfktJ5oWT6KjW9ddzNko6oBpOTC3RFPxTkAp7YLjocUgSjflPLdXKHroGMLDz9GUsnV9B5VSyGSbz8uaR/cbK82I4S7poiZeiQ+elIPjhg+foAjDDdQm9CcSqW/dyf++OocIK20imSklnUQiZ/MfR0wgrcRSPfEs0DYsrXAhbL9k/wJcxkjoTJBkYuYzIB/vqtNqrb0Mc/RZsG5gWIzmITWdvwDTao/j1uN4t2aA9hcerl7RCRznCQtznm6OEk4UWjo1FDA4J15zMIUZBw0DfY/u1/0xSZUCA20iua83D0gyQ32pBGea/yVbOeEX6LMQGQAFCt0JRXPKzSAqBmSUp+Nzm84fo+odHbbU+fVMME0BqSpkF859c73qXniS/2ACKGDcHn40cPDruz3lzHadmdQFOZV/RtriM78vbnBLwjAAVl3wG7+l0yQzFp+k2vjVnCXnnnlvZyt2l7TkcfctS2nRb1tvEfJl42pZxopTaaAYqJSZto3gMGKwZXklT+VBVaOr0p8EDJYsVdRAWNLOgETGueH4yQJQKj4k4GsyHrokHM6FY6ERuEkFtIDgY+wRZBb+ockgJk9vBL4RAxUYgEOfmZ4aWTY+EuzQ6LUy5zvcH6kazJnKJSXoS1NEHxTrJMlu+NRxPYEkdgIhiqpn+zTzQBrxT4igO5RB3vgwL6j8WDnzKI1eITzzN+Q4SZk7vQqP5QTDnjRZZJJY9oPMi9SSrMmBp5s1noOJLIqAwQLKVa5ZjD4MKGQPPhse/1i+Un6IIVwRuQp3rxfL4mm56PwwiBpMvXPAP+EZtr3fqfOIy1MisirTj41gmQtwc8VoQijre8KAKBq/shTQwWy4axLmKBYKnA,iv:8U5eMYpui9k0xcr4qEH8FOdJnLY5G5iC6nBbTjP71Zo=,tag:LV1W9mO3KV1ZfRvxU6pltw==,type:str]
|
||||||
crt: ENC[AES256_GCM,data:JFwroJueVl9UBzFQwe5C+FD/ww7EryBFi+YEMsgp3OzLE9Ci9B14ja8afL7G1c6mr31ZvHFfs4U1Ij5hh2R4jLGQbVCp/OI/5ZxCjzopypxuP2HeAhUgnIwBaS6pQNpCUGHHScc4JpH2rHLi2gPtwuQ5WXsPwtF0TkwCiw1f0+QcPqqWs99D+jm4hiqJEqVoatx79jHEoqviSoll7K3JS3yfB1hfOq05r57c2lHEEJGFn/3aEE7Z7jgYUs2zDvIacUTZN+VWVbb57f4Zle48+xuxuiezJofFOoHWpj+usdipCoV0bpidutIjH2F9nmTeeCcasHDOqMR5IdPcDFCeY7mkY+2qGS+Y9QHAypRs13wMPcrM8iFuOd6eqyzFhHR0bxSmRnsb68CEAF6Bd8Z4s/Z6taOsa/tOm5ittFQwESin3yvHBN1lA66i+zlW0lxKlpSLM2k//AB9lAUaV7yuxUgx2mHQ6bkXXTEA307Eym0HIEqyDGsZGfBSNMVblfDyd5yeKZAPBKugg5xSlZe89j72LeJbT92qutiIOworWCA0DFERo0gKH+UKFTtt2Jw83rX3HfGSkzMtWxo1D+CLMEweqDfcDBht7nQCU9VCkY2sllGhH791+wRklqlgLFvaH7xTFXGkvR+DD8KJdzRybDSW+H+MvWnodUomo0nhCStFY1Gy+HFwLy5VQUTD+6Lwk1BYz0AS3tMvJii/C67JuOUSvrCkv94JgMepoeg1rXuIKIowEqOhz8+XmO6DnASoTASmBweRutm/h9dovfZUq6dymvXYxYxhOQ67LFUq75MQSBBPOjfve1HmsIGGpCtOt9bxZmWtu9YAxPel,iv:Tuy58blNTMHEnLWkgo0sOMjwl41KABK5nqmLOFO9aAQ=,tag:aM29zOmwmoExKqn+UTvrWQ==,type:str]
|
crt: ENC[AES256_GCM,data:JFwroJueVl9UBzFQwe5C+FD/ww7EryBFi+YEMsgp3OzLE9Ci9B14ja8afL7G1c6mr31ZvHFfs4U1Ij5hh2R4jLGQbVCp/OI/5ZxCjzopypxuP2HeAhUgnIwBaS6pQNpCUGHHScc4JpH2rHLi2gPtwuQ5WXsPwtF0TkwCiw1f0+QcPqqWs99D+jm4hiqJEqVoatx79jHEoqviSoll7K3JS3yfB1hfOq05r57c2lHEEJGFn/3aEE7Z7jgYUs2zDvIacUTZN+VWVbb57f4Zle48+xuxuiezJofFOoHWpj+usdipCoV0bpidutIjH2F9nmTeeCcasHDOqMR5IdPcDFCeY7mkY+2qGS+Y9QHAypRs13wMPcrM8iFuOd6eqyzFhHR0bxSmRnsb68CEAF6Bd8Z4s/Z6taOsa/tOm5ittFQwESin3yvHBN1lA66i+zlW0lxKlpSLM2k//AB9lAUaV7yuxUgx2mHQ6bkXXTEA307Eym0HIEqyDGsZGfBSNMVblfDyd5yeKZAPBKugg5xSlZe89j72LeJbT92qutiIOworWCA0DFERo0gKH+UKFTtt2Jw83rX3HfGSkzMtWxo1D+CLMEweqDfcDBht7nQCU9VCkY2sllGhH791+wRklqlgLFvaH7xTFXGkvR+DD8KJdzRybDSW+H+MvWnodUomo0nhCStFY1Gy+HFwLy5VQUTD+6Lwk1BYz0AS3tMvJii/C67JuOUSvrCkv94JgMepoeg1rXuIKIowEqOhz8+XmO6DnASoTASmBweRutm/h9dovfZUq6dymvXYxYxhOQ67LFUq75MQSBBPOjfve1HmsIGGpCtOt9bxZmWtu9YAxPel,iv:Tuy58blNTMHEnLWkgo0sOMjwl41KABK5nqmLOFO9aAQ=,tag:aM29zOmwmoExKqn+UTvrWQ==,type:str]
|
||||||
key: ENC[AES256_GCM,data:OexgSMZDgpdc6jjx+3R1ddXutztaSX8s8p4lt5ufm0bpYvJRztcBYjAw1tpk9Upp15rXRHaZpKDh3mZwsC6j5737pys56tE5F5aOw2UwlstK15XF6zQetzCfJFGwozEcEeDtSPhaThcnVidYP2GU0GUE3uRZBkeDcpkF2yn1azt2qYUe020miOv8JwV6seGXvTvzNGlTIssoyBuqXPI9jJpsXTaI1GqQYDbdggGNWZ1hBiYu,iv:Pn4vIpmyQGZnkF4aA4IdJ2aIDQDI6W/8FHpduKO0kOU=,tag:oS8jNxbJogQAH/Qj2ghY4g==,type:str]
|
key: ENC[AES256_GCM,data:OexgSMZDgpdc6jjx+3R1ddXutztaSX8s8p4lt5ufm0bpYvJRztcBYjAw1tpk9Upp15rXRHaZpKDh3mZwsC6j5737pys56tE5F5aOw2UwlstK15XF6zQetzCfJFGwozEcEeDtSPhaThcnVidYP2GU0GUE3uRZBkeDcpkF2yn1azt2qYUe020miOv8JwV6seGXvTvzNGlTIssoyBuqXPI9jJpsXTaI1GqQYDbdggGNWZ1hBiYu,iv:Pn4vIpmyQGZnkF4aA4IdJ2aIDQDI6W/8FHpduKO0kOU=,tag:oS8jNxbJogQAH/Qj2ghY4g==,type:str]
|
||||||
|
@ -23,8 +25,8 @@ sops:
|
||||||
K0ZSdkdJVERYNUZLeVV3cHJnT3FzekkK2mXf8DZPNU1wN6h96hewpPwUOrGr4Kv9
|
K0ZSdkdJVERYNUZLeVV3cHJnT3FzekkK2mXf8DZPNU1wN6h96hewpPwUOrGr4Kv9
|
||||||
jYnpPIrdy0kyAKKEvWZse7PZfOQbKz2XQLYjWbqQnC9gdtC3hRJwlA==
|
jYnpPIrdy0kyAKKEvWZse7PZfOQbKz2XQLYjWbqQnC9gdtC3hRJwlA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-07-06T17:10:52Z"
|
lastmodified: "2022-07-07T00:46:18Z"
|
||||||
mac: ENC[AES256_GCM,data:bIQQ8YhWDJgtabQrAPuatRWKaylky513lfMhJMWxNnTTwsZ9z8JvXxfTYYZWzYxBE2oykVykLm4//VPpAhYoNDy8nksZzmmmUtTGVf3WhE5yY5HzLLP3uRtFo6ZEm6X7dXSY9IyXB7DDRxOxQKnMo1jXq8SPS/rOw/qk6kbjnsE=,iv:2SmCY5xp0BRgo7z03YgJHlUb5T69YelztMf/ghsiifc=,tag:236Vnk8D53O9qb69wail0g==,type:str]
|
mac: ENC[AES256_GCM,data:HUyeJbB4Mnhd2B1qdd1zsj70sx19D9nsl6kIr27I/IyX52DISGUn8Fvi1YS/z8uzxcyKnfu+KY7hdmDTPkm8UJZyuE+ES5O3coLyAdWODlwRQ5nBYYslXVd+DghrIj7sK03QYmkIF7Qm3rjp6Z6bfN/jteKYXsEnHxGFB+A9u68=,iv:qhVmx2BUFMHnuJZYhoZJtsKkJDbEAq5E/rNKD2od6is=,tag:SmQWcczltEF28H7TzfTqRQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
Loading…
Reference in a new issue