Setup or kairos

apps/apps-namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: apps

apps/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- apps-namespace.yaml
-- whoami

apps/whoami/deployment.yaml

@@ -1,20 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: whoami
-  namespace: apps
-spec:
-  selector:
-    matchLabels:
-      app: whoami
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: whoami
-    spec:
-      containers:
-        - name: whoami
-          image: traefik/whoami
-          ports:
-            - containerPort: 80

apps/whoami/ingress.yaml

@@ -1,17 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: whoami-ingress
-  namespace: apps
-spec:
-  rules:
-  - http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: whoami
-            port:
-              name: web
-              number: 80

apps/whoami/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: apps
-resources:
-- deployment.yaml
-- service.yaml
-- ingress.yaml

apps/whoami/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: whoami
-  namespace: apps
-spec:
-  ports:
-    - name: web
-      port: 80
-      targetPort: web
-  selector:
-    app: whoami

clusters/talos/apps.yaml

@@ -1,14 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: apps
-  namespace: flux-system
-spec:
-  interval: 10m
-  path: ./apps
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  dependsOn:
-    - name: infra

clusters/talos/flux-system/gotk-sync.yaml

@@ -1,27 +0,0 @@
-# This manifest was generated by flux. DO NOT EDIT.
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: flux-system
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  ref:
-    branch: main
-  secretRef:
-    name: flux-system
-  url: ssh://git@gitea.home.joemonk.co.uk:2222/joe/gitops.git
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: flux-system
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  path: ./clusters/talos
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system

clusters/talos/flux-system/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- gotk-components.yaml
-- gotk-sync.yaml

clusters/talos/infra.yaml

@@ -1,12 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: infra
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  path: ./infra
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: flux-system

infra/cilium/announce.yaml

@@ -1,8 +0,0 @@
-apiVersion: cilium.io/v2alpha1
-kind: CiliumL2AnnouncementPolicy
-metadata:
-  name: default-l2-announcement-policy
-  namespace: kube-system
-spec:
-  externalIPs: true
-  loadBalancerIPs: true

infra/cilium/ip-pool.yaml

@@ -1,8 +0,0 @@
-apiVersion: cilium.io/v2alpha1
-kind: CiliumLoadBalancerIPPool
-metadata:
-  name: default-pool
-  namespace: kube-system
-spec:
-  blocks:
-    - cidr: 192.168.16.0/20

infra/cilium/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- ip-pool.yaml
-- announce.yaml

infra/ingress-namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ingress

infra/kustomization.yaml

@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- ingress-namespace.yaml
-- cilium
-- traefik

infra/traefik/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- traefik-repository.yaml
-- traefik-helm-release.yaml

infra/traefik/traefik-helm-release.yaml

@@ -1,28 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
-kind: HelmRelease
-metadata:
-  name: traefik
-  namespace: ingress
-spec:
-  interval: 5m
-  chart:
-    spec:
-      chart: traefik
-      version: '28.1.0'
-      sourceRef:
-        kind: HelmRepository
-        name: traefik
-        namespace: ingress
-      interval: 15m
-      valuesFiles:
-        - values.yaml
-  values:
-    service:
-      annotations:
-        io.cilium/lb-ipam-ips: 192.168.1.102
-    providers:
-      kubernetesIngress:
-        # -- Load Kubernetes Ingress provider
-        enabled: true
-        # -- Allows to reference ExternalName services in Ingress
-        allowExternalNameServices: true

infra/traefik/traefik-repository.yaml

@@ -1,8 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: traefik
-  namespace: ingress
-spec:
-  interval: 15m
-  url: https://traefik.github.io/charts

kairos_config.yaml

@@ -0,0 +1,23 @@
+#cloud-config
+
+users:
+- name: "kairos"
+  passwd: "kairos"
+  groups:
+  - "admin"
+  ssh_authorized_keys:
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjAjv9cWzwoJhTlzdrDw47eIg9t51vMbXbf0he96mRK joemonk@hotmail.co.uk" # VSCode Container
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFOzNQet/Vm/EXU8GR0D4I+QYIPiGL5rCKPgDPhjWKIU joemonk@hotmail.co.uk" # Laptop
+
+# Enable K3s on the node.
+k3s:
+  enabled: true                         # Set to true to enable K3s.
+
+stages:
+  boot:
+  - name: "Setup hostname"
+    hostname: "kairos"
+  - name: "Setup dns"
+    dns:
+      nameservers:
+      - 192.168.1.1

readme.md

@@ -1,4 +1,4 @@
-## Laptop
+# Laptop Flux
 
 `choco install kind`  
 `choco install flux`
@@ -6,3 +6,23 @@
 `kind create cluster`  
 `flux bootstrap git --private-key-file=C:/Users/Joe/.ssh/gitea --url ssh://git@gitea.home.joemonk.co.uk:2222/joe/gitops.git --branch main --path=clusters/kind`
 
+# Kairos
+
+- Grab the latest image from https://github.com/kairos-io/kairos/releases, the image should have the format `kairos-debian-bookworm-standard-amd64-generic-v3.1.1-k3sv1.30.2+k3s1`.
+  The main things we're looking for are the latest debian, standard, amd64, then the versions of kairos (v3.1.1) and k3s (1.30.2).
+- Burn to usb
+- Boot from usb, live install and go to the config webui
+- Add the public keys to the config (from ~/.ssh - `ssh-keygen -t ed25519 -C "joemonk@hotmail.co.uk"`)
+- Put the kairos_config in, check the shutdown button and let it install
+- Remove the usb, ssh in with using the specific private key (i.e. from ~/.ssh - `ssh -i ./kairos kairos@192.168.1.101` or add the following to ~/.ssh/config to just use `ssh 192.168.1.101`)
+
+```
+Host 192.168.1.101
+    HostName 192.168.1.101
+    User kairos
+    IdentityFile ~/.ssh/kairos
+```
+
+## Flux CD
+
+- `flux bootstrap git --private-key-file=/config/.ssh/kairos --url ssh://git@gitea.home.joemonk.co.uk:2222/joe/gitops.git --branch main --path=clusters/kairos`

talos/controlplane.yaml

@@ -1,98 +0,0 @@
-version: v1alpha1
-debug: false
-persist: true
-machine:
-    type: controlplane
-    token: n9y5eq.m7wt7dimgfl8175f
-    ca:
-        crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEFBemlIa1J3cjMrMnAyQWl6K1cxVmhNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5EQXlNVFF4T0RJME1qWmFGdzB6TkRBeU1URXhPREkwTWpaYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBSFBmZmd2ZjZGalpIM0xEbk50aS9HSG9ITmhjMW5Ra0tQb2s1CmFSS1lwZmFqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVQitOZ05BM1FXVTBOREh1VQoxWWE5MmxOMmIrb3dCUVlESzJWd0EwRUFnZ1cva1VvcVJmSUZZRk42MTkxK0NwWk1qWXlNU0RPdE4vdW51ZGpPCmJiSlEvQTRadnVYT2pBR3loMkJmeW5MY3Y3bVFUNzhqZzYzRDY1S3BXcmtPQUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-        key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTXJLYTRtTG1mUTVZeUMxazQ0cGk0MU1sMjN4V2N1NGp5TnRkZkxOdUtwMgotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
-    certSANs: []
-    kubelet:
-        image: ghcr.io/siderolabs/kubelet:v1.29.1
-        defaultRuntimeSeccompProfileEnabled: true
-        disableManifestsDirectory: true
-    network: {}
-    install:
-        disk: /dev/sda
-        extraKernelArgs:
-            - talos.platform=metal
-            - talos.hostname=talos
-        image: ghcr.io/siderolabs/installer:v1.6.4
-        wipe: true
-    features:
-        rbac: true
-        stableHostname: true
-        apidCheckExtKeyUsage: true
-        diskQuotaSupport: true
-        kubePrism:
-            enabled: true
-            port: 7445
-cluster:
-    id: VWpUbi_9bCB87F51ZcpsHZvZxZ-MAF-J5uuq_2Rz_ZM=
-    secret: u1R5pV72bj7kuyTvQ0uFeM81cR3VstKVRMF4VdFeehg=
-    controlPlane:
-        endpoint: https://192.168.1.101:6443
-    clusterName: talos
-    network:
-        cni:
-            name: none
-        dnsDomain: cluster.local
-        podSubnets:
-            - 10.244.0.0/16
-        serviceSubnets:
-            - 10.96.0.0/12
-    token: 2bilql.wggdk4dqypsfozwd
-    secretboxEncryptionSecret: 4tLuleOazv3jiacgmHKPySvi/2M2wbnsCG+Z0uvsq74=
-    ca:
-        crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRTDA3T0lESUVMWWd4NXJwSmM0b0l5akFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTBNREl4TkRFNE1qUXlObG9YRFRNME1ESXhNVEU0TWpReQpObG93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCR0pwVUZiQ21tUEc2eHAwYzhBbk5ubTg4UEhSN2tOd3dmUVlJdmdKOUhQTHhUbm1GN2UyVkdzek40T0YKVnJ2MGM0MXYwTE9TYlZlbDNGQlIrajAwYXoyallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVV2UVQ5aG5MV2NwM2JsdXV4cTVOOTR5Y1RQSFl3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU9EbkhzTzQKVm5oNi9ZNmg3VEQ3ZFI3eG94OHgwR1FSTVoxMlNFUzVHbXM5QWlBKzFiZzNtRHVhRnpsU3llV2o3NHNsZ3E5bwozdXhrc25rcS9ZV3B0c2xqUGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-        key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUhXQUtJQjBIVDE0TERFWmF4L2Noa0RSVFk2LzJrSnFMVEpaeUxOSlloZU1vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWW1sUVZzS2FZOGJyR25SendDYzJlYnp3OGRIdVEzREI5QmdpK0FuMGM4dkZPZVlYdDdaVQphek0zZzRWV3UvUnpqVy9RczVKdFY2WGNVRkg2UFRSclBRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
-    aggregatorCA:
-        crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZVENDQVFhZ0F3SUJBZ0lSQU95TEN4R3ZIRHR1cnZia2JteWR2UzB3Q2dZSUtvWkl6ajBFQXdJd0FEQWUKRncweU5EQXlNVFF4T0RJME1qWmFGdzB6TkRBeU1URXhPREkwTWpaYU1BQXdXVEFUQmdjcWhrak9QUUlCQmdncQpoa2pPUFFNQkJ3TkNBQVE3UzlpZnU4bmRQSmtXa2dBSHpGd0JSajFLSXZtUHdGMU8zUmVEa3liYmlHOXpGZmMzCkRiNFJ0S1JPSmVZMW9yMitZL2lmeXo3b2xidDBkY1o0U0FLWm8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXcKSFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpIUVlEVlIwT0JCWUVGQ01RMXNDSmJGK0w5MGdEVmtUSHBGbDJXNlloTUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDCklRQ1NBajE3YWZieHFxbFVrTVF4cHN5VnpmM0JxaS84aEIra01heWoraGViRFFJaEFLSkprdFlDT2ZTUVkxRGcKRVVjUHVmTVFLbmhZNDJ2VnBSSDZEQ0JNZjhMSwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-        key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUFJY3NHMDZ5MXZyOVJrVFhZaUE4OHV0UC9OdmlXaVp4WUxZbjl1WmdPRmlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFTzB2WW43dkozVHlaRnBJQUI4eGNBVVk5U2lMNWo4QmRUdDBYZzVNbTI0aHZjeFgzTncyKwpFYlNrVGlYbU5hSzl2bVA0bjhzKzZKVzdkSFhHZUVnQ21RPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
-    serviceAccount:
-        key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBsQ25lSlFydFc0bm9hbTJheDhUVHVFRVVBSlhJaXZWUjAvc0ZDRVJEemZvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFcnVCWWxTSi9zYi92VlIxL1FUdWZmU1hFZFMzQ0VOSU5NY3poZHh2eDdoektURVh5WWxuZwoxRGNJTnBPc2taT0E1YTNjUDhhV1JVQ3FKTWlJbzdNN2ZnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
-    apiServer:
-        image: registry.k8s.io/kube-apiserver:v1.29.1
-        certSANs:
-            - 192.168.1.101
-        disablePodSecurityPolicy: true
-        admissionControl:
-            - name: PodSecurity
-              configuration:
-                apiVersion: pod-security.admission.config.k8s.io/v1alpha1
-                defaults:
-                    audit: restricted
-                    audit-version: latest
-                    enforce: baseline
-                    enforce-version: latest
-                    warn: restricted
-                    warn-version: latest
-                exemptions:
-                    namespaces:
-                        - kube-system
-                    runtimeClasses: []
-                    usernames: []
-                kind: PodSecurityConfiguration
-        auditPolicy:
-            apiVersion: audit.k8s.io/v1
-            kind: Policy
-            rules:
-                - level: Metadata
-    controllerManager:
-        image: registry.k8s.io/kube-controller-manager:v1.29.1
-    proxy:
-        disabled: true
-    scheduler:
-        image: registry.k8s.io/kube-scheduler:v1.29.1
-    discovery:
-        enabled: true
-        registries:
-            kubernetes:
-                disabled: true
-            service: {}
-    etcd:
-        ca:
-            crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNPZ0F3SUJBZ0lRS0J1MjNwTi9PUzNDZ0RqNk5WNUw2VEFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEkwTURJeE5ERTRNalF5TmxvWERUTTBNREl4TVRFNE1qUXlObG93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkJjYkg2OWpJVlU4CmE1NWhJY3Bsb3pnc0JkWjBPUGxiSEZEYnV6ay9NYytsSEtNZFhTenhiSVRFTnV4QUxBRGtDRXlQQldQTzlvaDAKcDY2bGt3MnNqZVdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVWnptMmFBVzRqcnhFCk9uQXE1V0FvdlpuYVJwVXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdYZXgxMWpXTnBLK0tZTTB3ZkJWUnQwbU4KOWNtbW1vT0lPRm5MYjVPUER5UUNJUUNQbzZQS3B0dHdueGVXRlNobVA3aEhaR0N1MlFDb2VvWU5ydVRWdUdXUQpBUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-            key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdjU3EvSVhFK0s2bUJVV1cxdXNWcFdPQ3hUYTYrZGFZMlorK3pETk81aHNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFRnhzZnIyTWhWVHhybm1FaHltV2pPQ3dGMW5RNCtWc2NVTnU3T1Q4eHo2VWNveDFkTFBGcwpoTVEyN0VBc0FPUUlUSThGWTg3MmlIU25ycVdURGF5TjVRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
-    allowSchedulingOnControlPlanes: true

talos/readme.md

@@ -1,82 +0,0 @@
-# Set up
-
-## Prerequisites
-
-Boot from talos iso memory stick (dd mode in rufus).
-
-## Talos
-
-- `talosctl -n 192.168.1.101 apply-config -f controlplane.yaml --insecure`
-- `talosctl -n 192.168.1.101 -e 192.168.1.101 --talosconfig=./talosconfig bootstrap`
-- `talosctl -n 192.168.1.101 -e 192.168.1.101 --talosconfig ./talosconfig kubeconfig`
-
-### Resetting
-
-Boot the above memory stick and click reset installation, then carry on as above.
-
-### Upgrading
-
-`talosctl -n 192.168.1.101 -e 192.168.1.101 --talosconfig ./talosconfig upgrade --preserve --image ghcr.io/siderolabs/installer:v1.7.2`
-
-## Patching
-
-First create the patch file
-i.e.
-
-```patch.yaml
-cluster:
-  network:
-    cni:
-      name: none
-  proxy:
-    disabled: true
-```
-
-Then apply the patch to the control plane yaml
-
-`talosctl machineconfig patch controlplane.yaml --patch @patch.yaml -o controlplane.yaml`
-
-And apply that control plane yaml with
-
-`talosctl -n 192.168.1.101 -e 192.168.1.101 --talosconfig ./talosconfig apply-config -f controlplane.yaml`
-
-## Cilium
-
-- `helm repo add cilium https://helm.cilium.io/`
-- `helm repo update`
-
-```sh
-helm install \
-    cilium \
-    cilium/cilium \
-    --version 1.15.1 \
-    --namespace kube-system \
-    --set=ipam.mode=kubernetes \
-    --set=kubeProxyReplacement=true \
-    --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
-    --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=cgroup.autoMount.enabled=false \
-    --set=cgroup.hostRoot=/sys/fs/cgroup \
-    --set=k8sServiceHost=localhost \
-    --set=k8sServicePort=7445 \
-    --set=hubble.relay.enabled=true \
-    --set=hubble.ui.enabled=true \
-    --set=l2announcements.enabled=true \
-    --set=externalIPs.enabled=true \
-    --set operator.replicas=1
-```
-
-You can modify this after install with:
-
-```sh
-helm upgrade cilium cilium/cilium --version 1.15.1 \
-    --namespace kube-system \
-    --reuse-values \
-    --set operator.replicas=1 \
-    --set externalIPs.enabled=true \
-    --set enableCiliumEndpointSlice=true
-```
-
-## Flux
-
-- `flux bootstrap git --private-key-file=/config/.ssh/gitea --url ssh://git@gitea.home.joemonk.co.uk:2222/joe/gitops.git --branch main --path=clusters/talos`

talos/talosconfig

@@ -1,8 +0,0 @@
-context: talos
-contexts:
-    talos:
-        endpoints:
-            - 127.0.0.1
-        ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEFBemlIa1J3cjMrMnAyQWl6K1cxVmhNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5EQXlNVFF4T0RJME1qWmFGdzB6TkRBeU1URXhPREkwTWpaYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBSFBmZmd2ZjZGalpIM0xEbk50aS9HSG9ITmhjMW5Ra0tQb2s1CmFSS1lwZmFqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVQitOZ05BM1FXVTBOREh1VQoxWWE5MmxOMmIrb3dCUVlESzJWd0EwRUFnZ1cva1VvcVJmSUZZRk42MTkxK0NwWk1qWXlNU0RPdE4vdW51ZGpPCmJiSlEvQTRadnVYT2pBR3loMkJmeW5MY3Y3bVFUNzhqZzYzRDY1S3BXcmtPQUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-        crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJLRENCMjZBREFnRUNBaEJwSGtPUld0Q1Z4cHBQdjJpeVJHOWJNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5EQXlNVFF4T0RJME1qWmFGdzB5TlRBeU1UTXhPREkwTWpaYU1CTXhFVEFQQmdOVgpCQW9UQ0c5ek9tRmtiV2x1TUNvd0JRWURLMlZ3QXlFQW5Wd1lhUjkvN2lEZTVoNVFmb1F4U093RHQ2YjVHUXRwCmlBMnRRRStmUHhtalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0QKQWpBZkJnTlZIU01FR0RBV2dCUUg0MkEwRGRCWlRRME1lNVRWaHIzYVUzWnY2akFGQmdNclpYQURRUUNDd1RwcwpFWUVCTElvYmZJSmVGS1U0T0tJZHNYaFVaUU9mSC9ubmUxdy9iNE9DdnV0ZVQvK2VLWVVkdnA5QlVtb0k0Ylc2Cm9FVTF2elR6aUdtT0tYNEIKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
-        key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJQ1ROcTREZFFUcmZxRFk2L0xYSmNnQURZNjcxcU5Rd0JVQjhMKzVYeUtZVAotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K