Update sops and config
This commit is contained in:
12
readme.md
12
readme.md
@@ -12,6 +12,8 @@
|
||||
The main things we're looking for are the latest debian, standard, amd64, then the versions of kairos (v3.1.1) and k3s (1.30.2).
|
||||
- Burn to usb
|
||||
- Boot from usb, live install and go to the config webui
|
||||
- If doing the firebat and it doesn't boot into bios or the drive, in grub press `c` then type `fwsetup` to reboot into bios
|
||||
- Rufus struggles with the image, Ventoy worked perfectly using the live image launch
|
||||
- Add the public keys to the config (from ~/.ssh - `ssh-keygen -t ed25519 -C "joemonk@hotmail.co.uk"`)
|
||||
- Update the image at https://gitea.home.joemonk.co.uk/joe/kairos-custom to the latest kairos image and build it
|
||||
- Update the image in the kairos-config to reflect that build
|
||||
@@ -59,13 +61,11 @@ kubectl create secret generic sops-age \
|
||||
--from-file=age.agekey=/dev/stdin
|
||||
```
|
||||
|
||||
Update the encryption with `sops updatekeys`, then delete age.agekey.
|
||||
Delete age.agekey after sending it to the cluster.
|
||||
Then update the encryption with `sops updatekeys -y apps/gluetun/secret.yaml`.
|
||||
|
||||
TODO - This doesn't appear to work as expected, need to do:
|
||||
- `sops updatekeys -y apps/gluetun/secret.yaml`
|
||||
|
||||
This should work but is untested (in fish)
|
||||
`for file in $(grep -lr "sops:"); sops updatekeys -y $file; end`
|
||||
In fish you can updatekeys in every secret
|
||||
`for file in $(grep --include="*.yaml" -lr "sops:"); sops updatekeys -y $file; end`
|
||||
|
||||
### Using sops
|
||||
|
||||
|
||||
Reference in New Issue
Block a user