joe/gitops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1121c5b0c7ca1f13efc1f5ee7d71aa889ee8a0e1
gitops/readme.md
Joe Monk 3d58b53ffd Updated readme and config
2025-01-24 19:03:45 +00:00

94 lines
3.6 KiB
Markdown
Raw Blame History

# Laptop Flux
`choco install kind`
`choco install flux`
`kind create cluster`
`flux bootstrap git --private-key-file=C:/Users/Joe/.ssh/gitea --url ssh://git@gitea.home.joemonk.co.uk:2222/joe/gitops.git --branch main --path=clusters/kind`
# Kairos
- Grab the latest image from https://github.com/kairos-io/kairos/releases, the image should have the format `kairos-debian-bookworm-standard-amd64-generic-v3.1.1-k3sv1.30.2+k3s1`.
The main things we're looking for are the latest debian, standard, amd64, then the versions of kairos (v3.1.1) and k3s (1.30.2).
- Burn to usb
- Boot from usb, live install and go to the config webui
- Add the public keys to the config (from ~/.ssh - `ssh-keygen -t ed25519 -C "joemonk@hotmail.co.uk"`)
- Update the image at https://gitea.home.joemonk.co.uk/joe/kairos-custom to the latest kairos image and build it
- Update the image in the kairos-config to reflect that build
- Put the kairos-config in, check the shutdown button and let it install
- Remove the usb, ssh in with using the specific private key (i.e. from ~/.ssh - `ssh -i ./kairos kairos@192.168.1.101` or add the following to ~/.ssh/config to just use `ssh 192.168.1.101`)
```
Host 192.168.1.101
HostName 192.168.1.101
User kairos
IdentityFile ~/.ssh/kairos
```
## Adding additional packages
Go to https://gitea.home.joemonk.co.uk/joe/kairos-custom and add the new packages to the dockerfile
This image will be built when pushed
Follow the steps to upgrade/reinstall with the new image in the config - or just upgrade the image as per the docs (not tested yet)
## Upgrading/reinstalling
- Update the `kairos-config.yaml` to update the image or other settings
- SSH into the server (`ssh 192.168.1.101`)
- Run `kairos-agent webui` to start the web ui
- Go to http://192.168.1.101:8080 and drop in the new config
## Kubectl
SSH into the server, and grab the kubeconfig with `sudo cat /etc/rancher/k3s/k3s.yaml`.
Drop the user and cluster into your config and create a context to have that user and cluster
## age & sops
I use sops with age to encrypt keys etc in git.
Before pushing encrypted keys up, we'll need to re-encrypt them with a new key.
From a shell with sops and age installed, and an already known key under `$HOME/.config/sops/age/keys.txt` (or `%AppData%\sops\age\keys.txt`), create a new key in this repo `age-keygen -o age.agekey`.
Add that new public key to the `.sops.yaml`, and push the secret key to the cluster with:
```sh
cat age.agekey |
kubectl create secret generic sops-age \
--namespace=apps \
--from-file=age.agekey=/dev/stdin
```
Update the encryption with `sops updatekeys`, then delete age.agekey.
### Using sops
#### Encrypting
After creating a new secret, run `sops encrypt --in-place ./path/to/secret.yaml`.
#### Editing
You can install the `@signageos/vscode-sops` extension in vscode to automatically decrypt, edit and re-encrypt a secret.
Or use `sops edit file.yaml`
## Flux CD
Install flux and everything in this repo with the following:
- `flux bootstrap git --private-key-file=/config/.ssh/gitea --url ssh://git@gitea.home.joemonk.co.uk:2222/joe/gitops.git --branch main --path=clusters/kairos`
## DNS
We need to point a dns server to the server so we can access things via hostname rather than needing complex routing.
### In OPNSense
- Make sure Services > UnboundDNS is active and working
- In overrides, add the host as `*`, domain as `k3s` and value as the ip address of the server
You should be able to access `http://traefik.k3s:9000/dashboard#/` (at the time of writing, looking to route this properly)
## Grafana
Grab the admin user password from the `monitoring-grafana` secret
Reference in New Issue View Git Blame Copy Permalink