# Install dependencies
## Install go-task on your own (https://taskfile.dev/installation/)
## Install all the other dependencies (reference just the install taskfile so VARS don't need the dependencies)
task --taskfile .taskfiles/install.yml all
# Set up age/sops
task sops:init
## Replace the public key in .sops.yaml
# Friends don't let friends commit secrets
task pre-commit:init
# Configure your cluster
task talos:generate-secrets
## Edit ./talos/talconfig.yaml
task talos:generate-configs
# Boot nodes to talos
# Apply configuration to each node
task talos:apply-config -- <node>
# ONLY ONCE! Bootstrap a single node
talos -n $(task talos:get-a-node) bootstrap
# Add age secret to the cluster
# Configure flux base repo
# Install flux
- authentik - IDp + SSO
- cert-manager - SSL certificates - with Cloudflare DNS challenge
- flux - GitOps tool for deploying manifests from the
cluster
directory - kasten k10 - backup implementation
- kyverno - policy engine
- reloader - restart pods when Kubernetes
configmap
orsecret
changes - traefik - ingress controller
- rook - operator for ceph
The Git repository contains the following directories under cluster
and are ordered below by how Flux will apply them.
- base directory is the entrypoint to Flux
- crds directory contains custom resource definitions (CRDs) that need to exist globally in your cluster before anything else exists
- core directory (depends on crds) are important infrastructure applications (grouped by namespace) that should never be pruned by Flux
- apps directory (depends on core) is where your common applications (grouped by namespace) could be placed, Flux will prune resources here if they are not tracked by Git anymore
Node | Role | Specs |
---|---|---|
control-01 | Control Plane, Storage | HP EliteDesk 800 G6 MFF Intel 10700t 32G |
control-02 | Control Plane, Storage | HP EliteDesk 800 G6 MFF Intel 10700t 32G |
control-03 | Control Plane | Lenovo m70q Tiny Intel 10700t 32G |
worker-01 | Worker, Storage | Dell 7090 mini Intel 10700 32G |