mbrc

This repository enable easy deployment of Kubernetes clusters on Hetzner Cloud using Talos OS and Terraform. Benefit from scalable, and automated setup, leveraging infrastructure as core principles for efficient management. Simplify Kubernetes deployment and focus on your applications with confidence.

Terminology

Terminology	Meaning
CPN	Control Panel Node
WKN	Worker Kubernetes Node

0. Install tools

brew install age
brew install terraform
curl -sL https://talos.dev/install | sh
brew install kubectl

1. Prepare environments variables

# you need change values before execute command
cat << EOF > terraform/terraform.tfvars
hcloud_token = "YOUR_TOKEN_FROM_HETZNER"
cf_token     = "YOUR_TOKEN_FROM_CLOUDFLARE"
wkn_count    = 0
EOF

2. Create private and public key for SOPS

age-keygen -o age.agekey && 
age_pubkey=$(awk '/^# public key:/{print $NF}' age.agekey) &&
echo "
creation_rules:
  - path_regex: .*.ya?ml
    encrypted_regex: ^(data|stringData)$
    age: $age_pubkey" > .sops.yaml

Next, you'll need to include .sops.yaml in your repository. This step is crucial to allow other project contributors to encrypt their secrets using the public key. Remember, keep the age.agekey private key secure.

3. Create k8s cluster

Before enter command bellow you need prepare Talos snapshot in Hetzner Cloud. For this, you can use official instruction. You have to give the name of the snapshot talos-1.15

terraform init
terraform apply

4. Save kubeconfig & talosconfig to local machine

# Warning! This command remove yours old configurations (if their exists)

terraform output -raw talosconfig > ~/.talos/config
terraform output -raw kubeconfig > ~/.kube/config

5. Done 🎉

# you can check cluster status via `kubectl get nodes`.
# Output will be something like this:

(base) user@host terraform % kubectl get nodes
NAME     STATUS   ROLES           AGE   VERSION
cpn-00   Ready    control-plane   25m   v1.28.1
cpn-01   Ready    control-plane   25m   v1.28.1
cpn-02   Ready    control-plane   25m   v1.28.1

SOPS Example

# db-auth.yaml
apiVersion: v1
kind: Secret
metadata:
  name: db-auth
  namespace: default
type: Opaque
data:
  DB_NAME: cG9zdGdyZXM=
  DB_HOST: MTI3LjAuMC4x
  DB_PORT: NTQzMg==
  DB_USERNAME: cG9zdGdyZXM=
  DB_PASSWORD: c3VwZXJTZWNyZXRQYXNzb3dyZA==

# You can encrypt any files by using the .sops.yaml file.
sops -e -i db-auth.yaml

# You can decrypt it only if you have the age.agekey file.
export SOPS_AGE_KEY_FILE=age.agekey
sops -i -d db-auth.yaml.yaml

masterbpro / mbrc Goto Github PK

mbrc's Introduction

mbrc

Terminology

0. Install tools

1. Prepare environments variables

2. Create private and public key for SOPS

3. Create k8s cluster

4. Save kubeconfig & talosconfig to local machine

5. Done 🎉

mbrc's People

Contributors

Stargazers

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent