Declarative configuration of the Kubernetes cluster that I use to run services on my homelab.
The cluster directory contains Kubernetes manifests. The cluster is kept in
sync with the repository thanks to fluxcd.
The talos directory contains the configurations for the nodes that are part of
the cluster.
Secrets are encrypted using sops, specifically with an age key pair.
The private key should be generated with age-keygen -o .sops.key at the root
of the repo. Then copy the public key and replace the occurrences in
.sops.yaml with the one you just generated.
Examples:
# Encrypt a file
sops -i -e path_to_file
# Decrypt a file
# The variable is only needed outside of the devcontainer or if not using the .sops.key file.
SOPS_AGE_KEY_FILE=/path_to_age_private_key sops -i -d path_to_fileTo decrypt secrets in the cluster, create a Secret that contains the age
private key. The secret has to be generated for each namespace in which a
kustomization that contains secrets is present.
kubectl create secret generic -n your_namespace --from-file identity.agekey=.sops.key infra-kubernetes-age-key