-
Notifications
You must be signed in to change notification settings - Fork 0
Home
doas pacman -S talosctl fluxcd nmap
yay -S kubelogin kubecolorFollow the README of omni/README.md
Download the executable from the Omni dashboard and then move it to /usr/bin:
sudo mv omnictl-linux-amd64 /usr/bin/omnictl
sudo chmod +x /usr/bin/omnictlTo access to your Omni instance using the CLI, download the omniconfig file from the Omni dashboard and place it in ~/.talos/omni/config.
mkdir ~/.talos/omni
mv omniconfig.yaml ~/.talos/omni/configNow test that everything is working by running an omnictl command. You should be redirected to the login page and get the result if everything is working
omnictl audit-logsNote
TODO: Steps to create cluster using omnictl: omnictl cluster template sync -f cluster.yaml --verbose
For automated GitHub Actions pull requests to work, you will need to enable Allow GitHub Actions to create and approve pull requests, for your repository, which can be found at https://github.com/<ORG>/<REPO>/settings/actions.
Generate an access token here with the api permission and paste it in the following secret.
Important
DO NOT ENCODE THE ACCESS TOKEN TO BASE64 (because of stringData)
apiVersion: v1
kind: Secret
metadata:
name: gitlab-secret
labels:
type: gitlab
type: Opaque
stringData:
token: **access token**
kubectl apply -f gitlab.yamlNow edit the cluster-secret-store with the project id that you can find on the 3 dots at the top right of the repo. You can now add all of your secrets at the following url: https://gitlab.com/<username>/<repo>/-/settings/ci_cd#js-cicd-variables-settings
Go to https://github.com/settings/personal-access-tokens and generate a personal access token. The permissions should be the following:
- Administration -> Access: Read-only
- Contents -> Access: Read and write
- Metadata -> Access: Read-only
Now create a secret with your username and password and encode both values in base64. The value of the password should be your newly generated token.
Tip
You can use echo -n "my value to encode" | base64 to convert a text to base64
---
apiVersion: v1
kind: Secret
metadata:
name: flux-system
namespace: flux-system
type: Opaque
data:
username: <BASE64>
password: <BASE64>
You're now ready to deploy the flux controlled cluster. First add the Github token
kubectl apply -f secret.yamlNext add your secrets in the external secret provider of choice (default Gitlab), change the ref in ClusterSecretStore and add all of the needed secrets.
Configure Cilium's ip pool to match your local network in the ippool.yaml file
Edit the external-https-gateway.yaml & internal-https-gateway.yaml files and change the hostname with your own. Also edit the IPs in the annotation so they are in the range of the previously edited IP pool.
Change the ip address with your public ip address
Once everything is ready, simply start Flux's sync
kubectl apply -f clusters/staging/flux-system/gotk-sync.yaml
kubectl get ClusterSecretStores --all-namespaces # Make sure the external secret store is workingRun this command to get the external IP of external-https-gateway:
kubectl get gateway external-https-gatewayNow, go inside your router, open the port 443 and redirect it to this address. If everything is up and running, you should be able to access the services from the internet.
Important
Make sure you forward the IP address of the EXTERNAL gateway and not the internal one.
Edit your local machine's DNS with the IP address of the Pi-hole service to access the internal services