k3s-configs/README.md

90 lines
1.9 KiB
Markdown
Raw Permalink Normal View History

2023-11-29 20:13:39 +00:00
# K3s Configs
2023-12-01 22:57:14 +00:00
Helm configs and Kubernetes manifests for my dev cluster managed by Kustomize.
2023-12-02 12:22:37 +00:00
## Structure
- infra
- [storage](https://github.com/rancher/local-path-provisioner): Local path provisioner configuration
- [traefik](https://doc.traefik.io/traefik/): Reverse proxy with wildcart SSL certificates
- [authelia](https://www.authelia.com/): SSO and basic auth provider
2023-12-20 22:22:08 +00:00
- apps
2023-12-02 12:22:37 +00:00
- [gitea](https://docs.gitea.com/): Git server with [Actions](https://docs.gitea.com/usage/actions/overview) and [renovate-bot](https://docs.renovatebot.com/)
2023-12-20 22:22:24 +00:00
- [mlflow](https://mlflow.org/): Machine learning model tracking and store
2023-12-02 12:22:37 +00:00
- [namesny-com](https://namesny.com/): Personal website and blog
2023-12-01 22:57:14 +00:00
## Requirements
2023-12-02 12:22:37 +00:00
- [age](https://github.com/FiloSottile/age)
2023-12-01 22:57:14 +00:00
- [helm](https://helm.sh/)
- [kustomize](https://kustomize.io/)
- [sops](https://github.com/getsops/sops)
- [ksops](https://github.com/viaduct-ai/kustomize-sops)
2023-12-02 12:22:37 +00:00
## Usage
Generate age key
```bash
mkdir -p $HOME/.config/sops/age
age-keygen -o $HOME/.config/sops/age/keys.txt
```
Create `.sops.yaml` file in the repo root and copy the age public key
`.sops.yaml`
```yaml
creation_rules:
- unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
age: "<age public key>"
```
Create `secret.yaml`
```yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
```
Encrypt the secret using sops
```bash
sops -e secret.yaml > secret.enc.yaml
```
Create `secret-generator.yaml`
```yaml
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: gitea-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./secret.enc.yaml
```
Use secret generator in `kustomization.yaml`
```yaml
generators:
- ./secret-generator.yaml
```
Deploy application
```sh
kustomize build --enable-helm --enable-alpha-plugins --enable-exec . | k apply -f -
```