pre-commit install --install-hooks
pre-commit run --all-filesIf generating a new keypair, all *.sops.* files will need to be re-created.
# Create age key pair
age-keygen -o age.agekey# Move generated key
mkdir -p ~/.config/sops/age
mv age.agekey ~/.config/sops/age/home-ops.txt# allow .envrc to be loaded by direnv
direnv allow .# generate talos config
ansible-playbook ./playbooks/kube.yaml# apply config to the control plane
# --insecure required only for the initial config apply
talosctl apply-config -e k8s-server-1.lan -n k8s-server-1.lan --file=./talos/k8s-server-1.yaml --insecure# bootstrap etcd (only needed to run on one node)
talosctl bootstrap -e k8s-server-1.lan -n k8s-server-1.lan# repeat applying config to reset of the nodes
# --insecure required only for the initial config apply
talosctl apply-config -n k8s-worker-1.lan --file=./talos/k8s-worker-1.yaml --insecure
talosctl apply-config -n k8s-worker-2.lan --file=./talos/k8s-worker-2.yaml --insecure# get kubeconfig
talosctl -n k8s-server-1.lan kubeconfig# Run pre-installation checks
flux check --prekubectl apply --server-side --kustomize ./cluster/bootstrapsops --decrypt ./cluster/bootstrap/age-key.sops.yaml | kubectl apply -f -
sops --decrypt ./cluster/bootstrap/github-deploy-key.sops.yaml | kubectl apply -f -
sops --decrypt ./cluster/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f -kubectl apply --server-side --kustomize ./cluster/flux/config# Run post-installation checks
flux checkSystem extensions can only be installed on install or upgrade. To install extensions on an existing node:
talosctl -e <endpoint ip/hostname> -n <node ip/hostname> upgrade --image=ghcr.io/siderolabs/installer:<talos version>
# Check status
talosctl -e <endpoint ip/hostname> -n <node ip/hostname> get extensionsA lot of the setup here was inspired by folks who share their home Kubernetes setup.