Update the readme
This commit is contained in:
parent
d67e1a1dac
commit
7444b3a8c8
1 changed files with 20 additions and 0 deletions
20
README.md
20
README.md
|
|
@ -0,0 +1,20 @@
|
|||
# Proxmox talos with secrets encrypted by sops.
|
||||
|
||||
To start from scratch:
|
||||
|
||||
- create new vm in proxmox from the template (which is simply the image factory with qemu and iscsi extensions, nocloud but whatever, metal would work just as well)
|
||||
- edit in it's IP to the script because I haven't parameterised it yet.
|
||||
- `scripts/talosctl-apply-with-secrets -e <<THE_IP>> -n <<THE_IP>>`
|
||||
- `export TALOSCONFIG=${PWD}/talosconfig`
|
||||
- `talosctl config endpoints <<THE_IP>>`
|
||||
- `talosctl bootstrap -n <<THE_IP>>`
|
||||
- `talosctl kubeconfig -n <<THE_IP>>`
|
||||
|
||||
TODO: parameterise stuff.
|
||||
|
||||
How the secrets stuff works:
|
||||
`sops` uses age to encrypt the **values** in the yaml file, and `sops exec-file secrets.yaml 'some-command {}' decrypts `secrets.yaml` to a temporary file and runs `some-command` with "{}" replaced by the temporary file, then removes it after the process exits.
|
||||
|
||||
Talos basically says "don't store your config, store patches and just regenerate from the secrets", so you use `talosctl gen-config` (that's in the script) with `--with-secrets` and `--config-patch` with a filename to patch into the yaml.
|
||||
|
||||
And that's it. Apply argo manifests, apply the app-of-apps, and everything else should "just flow".
|
||||
Loading…
Add table
Reference in a new issue