martyn/wbc-dev-cluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Scripts for setting up a new cluster from nothing

Browse source
This commit is contained in:
Martyn Ranyard 2026-05-02 17:10:11 +02:00
parent 7444b3a8c8
commit cf50cc24b1
5 changed files with 62 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,3 +1,5 @@
controlplane.yaml
worker.yaml
talosconfig
kubeconfig
*.age-key

17
scripts/apply_master_node_insecure Executable file
View file

@ -0,0 +1,17 @@
#!/bin/bash
MACHINE_IP=$1
export SOPS_AGE_KEY_FILE=wbc-dev-cluster-base.age-key
if expr "${MACHINE_IP}" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; then
sops exec-file secrets.yaml 'talosctl gen config --with-secrets {} wbc-dev-cluster https://'${MACHINE_IP}':6443 --config-patch @patches/controlplane/controlplane.yaml --output-types controlplane,talosconfig'
shift
talosctl apply -f controlplane.yaml -n ${MACHINE_IP} -e ${MACHINE_IP} --insecure
until talosctl -e ${MACHINE_IP} -n ${MACHINE_IP} --talosconfig talosconfig bootstrap; do echo "sleeping for reboot"; sleep 5 done
until talosctl -e ${MACHINE_IP} -n ${MACHINE_IP} --talosconfig talosconfig health; do echo "sleeping for post-apply"; sleep 5 done
talosctl -e ${MACHINE_IP} -n ${MACHINE_IP} --talosconfig talosconfig kubeconfig --merge=false --force-context-name=wbc-dev kubeconfig
rm talosconfig controlplane.yaml
echo "Cluster created - files in current directory outputted:"
echo " - kubeconfig - config file for kubectl to access the cluster."
else
echo pass machine ip as first arg.
fi

20
scripts/create-secrets Executable file
View file

@ -0,0 +1,20 @@
#!/bin/bash
export SOPS_AGE_KEY_FILE=wbc-dev-cluster-base.age-key
echo "WARNING: THIS SHOULD ONLY BE DONE ONCE!!!"
echo "This script creates the secrets, encrypts them using sops with a new age key which should be then stored in vaultwarden."
echo "You almost certainly don't want to do this, and instead want to download the age key from vaultwarden."
age-keygen -o ${SOPS_AGE_KEY_FILE}
export SOPS_AGE_RECIPIENT=$(grep '^# public key:' ${SOPS_AGE_KEY_FILE} | sed s/'.* age'/age/g)
talosctl gen secrets -o secrets.yaml
sops encrypt --age $SOPS_AGE_RECIPIENT secrets.yaml > secrets.enc.yaml
rm secrets.yaml
mv secrets.enc.yaml secrets.yaml
echo 'SECRETS CREATED, PLEASE UPDATE VAULTWARDEN :'
echo '- secrets.yaml - used by talosctl - safe to commit to git, encrypted by :'
echo '- wbc-dev-cluster-base.age-key - used by sops - DO NOT COMMIT! Put in Vaultwarden'

4
scripts/talosctl-apply-with-secrets
View file

@ -1,4 +0,0 @@
#!/bin/bash
sops exec-file secrets.yaml 'talosctl gen config --with-secrets {} proxlos https://172.20.3.11:6443 --config-patch @patches/controlplane/controlplane.yaml --output-types controlplane,talosconfig'
talosctl apply -f controlplane.yaml $*

46
secrets.yaml
View file

File diff suppressed because one or more lines are too long