Skip to content

Latest commit

 

History

History
142 lines (103 loc) · 2.88 KB

README.md

File metadata and controls

142 lines (103 loc) · 2.88 KB

Homelab

Kubeseal

apiVersion: v1
kind: Secret
metadata:
  name: database-credentials
  namespace: default
type: Opaque
stringData:
  username: "admin"
  password: "p4ssw0rd"

To create a new encrypted secret run the following command:

kubeseal --controller-namespace sealed-secrets -o yaml <INPUT.yaml >OUTPUT.yaml

To encrypt a single value run the following command:

echo -n <VALUE> | kubeseal --controller-namespace sealed-secrets --raw --namespace <NAMESPACE> --name <NAME>

Restore key in new cluster

kubectl get secrets -n sealed-secrets -o yaml > out.yaml
!! UPDATE KEY AND CRT !!
kubectl apply -f out.yaml
rm out.yaml
kubectl rollout restart -n sealed-secrets deployment sealed-secrets-controller

Remove old replica sets

kubectl get replicaset -o jsonpath='{ .items[?(@.spec.replicas==0)]}' -A | k delete -f -

Known issues

Hardware setup

  • Hortek
  • Kashaylan
    • RK1
    • RK1
    • RK1
    • RK1

Talos

Generate secrets

This only has to be run once for a cluster.

talosctl gen secrets
talosctl gen config $CLUSTERNAME https://$NODEIP:6443 \
    --output-types talosconfig                        \
    --with-cluster-discovery=false                    \
    --with-secrets secrets.yaml                       \
    --config-patch @controlplane-$CONTROLPLANE.yaml   \
    --config-patch @controlplane-all.yaml             \
    --config-patch @cluster.yaml

General commands

talosctl --nodes $NODEIP kubeconfig
talosctl --nodes $NODEIP dashboard

Upgrade nodes

Upgrade Talos version:

./update-talos.sh -n kashaylan-2 -v v1.7.2 -c ./talosconfig -f true

Upgrade configuration:

./update-config.sh -n kashaylan-2  -c ./talosconfig

UDM

BGP Setup

Note: see files in udm folder.

Install Unifi utilities to run on boot.

curl -fsL "https://raw.githubusercontent.com/unifi-utilities/unifios-utilities/HEAD/on-boot-script-2.x/remote_install.sh" | /bin/sh

Create run on boot script to install frr in /data/on_boot.d/10-onboot-frr.sh.

Enable BGP by setting bgpd=yes in /etc/frr/daemons.

Create BGP config in /etc/frr/bgpd.conf.

Chown BGP config to ffr user.

chown frr:frr /etc/frr/bgpd.conf
service frr restart

Check if it is working.

vtysh -c 'show ip bgp'
netstat -ar