Talos

This is part 3 of my Kubernetes homelab cluster setup series. The cluster is up, but it isn’t very usable yet. Before we and any services, we need to set up secrets management. In this post, we’re going to add secret management to the cluster with sops and age so we can safely check our configuration into git. Talos Kubernetes Homelab Setup Series Part 1 - Setting up Talos with a Cilium CNI on proxmox Part 2 Add SSL to Kubernetes using Cilium, cert-manager and LetsEncrypt with domains hosted on Amazon Route 53 Part 3 - Secret Management with SOPS Prerequisites A working kubernetes cluster. I’m using Talos for mine, but regular kubernetes or k3s clusters will work too. If you need to set up a new cluster, or configure an existing one to use Cilum, read part one of this series. cilium, kubectl & helm - if you don’t want to brew install them, install instructions are at cilium.io, helm.sh and kubectl. sops and age. On a Mac, you can run brew install sops age. If you’re using Linux or Windows, use the age installation instructions and sops installation instructions. Goal I have my cluster configuration in git so that it’s easy to recreate if I break something while experimenting. I don’t want to commit secrets into git in cleartext though. Instead, I want to encrypt our secrets in a way that the cluster can decrypt them, but they’re safe to check into source control. ...

In part two of this homelab kubernetes setup series, we’re going to install & configure cert-manager to use LetsEncrypt with Route 53 so we can use SSL to connect to our services. The tutorials I’ve seen for using cert-manager with a DNS challenge all use CloudFlare. I have my lab domain on Route 53 so this post will cover that instead. Talos Homelab Setup Series Part 1 - Setting up Talos with a Cilium CNI on proxmox Part 2 - Add SSL to Kubernetes using Cilium, cert-manager and LetsEncrypt with domains hosted on Amazon Route 53 - Part 3 - Set up Secret Management with SOPS Pre-requisites A domain hosted on Amazon Route 53 that you have administrative rights on. A working kubernetes cluster with Cilium installed and configured to be a Gateway. I’m using Talos for mine, but regular kubernetes or k3s clusters will work too. If you need to set up a new cluster, or configure an existing one to use Cilum, read part one of this series. cilium, kubectl & helm - if you don’t want to brew install them, install instructions are at cilium.io, helm.sh and kubectl. Software Versions Here are the versions of the software I used while writing this post. Later versions should work, but this is what these instructions were tested with. ...

I’ve been meaning to set up a talos cluster in my homelab for a while and set one up over the holiday break. Here’s how I did it. ...

I’ve been experimenting with running Talos in my home lab. I really like the idea of an immutable OS layer under Kubernetes and wanted to stand up a cluster to run some of my services that are currently run in docker-compose. I decided to use my Synology to store k8s volumes, here’s how I set that up ...

So here’s a fun macOS weirdness I ran into this weekend where I couldn’t connect to a port on another machine from a shell session inside of iTerm, even though I was able to ssh to other hosts. ...