Flux Home
The repository for the flux configuration of my home kubernetes cluster.
Getting Started
Bootstrap cluster on Raspberry PIs
- Login to your Raspberry PI
sudo sed -i '$ s/$/ cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1 swapaccount=1/' /boot/firmware/cmdline.txt- Install Microk8s
sudo snap install microk8s --classic- Update permissions to be able to execute commands without sudo
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
su - $USER- Wait until the cluster is up
microk8s status --wait-ready- Enable useful services
microk8s enable dns storage ingress helm3 metrics-serverOptional: Adding additional nodes
-
Login to your first Raspberry PI
-
Run command to obtain join token
microk8s add-node -
Login to second Raspberry PI
-
Run command collected from output step 2
-
Fin
Enable gitops integration via flux
These steps assume you have already configured your .kube/config file to allow access to the cluster via the kubectl CLI. 0. Install flux CLI
curl -s https://toolkit.fluxcd.io/install.sh | sudo - Set github personal access token (with all repo permissions):
export GITHUB_TOKEN=INSERT_TOKEN_HERE- Configure cluster
flux bootstrap github --personal --repository=k8s-home --owner=jamesgawn --read-write-key --personal --components-extra=image-reflector-controller,image-automation-controllerHow to
How to generate a new sealed secret
- Create the insecure secret file or using the template provided:
kubectl -n default create secret generic example-secret \
--from-literal=key1=value1 \
--from-literal=key2=value2 \
--dry-run=client \
-o yaml > example-secret.yaml- Secure it using public key
kubeseal --format=yaml --cert=sealed-secret-public-cert.pem < example-secret.yaml > example-secret-sealed.yamlYou can obtain the public key with the following command:
kubeseal --fetch-cert \
--controller-name=sealed-secrets \
--controller-namespace=flux-system \
> sealed-secret-public-cert.pem