theshire/kubernetes/bootstrap/readme.md

# Bootstrap

## Talos

### Bootstrap talos cluster

```sh
omnictl cluster template sync -f ./template.yaml --omniconfig ./omniconfig.yaml
```
## CNI

### Install Cilium

```sh
cilium install \
    --helm-set=ipam.mode=kubernetes \
    --helm-set=kubeProxyReplacement=true \
    --helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
    --helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
    --helm-set=cgroup.autoMount.enabled=false \
    --helm-set=cgroup.hostRoot=/sys/fs/cgroup \
    --helm-set=k8sServiceHost=127.0.0.1 \
    --helm-set=k8sServicePort=7445 \
    --helm-set=bgpControlPlane.enabled=true \
    --helm-set=bgp.enabled=false \
    --helm-set=bgp.announce.loadbalancerIP=true \
    --helm-set=bgp.announce.podCIDR=false \
    --helm-set=cni-exclusive=false
```

## Flux Prep

### Install Flux

```sh
kubectl apply --server-side --kustomize ./kubernetes/bootstrap/flux
```

### Apply secrets, settings, and crds.

_These cannot be applied with `kubectl` in the regular fashion due to be encrypted with sops_

```sh
sops --decrypt kubernetes/bootstrap/flux/age-key.sops.yaml | kubectl apply -f -
sops --decrypt kubernetes/bootstrap/flux/git-deploy-key.sops.yaml | kubectl apply -f -
sops --decrypt kubernetes/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f -
kubectl apply -f kubernetes/flux/vars/cluster-settings.yaml
```

## Wipe Rook Ceph

```sh
kubectl apply -f kubernetes/tools/wiperook.yaml
```

## Kick off Flux applying this repository

```sh
kubectl apply --server-side --kustomize ./kubernetes/flux/config
```
Homelab 2024-01-11 15:03:54 -06:00			`# Bootstrap`

Update bootstrap instructions to include omni and kps crds. 2024-02-17 08:51:23 -06:00			`## Talos`

			`### Bootstrap talos cluster`

			```sh
			`omnictl cluster template sync -f ./template.yaml --omniconfig ./omniconfig.yaml`
			```
Add a few more steps to bootstrap. 2024-03-31 10:02:55 -05:00			`## CNI`
Update bootstrap instructions to include omni and kps crds. 2024-02-17 08:51:23 -06:00
Add a few more steps to bootstrap. 2024-03-31 10:02:55 -05:00			`### Install Cilium`

			```sh
			`cilium install \`
			`--helm-set=ipam.mode=kubernetes \`
			`--helm-set=kubeProxyReplacement=true \`
			`--helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \`
			`--helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \`
			`--helm-set=cgroup.autoMount.enabled=false \`
			`--helm-set=cgroup.hostRoot=/sys/fs/cgroup \`
			`--helm-set=k8sServiceHost=127.0.0.1 \`
			`--helm-set=k8sServicePort=7445 \`
			`--helm-set=bgpControlPlane.enabled=true \`
			`--helm-set=bgp.enabled=false \`
			`--helm-set=bgp.announce.loadbalancerIP=true \`
Update to disable cni-exclusive for cilium bootstrap. 2024-04-17 12:02:12 -05:00			`--helm-set=bgp.announce.podCIDR=false \`
			`--helm-set=cni-exclusive=false`
Add a few more steps to bootstrap. 2024-03-31 10:02:55 -05:00			```

			`## Flux Prep`
Homelab 2024-01-11 15:03:54 -06:00
			`### Install Flux`

			```sh
			`kubectl apply --server-side --kustomize ./kubernetes/bootstrap/flux`
			```

Update bootstrap instructions to include omni and kps crds. 2024-02-17 08:51:23 -06:00			`### Apply secrets, settings, and crds.`
Homelab 2024-01-11 15:03:54 -06:00
			_These cannot be applied with `kubectl` in the regular fashion due to be encrypted with sops_

			```sh
			`sops --decrypt kubernetes/bootstrap/flux/age-key.sops.yaml \| kubectl apply -f -`
			`sops --decrypt kubernetes/bootstrap/flux/git-deploy-key.sops.yaml \| kubectl apply -f -`
			`sops --decrypt kubernetes/flux/vars/cluster-secrets.sops.yaml \| kubectl apply -f -`
			`kubectl apply -f kubernetes/flux/vars/cluster-settings.yaml`
			```

Add a few more steps to bootstrap. 2024-03-31 10:02:55 -05:00			`## Wipe Rook Ceph`

			```sh
			`kubectl apply -f kubernetes/tools/wiperook.yaml`
			```

			`## Kick off Flux applying this repository`
Homelab 2024-01-11 15:03:54 -06:00
			```sh
			`kubectl apply --server-side --kustomize ./kubernetes/flux/config`
			```