kdvz/hetzner-k8s-extern

No description

HCL 100%

Find a file

kdvz-bot 890e3c20af Merge pull request 'feat(container): update code.forgejo.org/forgejo/runner ( 12.7.3 ➔ 12.8.0 )' (#77 ) from renovate/code.forgejo.org-forgejo-runner-12.x into main		2026-04-03 22:01:40 +00:00
bootstrap	fix(container): update ghcr.io/siderolabs/kubelet ( v1.35.2 ➔ v1.35.3 )	2026-03-20 13:01:34 +00:00
kubernetes	feat(container): update code.forgejo.org/forgejo/runner ( 12.7.3 ➔ 12.8.0 )	2026-04-03 22:01:37 +00:00
.editorconfig	first commit	2026-02-03 14:55:57 +01:00
.gitignore	first commit	2026-02-03 14:55:57 +01:00
.sops.yaml	first commit	2026-02-03 14:55:57 +01:00
README.md	chore: changed renovate	2026-02-10 10:06:58 +01:00
renovate.json	chore: changed renovate	2026-02-10 10:06:58 +01:00

README.md

Prerequisites

age keys

Create your own key and create a cluster key. Later on the cluster key gets deployed as secret inside your cluster to decrypt your secrets.

# install dependencies
brew install age sops

# create path
mkdir -p  $HOME/.config/sops/age

# create keys
age-keygen -o $HOME/.config/sops/age/keys.txt
age-keygen -o $HOME/.config/sops/age/cluster-keys.txt

sops configuration

Die öffentlichen age keys, die in der Datei .sops.yaml hinterlegt werden, werden für die Verschlüsselung der secret.sops.yaml Dateien genutzt.

vi .sops.yaml

---
creation_rules:
  - path_regex: kubernetes/.*\.sops\.ya?ml
    encrypted_regex: "^(data|stringData)$"
    key_groups:
      - age:
          - age1kxw2un7pcutnx8tsw2q5hg2g24vzsy3asjsmqngdzlh0fu5rayaqze6e5a # cluster key
          - age1kxu....
  - path_regex: setup/.*\.sops\.ya?ml
    encrypted_regex: "^(data|stringData)$"
    key_groups:
      - age:
          - age1kxw2un7pcutnx8tsw2q5hg2g24vzsy3asjsmqngdzlh0fu5rayaqze6e5a # cluster key
          - age1kxu....

⛵ Kubernetes

Installation

git clone https://code.kdvz.cloud/kdvz/hetzner-k8s-extern.git
Create talos node on hcloud
Bootstrap talos node
Bootstrap k8s