Component	Description
Cilium	CNI for networking
ingress-nginx	Ingress controller
cert-manager	TLS certificate management
sealed-secrets	Encrypted secrets for GitOps
ArgoCD	GitOps continuous delivery
OpenEBS	Container storage (hostpath)

Additional resources created:

ClusterIssuer (Let's Encrypt)
StorageClass (local-storage)

Kubernetes

Install k0s as the Kubernetes distribution:

curl -sSf https://get.k0s.sh | sudo sh
sudo k0s install controller --enable-worker --no-taints --config ./k0s.yaml
sudo k0s start

Verify and get kubeconfig:

sudo k0s status
k0s kubeconfig admin create > ~/.kube/config

Bootstrap Installation

cd charts/bootstrap

# Download dependencies
helm dependency update

# Review what will be installed
helm template bootstrap . --namespace bootstrap | less

# Install
helm upgrade -i bootstrap . --namespace bootstrap --create-namespace

Sealed Secrets

Sealed Secrets enables GitOps management of secrets using asymmetric encryption.

Usage

# Create a secret (do not commit)
kubectl create secret generic my-secret \
  --from-literal=password=supersecret \
  --dry-run=client -o yaml > plaintext.yaml

# Seal it
kubeseal < plaintext.yaml > sealed-secret.yaml

# Delete plaintext
rm plaintext.yaml

# Apply sealed secret
kubectl apply -f sealed-secret.yaml

ArgoCD

Available at https://argo.turbo.weystrom.dev

Get initial admin password:

kubectl -n bootstrap get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Configuration

Edit charts/bootstrap/values.yaml to customize components. Each subchart is configured under its own key:

cilium:
  enabled: true

ingress-nginx:
  enabled: true
  controller:
    service:
      externalIPs:
        - 1.2.3.4

cert-manager:
  enabled: true

# ... etc

To disable a component, set enabled: false.