argodent/turbo-mothership
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
turbo-mothership/bootstrap/README.md
Pavel Basov df9937f0c3 Initial commit: Turbo Mothership bare metal management cluster 
- k0s bootstrap with Cilium and OpenEBS
- ArgoCD apps for infra, CAPI, Tinkerbell, and Netris
- Ansible playbooks for virtual baremetal lab and Netris switches
- CAPI provider manifests for k0smotron and Tinkerbell
2025-12-15 19:59:58 +01:00

114 lines
2.3 KiB
Markdown
Raw Permalink Blame History

# Bootstrap
Bootstrap chart for cluster initialization. Deploys all required infrastructure components in a single Helm release.
## Requirements
- 1-3 nodes
- External DNS for ingress access
- Internet access
## Components
The bootstrap umbrella chart (`charts/bootstrap/`) includes:
| Component | Description |
|-----------|-------------|
| Cilium | CNI for networking |
| ingress-nginx | Ingress controller |
| cert-manager | TLS certificate management |
| sealed-secrets | Encrypted secrets for GitOps |
| ArgoCD | GitOps continuous delivery |
| OpenEBS | Container storage (hostpath) |
Additional resources created:
- ClusterIssuer (Let's Encrypt)
- StorageClass (local-storage)
## Kubernetes
Install [k0s](https://k0sproject.io/) as the Kubernetes distribution:
```sh
curl -sSf https://get.k0s.sh | sudo sh
sudo k0s install controller --enable-worker --no-taints --config ./k0s.yaml
sudo k0s start
```
Verify and get kubeconfig:
```sh
sudo k0s status
k0s kubeconfig admin create > ~/.kube/config
```
## Bootstrap Installation
```sh
cd charts/bootstrap
# Download dependencies
helm dependency update
# Review what will be installed
helm template bootstrap . --namespace bootstrap | less
# Install
helm upgrade -i bootstrap . --namespace bootstrap --create-namespace
```
## Sealed Secrets
[Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) enables GitOps management of secrets using asymmetric encryption.
### Usage
```sh
# Create a secret (do not commit)
kubectl create secret generic my-secret \
--from-literal=password=supersecret \
--dry-run=client -o yaml > plaintext.yaml
# Seal it
kubeseal < plaintext.yaml > sealed-secret.yaml
# Delete plaintext
rm plaintext.yaml
# Apply sealed secret
kubectl apply -f sealed-secret.yaml
```
## ArgoCD
Available at https://argo.turbo.weystrom.dev
Get initial admin password:
```sh
kubectl -n bootstrap get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
```
## Configuration
Edit `charts/bootstrap/values.yaml` to customize components. Each subchart is configured under its own key:
```yaml
cilium:
enabled: true
ingress-nginx:
enabled: true
controller:
service:
externalIPs:
- 1.2.3.4
cert-manager:
enabled: true
# ... etc
```
To disable a component, set `enabled: false`.
Reference in New Issue View Git Blame Copy Permalink