- Download ISO and install k3os
- Configure static IP address (https://www.centlinux.com/2019/05/configure-network-on-k3os-machine.html)
sudo connmanctl services sudo connmanctl config ethernet_681def0b1da9_cable --ipv4 manual 192.168.2.4 255.255.255.0 192.168.2.1 --nameservers 1.1.1.1
- Update
/var/lib/rancher/k3os/config.yaml
with server config
Decrypt env.gpg
with gpg --decrypt env.gpg > env
.
Encrypt env
with gpg --symmetric --cipher-algo AES256 env
.
- Create namespaces
kubectl create namespace flux
- Populate secrets
./bootstrap-secrets.sh
- Install Flux Helm Operator
kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/1.2.0/deploy/crds.yaml helm repo add fluxcd https://charts.fluxcd.io helm upgrade -i helm-operator fluxcd/helm-operator \ --namespace flux \ --set helm.versions=v3
- Create volumes
kubectl apply -f default/volumes/pvc.yaml kubectl apply -f default/volumes/restorejobs.yaml
- Restore volumes and wait for them to finish
kubectl create job --from=cronjob/esphome-restic-restore esphome-restore kubectl create job --from=cronjob/homeassistant-restic-restore homeassistant-restore kubectl create job --from=cronjob/minecraft-restic-restore minecraft-restore kubectl create job --from=cronjob/plex-restic-restore plex-restore kubectl create job --from=cronjob/qbittorrent-restic-restore qbittorrent-restore
- Install traefik
kubectl apply -f default/traefik/helmrelease.yaml
- Setup forward-auth and ingress for traefik
kubectl apply -f default/traefik/traefik-forward-auth.yaml # ensure you wait until the let's encrypt cert was obtained kubectl apply -f default/traefik/traefik-ui.yaml
- Apply other configs
kubectl apply -f default/