apiVersion: v1
kind: Secret
metadata:
name: database-credentials
namespace: default
type: Opaque
stringData:
username: "admin"
password: "p4ssw0rd"To create a new encrypted secret run the following command:
kubeseal --controller-namespace sealed-secrets -o yaml <INPUT.yaml >OUTPUT.yamlTo encrypt a single value run the following command:
echo -n <VALUE> | kubeseal --controller-namespace sealed-secrets --raw --namespace <NAMESPACE> --name <NAME>kubectl get secrets -n sealed-secrets -o yaml > out.yaml
!! UPDATE KEY AND CRT !!
kubectl apply -f out.yaml
rm out.yaml
kubectl rollout restart -n sealed-secrets deployment sealed-secrets-controllerkubectl get replicaset -o jsonpath='{ .items[?(@.spec.replicas==0)]}' -A | k delete -f -- Hortek
- Kashaylan
- RK1
- RK1
- RK1
- RK1
This only has to be run once for a cluster.
talosctl gen secrets
talosctl gen config $CLUSTERNAME https://$NODEIP:6443 \
--output-types talosconfig \
--with-cluster-discovery=false \
--with-secrets secrets.yaml \
--config-patch @controlplane-$CONTROLPLANE.yaml \
--config-patch @controlplane-all.yaml \
--config-patch @cluster.yamltalosctl --nodes $NODEIP kubeconfig
talosctl --nodes $NODEIP dashboardUpgrade Talos version:
./update-talos.sh -n kashaylan-2 -v v1.7.2 -c ./talosconfig -f trueUpgrade configuration:
./update-config.sh -n kashaylan-2 -c ./talosconfigNote: see files in udm folder.
Install Unifi utilities to run on boot.
curl -fsL "https://raw.githubusercontent.com/unifi-utilities/unifios-utilities/HEAD/on-boot-script-2.x/remote_install.sh" | /bin/shCreate run on boot script to install frr in /data/on_boot.d/10-onboot-frr.sh.
Enable BGP by setting bgpd=yes in /etc/frr/daemons.
Create BGP config in /etc/frr/bgpd.conf.
Chown BGP config to ffr user.
chown frr:frr /etc/frr/bgpd.conf
service frr restartCheck if it is working.
vtysh -c 'show ip bgp'
netstat -ar