See k3s bootstrapping for details on creating the k3s cluster itself
Once a cluster is in-place, ensure that the $KUBECONFIG environment variable is set properly, or the target cluster is set in the ~/.kube/config file.
./bootstrap-cluster.shThis script does several things:
- Installs flux2
- Bootstraps the vault-secret-operator with the auto-unwrap token
- Bootstraps cert-manager with letsencrypt information
- Bootstraps vault (see bootstrap-vault.sh for more detail)
- Initializes vault if it has not already been initialized
- Unseals vault
- Configures vault to accept requests from vault-secrets-operator
- Writes all secrets (held locally in the
.envfile) to vault for vault-secrets-operator to act on
After initial bootstrapping, it will be necessary to run scripts to apply manual changes that can't be natively handled via Flux. This is for yaml files that need envsubst prior to application to the cluster. This is also for updates to values stored in vault.
There are references to the .env file in the below scripts. This file is automatically sourced in order to populate secrets and sensitive information used in the scripts at runtime. This file is also prevented from commits via .gitignore.
A sample .env.sample file is provided as reference. To use this, cp .env.sample .env and make the necessary modifications for the secrets for your particular configuration.
To apply necessary changes to kubernetes native objects, run bootstrap-objects.sh:
./bootstrap-objects.shTo apply new additions or updates to vault, run bootstrap-vault.sh:
./bootstrap-vault.shvelero is used as the backup mechanism. However, as an alternative for situations where it is, unfortunately, necessary to backup & restore a persistent volume (e.g. completely removing a chart that leverages a persistent volume), the backup.sh and restore.sh scripts may be used. Examine to scripts to learn more.