pre-commit install --install-hooks
pre-commit run --all-filesIf generating a new keypair, all *.sops.* files will need to be re-created.
# Create age key pair
age-keygen -o age.agekey# Move generated key
mkdir -p ~/.config/sops/age
mv age.agekey ~/.config/sops/age/home-ops.txt# allow .envrc to be loaded by direnv
direnv allow .just bootstrap bootstrapThis runs all stages in sequence:
- Generate and apply Talos configs to all nodes
- Bootstrap etcd on the first control plane
- Fetch kubeconfig
- Wait for Kubernetes API
- Install Cilium via helmfile
- Install Flux and apply secrets
- Start Flux reconciliation
If you need more control, run individual stages:
# Generate Talos configurations
just talos gen-config
# Apply configs to nodes
just bootstrap nodes
# Bootstrap etcd
just bootstrap etcd
# Configure talosctl endpoints
just bootstrap talosconfig
# Get kubeconfig
just bootstrap kubeconfig
# Wait for nodes
just bootstrap wait
# Install Cilium
just bootstrap cilium
# Install Flux
just bootstrap flux
just bootstrap flux-secrets
just bootstrap flux-config# Check Flux status
flux check
# Check all resources
kubectl get hr -A # Helm releases
kubectl get ks -A # Kustomizations# Show cluster info
just talos info
# Generate machine configs
just talos genconfig
# Generate custom installer image URL
just talos genimage
# Clean generated configs
just talos cleanSystem extensions can only be installed on install or upgrade:
talosctl -e <endpoint> -n <node> upgrade --image=ghcr.io/siderolabs/installer:<talos version>
# Check status
talosctl -e <endpoint> -n <node> get extensionsA lot of the setup here was inspired by folks who share their home Kubernetes setup.