Skip to content

javydekoning/homelab

BranchesTags

Repository files navigation

My Homelab

... Powered by 📦

k8s k3s argo logos ... managed with ArgoCD, Truenas, Renovate, and GitHub Actions 🤖

Status

MegaLinter Kubernetes

Truenas zpool main Uptime Robot ratio (30 days) Uptime Robot status Uptime Robot status Power consumption

Setup

Today is automated via Jailmaker. Bootstrap script can be found in truenas/k3s-jail-config.

ansible-playbook play.yml

Bootstrap "External Secrets" secret

Create an IAM user with the following policy attached:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Get",
      "Effect": "Allow",
      "Action": "secretsmanager:GetSecretValue",
      "Resource": "arn:aws:secretsmanager:*:<AWS account id>:secret:k8s*"
    },
    {
      "Sid": "List",
      "Effect": "Allow",
      "Action": "secretsmanager:ListSecrets",
      "Resource": "*"
    }
  ]
}

This gives access to secrets prefixed with k8s. Your secrets can now be stored in AWS Secrets Manager.

# To bootstrap, we add AWS credentials via one secret:
printf "%s" "Enter ACCESS_KEY: "
read ACCESS_KEY

printf "%s" "Enter SECRET_KEY: "
read SECRET_KEY

kubectl create ns external-secrets
kubectl create secret generic awssm-secret -n external-secrets \
  --from-literal=access-key=$ACCESS_KEY --from-literal=secret-access-key=$SECRET_KEY

Multiple services like Cert-Manager and DDNS rely on external secrets that are bootstrapped via the above.

About

Ansible & Kubernetes manifests

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages