Skip to content

Commit

Permalink
Deployed ba84399 to develop with MkDocs 1.4.2 and mike 1.2.0.dev0
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions committed Jan 18, 2024
1 parent 957f1fa commit 0291fa6
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 1 deletion.
40 changes: 40 additions & 0 deletions develop/guides/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,8 @@
</li>
<li class="toctree-l2"><a class="reference internal" href="#adding-talos-extensions-and-kernel-arguments">Adding Talos extensions and kernel arguments</a>
</li>
<li class="toctree-l2"><a class="reference internal" href="#adding-ingress-firewall-and-extra-manifests-for-each-node">Adding Ingress Firewall and extra manifests for each node</a>
</li>
<li class="toctree-l2"><a class="reference internal" href="#configuring-sops-for-talhelper">Configuring SOPS for Talhelper</a>
</li>
<li class="toctree-l2"><a class="reference internal" href="#using-doppler-instead-of-sops">Using Doppler instead of SOPS</a>
Expand Down Expand Up @@ -185,6 +187,44 @@ <h2 id="adding-talos-extensions-and-kernel-arguments">Adding Talos extensions an
<span class="hll"><span class="w"> </span><span class="nt">talosImageURL</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my.registry/install/talos-installer-image</span>
</span></code></pre></div>
<p>This will result in <code>machine.install.image</code> value to be <code>my.registry/install/talos-installer-image:v1.5.4</code>.</p>
<h2 id="adding-ingress-firewall-and-extra-manifests-for-each-node">Adding Ingress Firewall and extra manifests for each node</h2>
<p>With the addition of Ingress Firewall in Talos v1.6 and their future plan of multi-document machine configuration, you can now add firewall rules and extra manifests for each node.
Let's say you want to strengthen your nodes like described in the <a href="https://www.talos.dev/v1.6/talos-guides/network/ingress-firewall/#recommended-rules">recommended rules</a>.
You can achieve it like so:</p>
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
<span class="nt">clusterName</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my-cluster</span>
<span class="nt">endpoint</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://192.168.200.10:6443</span>
<span class="nt">clusterSvcNets</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${CLUSTER_SUBNET}</span><span class="w"> </span><span class="c1">## Define this in your talenv.yaml file</span>
<span class="nt">controlPlane</span><span class="p">:</span>
<span class="hll"><span class="nt">ingressFirewall</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="nt">defaultAction</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">block</span>
</span><span class="hll"><span class="w"> </span><span class="nt">rules</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kubelet-ingress</span>
</span><span class="hll"><span class="w"> </span><span class="nt">portSelector</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10250</span>
</span><span class="hll"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tcp</span>
</span><span class="hll"><span class="w"> </span><span class="nt">ingress</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">subnet</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">${CLUSTER_SUBNET}</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">apid-ingress</span>
</span><span class="hll"><span class="w"> </span><span class="nt">portSelector</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">50000</span>
</span><span class="hll"><span class="w"> </span><span class="nt">protocol</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tcp</span>
</span><span class="hll"><span class="w"> </span><span class="nt">ingress</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">subnet</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">0.0.0.0/0</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">subnet</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">::/0</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">...</span>
</span><span class="nt">nodes</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">worker1</span>
<span class="w"> </span><span class="nt">controlPlane</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">false</span>
<span class="w"> </span><span class="nt">ipAddress</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">192.168.200.12</span>
<span class="hll"><span class="w"> </span><span class="nt">extraManifests</span><span class="p">:</span>
</span><span class="hll"><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">worker1-firewall.yaml</span>
</span></code></pre></div>
<p>You can add <code>ingressFirewall</code> and <code>extraManifests</code> below <code>controlPlane</code> or <code>worker</code> field for node groups that you want to apply.
Or you can add them to <code>nodes[]</code> field for specific node you want to apply.</p>
<h2 id="configuring-sops-for-talhelper">Configuring SOPS for Talhelper</h2>
<p><a href="https://github.com/getsops/sops">sops</a> is a simple and flexible tool for managing secrets.</p>
<p>If you haven't used <code>sops</code> before, the easiest way to get started is by using <a href="https://github.com/FiloSottile/age">age</a> as the encryption tool of choice.
Expand Down
2 changes: 1 addition & 1 deletion develop/search/search_index.json
View file

Large diffs are not rendered by default.

0 comments on commit 0291fa6

Please sign in to comment.