Infrastructure

Talos Kubernetes cluster provisioning on Proxmox - Terraform for VMs, Go tool for bootstrap and lifecycle management.

Structure

terraform/    Proxmox VM definitions (providers, variables, control/worker nodes)
bootstrap/    Go CLI tool - cluster bootstrap, reconciliation, infrastructure management
docs/         Architecture documentation

Quick Start

# 1. Configure terraform
cp terraform/terraform.tfvars.example terraform/terraform.tfvars
# Edit terraform.tfvars with your Proxmox credentials and cluster settings

# 2. Set up the secret vault (SOPS + age) — see docs/secrets.md
age-keygen -o ~/.config/sops/age/keys.txt
talops secrets add-device <your-age-public-key>   # existing repo: git pull instead

# 3. Build the bootstrap tool
cd bootstrap && make build

# 4. Provision and bootstrap
./build/talops up

Secrets (terraform.tfvars, the Talos secrets bundle, talosconfig, and bootstrap state) are stored as SOPS+age encrypted files committed to git and shared across machines. See docs/secrets.md for setup, onboarding a new device, and revocation.

Commands

talops up                    Provision VMs + bootstrap cluster
talops down                  Drain + destroy cluster
talops bootstrap             Initial cluster deployment
talops reconcile             Reconcile cluster with terraform.tfvars
talops reconcile --plan      Preview changes without applying
talops status                Show cluster status
talops reset                 Reset cluster state
talops infra deploy          Deploy/update infrastructure (Terraform)
talops infra destroy         Destroy infrastructure
talops infra plan            Preview infrastructure changes
talops infra status          Show infrastructure state
talops infra cleanup         Remove generated Terraform files
talops secrets status        Show vault recipients and artifact state
talops secrets add-device    Authorize a device's age key and re-key the vault
talops secrets hydrate/seal  Decrypt vault to working files / encrypt back

Demo

talops_demo_3x.mp4