add k3s arch

arch/k3s.md

@@ -0,0 +1,65 @@
+# K3S Cluster
+
+## Cluster Setup
+
+1. Install wireguard
+
+    ```bash
+    pacman -S wireguard-tools linux-headers
+    ```
+
+2. Assign static IPs to each node
+
+    /etc/dhcpcd.conf
+
+    ```conf
+    ...
+    interface enp1s0
+    static ip_address=192.168.122.51/24  # 52, 53
+    static routers=192.168.122.1
+    static domain_name_servers=192.168.122.1
+    ```
+
+## K3S Installation
+
+1. Generate a secure token
+
+    ```bash
+    umask 077
+    k3s token generate > token.txt
+    export SECRET=$(cat token.txt)
+    ```
+
+2. Create the cluster
+
+    ```bash
+    curl -sfL https://get.k3s.io | K3S_TOKEN=$SECRET sh -s - server \
+        --cluster-init \
+        --flannel-backend=wireguard-native \
+        --disable=traefik \
+        --secrets-encryption \
+        --tls-san=192.168.122.51
+    ```
+
+3. Join each server node
+
+    ```bash
+    curl -sfL https://get.k3s.io | K3S_TOKEN=$SECRET sh -s - server \
+        --server https://192.168.122.51:6443 \
+        --flannel-backend=wireguard-native \
+        --disable=traefik \
+        --secrets-encryption \
+        --tls-san=192.168.122.52
+    ```
+
+4. Copy the kube config at /etc/rancher/k3s/k3s.yaml to YOUR computer at ~/.kube/dev-config
+
+    ```bash
+    export KUBECONFIG=~/.kube/dev-config
+    ```
+
+5. Modify the dev-config file's `server` attribute, replace with your IP/hostname
+
+## Secrets Encryption
+
+<https://docs.k3s.io/cli/secrets-encrypt>