# K3S Cluster

## Cluster Setup

1. Install wireguard

    ```bash
    pacman -S wireguard-tools linux-headers
    ```

2. Assign static IPs to each node

    /etc/dhcpcd.conf

    ```conf
    ...
    interface enp1s0
    static ip_address=192.168.122.51/24  # 52, 53
    static routers=192.168.122.1
    static domain_name_servers=192.168.122.1
    ```

## K3S Installation

1. Generate a secure token

    ```bash
    umask 077
    k3s token generate > token.txt
    export SECRET=$(cat token.txt)
    ```

2. Create the cluster

    ```bash
    curl -sfL https://get.k3s.io | K3S_TOKEN=$SECRET sh -s - server \
        --cluster-init \
        --flannel-backend=wireguard-native \
        --disable=traefik \
        --secrets-encryption \
        --tls-san=192.168.122.51
    ```

3. Join each server node

    ```bash
    curl -sfL https://get.k3s.io | K3S_TOKEN=$SECRET sh -s - server \
        --server https://192.168.122.51:6443 \
        --flannel-backend=wireguard-native \
        --disable=traefik \
        --secrets-encryption \
        --tls-san=192.168.122.52
    ```

4. Copy the kube config at /etc/rancher/k3s/k3s.yaml to YOUR computer at ~/.kube/dev-config

    ```bash
    export KUBECONFIG=~/.kube/dev-config
    ```

5. Modify the dev-config file's `server` attribute, replace with your IP/hostname

## Secrets Encryption

<https://docs.k3s.io/cli/secrets-encrypt>