I intentionally complicated my life again, so the goal of my first K8s infra is:

• Fully offline, air-gapped environment¹.
• GitOps, because it's convenient.
• Hardened but simple as possible. KISS.
• No closed-source and proprietary blobs. (still investigating, low priority for now)
• Lightweight yet scalable.
• Completely reproducible, easy re-installation and treat software as disposable.
• Full disk encryption for data. (finally freeing me from writing the password of my LUKS via SSH!)

So I ended with Talos. And it feels perfect for this use case, I am passionated with it.

Until now, I'm studying and experimenting with K8s and Talos. Doing some tests:

• Had settupped a bare Talos into a Raspberry PI 4, works very nice. But did it manually and with internet connection.
• Did my first K8s deploy on Vultr via their simple Terraform provider and managed K8s plane ↗.

Now, the next steps are clear:

• Figure out how migrate Helmfile to Flux having no network.
• Learn how to use the awesome tool: https://github.com/hauler-dev/hauler
• Install the charts. Mainly Forgejo, but this time keeping actions runners!
• Experiment in how maintain encrypted backups with Borg. (because running tar and then 7z monthly via SSH is not nice)

And for motivation, stick your eyes to this beautiful landscape!

I am glad that I enjoy YAML syntax.