* Notes
- Taints and tolerations will likely not work without at least 2 nodes.
- Affinities based on hostnames will fail require matching names
- Secrets are stored in [[https://app.infisical.com/][Infisical]] so the similar secret structure is required.

** Software requirements
- New enough ~kubectl~ to use ~kubectl ... -k~ for kustomize
- [[https://github.com/casey/just][just]] to run deploy/redeploy commands
- [[https://github.com/gopasspw/gopass][gopass]] with infisical ID+Secret under ~homelab/infisical/{id,secret}~

** Usage
These all leverage the kustomizations and shell scripts in ~deploy/~
- ~just diff~     :: shows all changes based on kustomize
- ~just apply~    :: apply all changes
- ~just deploy~   :: apply all changes including infisical bootstrap secret
- ~just redeploy~ :: as above but recreates the bootstrap secret from keepass
- ~just infisical_bootstrap_secret [--recreate]~ :: Bootstrap secret but no
  other steps

Per namespace/app can be diff'd or applied via ~kubectl {diff, apply} -k
namespaces/[<namespace>/[<appName>/]]~