Use talos-bootstrap script to bootstrap a Cozystack cluster
talos-bootstrap
is a CLI for step-by-step cluster bootstrapping, made by Cozystack devs.Recommended for first deployments.
talos-bootstrap is an interactive script for bootstrapping Kubernetes clusters on Talos OS.
It was created by Cozystack developers to simplify the installation of Talos Linux on bare-metal nodes in a user-friendly manner.
1. Install Dependencies
Install the following dependencies
talosctl
dialog
nmap
Download the latest version of talos-bootstrap
from the
releases page or directly from the trunk:
curl -fsSL -o /usr/local/bin/talos-bootstrap \
https://github.com/cozystack/talos-bootstrap/raw/master/talos-bootstrap
chmod +x /usr/local/bin/talos-bootstrap
talos-bootstrap --help
2. Prepare Configuration Files
Start by making a configuration directory for the new cluster:
mkdir -p cluster1 cd cluster1
Make a configuration patch file
patch.yaml
with common node settings, using the following example:machine: kubelet: nodeIP: validSubnets: - 192.168.100.0/24 extraConfig: maxPods: 512 sysctls: net.ipv4.neigh.default.gc_thresh1: "4096" net.ipv4.neigh.default.gc_thresh2: "8192" net.ipv4.neigh.default.gc_thresh3: "16384" kernel: modules: - name: openvswitch - name: drbd parameters: - usermode_helper=disabled - name: zfs - name: spl - name: vfio_pci - name: vfio_iommu_type1 install: image: ghcr.io/cozystack/cozystack/talos:v1.10.3 registries: mirrors: docker.io: endpoints: - https://mirror.gcr.io files: - content: | [plugins] [plugins."io.containerd.grpc.v1.cri"] device_ownership_from_security_context = true [plugins."io.containerd.cri.v1.runtime"] device_ownership_from_security_context = true path: /etc/cri/conf.d/20-customization.part op: create cluster: network: cni: name: none dnsDomain: cozy.local podSubnets: - 10.244.0.0/16 serviceSubnets: - 10.96.0.0/16
Make another configuration patch file
patch-controlplane.yaml
with settings exclusive to control plane nodes:machine: nodeLabels: node.kubernetes.io/exclude-from-external-load-balancers: $patch: delete cluster: allowSchedulingOnControlPlanes: true controllerManager: extraArgs: bind-address: 0.0.0.0 scheduler: extraArgs: bind-address: 0.0.0.0 apiServer: certSANs: - 127.0.0.1 proxy: disabled: true discovery: enabled: false etcd: advertisedSubnets: - 192.168.100.0/24
To configure Keycloak as an OIDC provider, add the following section to
patch-controlplane.yaml
, replacingexample.com
with your domain:cluster: apiServer: extraArgs: oidc-issuer-url: "https://keycloak.example.com/realms/cozy" oidc-client-id: "kubernetes" oidc-username-claim: "preferred_username" oidc-groups-claim: "groups"
3. Bootstrap and Access the Cluster
Once you have the configuration files ready, run talos-bootstrap
on each node of a cluster:
# in the cluster config directory
talos-bootstrap install
⚠️ If your nodes are running on an external network, you must specify each node explicitly in the argument:
talos-bootstrap install -n 1.2.3.4
Where 1.2.3.4
is the IP-address of your remote node.
talos-bootstrap
will enable bootstrap on the first configured node in a cluster.
If you want to re-bootstrap the etcd cluster, remove the line BOOTSTRAP_ETCD=false
from your cluster.conf
file.Repeat this step for the other nodes in a cluster.
After completing the install
command, talos-bootstrap
saves the cluster’s config as ./kubeconfig
.
Set up kubectl
to use this new config by exporting the KUBECONFIG
variable:
export KUBECONFIG=$PWD/kubeconfig
kubeconfig
permanently available, you can make it the default one (~/.kube/config
),
use kubectl config use-context
, or employ a variety of other methods.
Check out the
Kubernetes documentation on cluster access.Check that the cluster is available with this new kubeconfig
:
kubectl get ns
Example output:
NAME STATUS AGE
default Active 7m56s
kube-node-lease Active 7m56s
kube-public Active 7m56s
kube-system Active 7m56s
READY: False
, which is normal at this step.
This happens because the default CNI plugin was disabled in the previous step to enable Cozystack installing its own CNI plugin.Further Steps
Now you have a Kubernetes cluster bootstrapped and ready for installing Cozystack. To complete the installation, follow the deployment guide, starting with the Install Cozystack section.