Frequently asked questions and How-to guides

Knowledge base with FAQ and advanced configurations

Troubleshooting

Troubleshooting advice can be found on our Troubleshooting Cheatsheet.

Configuration

How to Enable KubeSpan

Talos Linux provides a full mesh WireGuard network for your cluster.

To enable this functionality, you need to configure KubeSpan and Cluster Discovery in your Talos Linux configuration:

machine:
  network:
    kubespan:
      enabled: true
cluster:
  discovery:
    enabled: true

Since KubeSpan encapsulates traffic into a WireGuard tunnel, Kube-OVN should also be configured with a lower MTU value.

To achieve this, add the following to the Cozystack ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: cozystack
  namespace: cozy-system
data:
  values-kubeovn: |
    kube-ovn:
      mtu: 1222

Operations

How to enable access to dashboard via ingress-controller

Update your ingress application and enable dashboard: true option in it. Dashboard will become available under: https://dashboard.<your_domain>

What if my cloud provider does not support MetalLB

You still have the opportunity to expose the main ingress controller using the external IPs method.

Take IP addresses of the external network interfaces for your nodes. Add them to the externalIPs list in the Ingress configuration:

kubectl patch -n tenant-root ingresses.apps.cozystack.io ingress --type=merge -p '{"spec":{
  "externalIPs": [
    "192.168.100.11",
    "192.168.100.12",
    "192.168.100.13"
  ]
}}'

kubectl patch -n cozy-system configmap cozystack --type=merge -p '{
  "data": {
    "expose-external-ips": "192.168.100.11,192.168.100.12,192.168.100.13"
  }
}'

After that, your Ingress will be available on the specified IPs:

# kubectl get svc -n tenant-root root-ingress-controller
root-ingress-controller   ClusterIP   10.96.91.83   37.27.60.28,65.21.65.173,135.181.169.168   80/TCP,443/TCP   133d

How to configure Cozystack using FluxCD or ArgoCD

Here you can find reference repository to learn how to configure Cozystack services using GitOps approach:

https://github.com/aenix-io/cozystack-gitops-example

Public-network Kubernetes deployment

A Kubernetes/Cozystack cluster can be deployed using only public networks:

Both management and worker nodes have public IP addresses.
Worker nodes connect to the management nodes over the public Internet, without a private internal network or VPN.

Such a setup is not recommended for production, but can be used for research and testing, when hosting limitations prevent provisioning a private network.

To enable this setup when deploying with talosctl, add the following data in the node configuration files:

cluster:
  controlPlane:
    endpoint: https://<MANAGEMENT_NODE_IP>:6443

For talm, append the same lines at end of the first node’s configuration file, such as nodes/node1.yaml.

How to allocate space on system disk for user storage

Moved to How to install Talos on a single-disk machine

How to generate kubeconfig for tenant users

Moved to How to generate kubeconfig for tenant users.

How to enable Hugepages

Moved to Cluster Configuration, How to enable Hugepages.

How to Rotate Certificate Authority

Moved to Cluster Maintenance, How to Rotate Certificate Authority.

How to cleanup etcd state

Moved to Troubleshooting: How to clean up etcd state.

Bundles

How to overwrite parameters for specific components

Moved to Cluster configuration, Components reference.

How to disable some components from bundle

Moved to Cluster configuration, Components reference.

How to generate kubeconfig for tenant users

A guide on how to generate a kubeconfig file for tenant users in Cozystack.

How to install Talos on a single-disk machine

How to install Talos on a single-disk machine, allocating space on system disk for user storage

Last modified 2025-09-17: [docs] Extract "Single-disk Talos installation" (35edb09)