Bootstrap a Talos Linux cluster for Cozystack using talos-bootstrap
talos-bootstrap is an interactive script for bootstrapping Kubernetes clusters on Talos OS.
It was created by Ænix to simplify the installation of Talos Linux on bare metal nodes in a user-friendly manner.
1. Install Dependencies
Install the following dependencies
talosctldialognmap
Download the latest version of talos-bootstrap from the
releases page or directly from the trunk:
curl -fsSL -o /usr/local/bin/talos-bootstrap \
https://github.com/cozystack/talos-bootstrap/raw/master/talos-bootstrap
chmod +x /usr/local/bin/talos-bootstrap
talos-bootstrap --help
2. Prepare Configuration Files
Start by making a configuration directory for the new cluster:
mkdir -p cluster1 cd cluster1Make a configuration patch file
patch.yamlwith common node settings, using the following example:machine: kubelet: nodeIP: validSubnets: - 192.168.100.0/24 extraConfig: maxPods: 512 kernel: modules: - name: openvswitch - name: drbd parameters: - usermode_helper=disabled - name: zfs - name: spl - name: vfio_pci - name: vfio_iommu_type1 install: image: ghcr.io/cozystack/cozystack/talos:v1.9.5 registries: mirrors: docker.io: endpoints: - https://mirror.gcr.io files: - content: | [plugins] [plugins."io.containerd.grpc.v1.cri"] device_ownership_from_security_context = true [plugins."io.containerd.cri.v1.runtime"] device_ownership_from_security_context = true path: /etc/cri/conf.d/20-customization.part op: create cluster: network: cni: name: none dnsDomain: cozy.local podSubnets: - 10.244.0.0/16 serviceSubnets: - 10.96.0.0/16Make another configuration patch file
patch-controlplane.yamlwith settings exclusive to control plane nodes:machine: nodeLabels: node.kubernetes.io/exclude-from-external-load-balancers: $patch: delete cluster: allowSchedulingOnControlPlanes: true controllerManager: extraArgs: bind-address: 0.0.0.0 scheduler: extraArgs: bind-address: 0.0.0.0 apiServer: certSANs: - 127.0.0.1 proxy: disabled: true discovery: enabled: false etcd: advertisedSubnets: - 192.168.100.0/24To configure Keycloak as an OIDC provider, add the following section to
patch-controlplane.yaml, replacingexample.comwith your domain:cluster: apiServer: extraArgs: oidc-issuer-url: "https://keycloak.example.com/realms/cozy" oidc-client-id: "kubernetes" oidc-username-claim: "preferred_username" oidc-groups-claim: "groups"
3. Bootstrap and Access the Cluster
Once you have the configuration files ready, run talos-bootstrap on each node of a cluster:
# in the cluster config directory
talos-bootstrap install
⚠️ If your nodes are running on an external network, you must specify each node explicitly in the argument:
talos-bootstrap install -n 1.2.3.4
Where 1.2.3.4 is the IP-address of your remote node.
talos-bootstrap will enable bootstrap on the first configured node in a cluster.
If you want to re-bootstrap the etcd cluster, remove the line BOOTSTRAP_ETCD=false from your cluster.conf file.Repeat this step for the other nodes in a cluster.
After completing the install command, talos-bootstrap saves the cluster’s config as ./kubeconfig.
Export the KUBECONFIG variable to use it:
export KUBECONFIG=$PWD/kubeconfig
Check that the cluster is available with this new kubeconfig:
kubectl get ns
Example output:
NAME STATUS AGE
default Active 7m56s
kube-node-lease Active 7m56s
kube-public Active 7m56s
kube-system Active 7m56s
READY: False, which is normal at this step.
This happens because the default CNI plugin was disabled in the previous step to enable Cozystack installing its own CNI plugin.Now you have a Kubernetes cluster prepared for installing Cozystack. To complete the installation, follow the deployment guide, starting with the Install Cozystack section.