Client machine

Talos nodes have no shell at all, so you would need some box to run configuration commands. In this case I’m using Ubuntu 22.04 LTS for console to run commands, configuring Talos 1.91

# install TalosCTL, KubeCTL, Helm
curl -sL https://talos.dev/install | sh
snap install kubectl --classic
snap install helm --classic
helm repo update

Note controlplane (master) node IP and save to variable as well as some other staff

# use _your_ IP here
export CONTROL_PLANE_IP=10.11.12.13
# choose your clsuter name
export CLUSTER_NAME="talos-1"

K8S configuration

Initial steps

# Approach below differs from the default at https://www.talos.dev/v1.9/talos-guides/install/virtualized-platforms/proxmox/
#
# create folder structure
mkdir talos-1
mkdir talos-1/patches   # cluster-wide patches
mkdir talos-1/nodes     # per-node patch files
mkdir talos-1/rendered  # output the finished machine configurations
cd talos-1
#
# generate a secrets bundle which contains all the sensitive keys used to define our cluster
talosctl gen secrets --output-file secrets.yaml
#
# generate the talosconfig based on the cluster name and endpoint specified earlier
# config is with QEMU support for ProxMox (QEMU needs to be enables on VM options)
talosctl gen config             \
    --force                     \
    --install-image factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.1 \
    --with-secrets secrets.yaml \
    --output-types talosconfig  \
    --output talosconfig        \
    $CLUSTER_NAME               \
    https://$CONTROL_PLANE_IP:6443
    
# add current controlplabe IP as endpoint
talosctl --talosconfig=./talosconfig \
    config endpoint $CONTROL_PLANE_IP
#
#your config file talosconfig would look like
#
#context: <cluster name, e.g. talos-1>
#contexts:
#    <cluster name:
#        endpoints:
#            - $CONTROL_PLANE_IP
# <encryption keys>
#

# add "nodes:"" section below "endpoints:" like below
# this will make your life easier
#
#context: <cluster name, e.g. talos-1>
#contexts:
#    <cluster name:
#        endpoints:
#            - $CONTROL_PLANE_IP
#        nodes:
#            - $CONTROL_PLANE_IP
# <encryption keys>

 
 
# and move config to your home
mv talosconfig ~/.talos/config

Patches

  • enable workloads on our controlplane machine patches/allow-controlplane-workloads.yaml:
# patches/allow-controlplane-workloads.yaml
cluster:
  allowSchedulingOnControlPlanes: true
  • customization for our first node nodes/n1.yaml:
# nodes/n1.yaml
machine:
  network:
    hostname: n1

Machine config

  • Finally generate the actual machine config for our first node
# generate the actual machine config for our first node
talosctl gen config                                               \
        --force                                                   \
        --output rendered/n1.yaml                                 \
        --output-types controlplane                               \
        --with-cluster-discovery=false                            \
        --with-secrets secrets.yaml                               \
        --config-patch @patches/allow-controlplane-workloads.yaml \
        --config-patch @nodes/n1.yaml                             \
        $CLUSTER_NAME                                             \
        $API_ENDPOINT
#
# apply configuration
talosctl --nodes $CONTROL_PLANE_IP apply-config --file rendered/n1.yaml --insecure
# bootstrap clsuter
talosctl --nodes $CONTROL_PLANE_IP bootstrap
# now you can check cluster status via
talosctl -n $CONTROL_PLANE_IP dashboard
# Wait for 
# STAGE to become √ Running
# READY to become √ True

Kubernetes access

# generate cubeconfig ( will place data in ~/.kube/config)
talosctl --nodes $CONTROL_PLANE_IP kubeconfig

Reebot safecheck

Reboot the node to make sure it comes up

talosctl --nodes $CONTROL_PLANE_IP reboot

You have installed your single node K8S cluster