The generated configuration file created by talosctl has a lot of comments on how to configure each field, so it might be overwhelming for people to read through it all. The example that you will see here has the most used features configured. The list below has links to each of the additional features enabled in the config:
Tip
If you only have one node, the pods will not get scheduled and will remain in a Pending state forever. You need to untaint the single node by running:
1
|
kubectl taint nodes --all node-role.kubernetes.io/master-
|
Full example configuration file (click to expand):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: <TALOS_AUTO_GENERATED>
ca:
crt: <TALOS_AUTO_GENERATED>
key: <TALOS_AUTO_GENERATED>
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.23.5
extraArgs:
rotate-server-certificates: true
nodeIP:
validSubnets:
- 192.168.0.1/24
network:
hostname: example-main-0
interfaces:
- interface: eth0
addresses:
- 192.168.0.241/24
routes:
- network: 0.0.0.0/0
gateway: 192.168.0.1
dhcp: true
vip:
ip: 192.168.0.250
nameservers:
- 192.168.0.1
- 8.8.4.4
- 8.8.8.8
- 1.1.1.1
extraHostEntries:
- ip: 192.168.0.241
aliases:
- example-main-0
- ip: 192.168.0.242
aliases:
- example-agent-0
- ip: 192.168.0.243
aliases:
- example-agent-1
install:
disk: /dev/mmcblk0
image: ghcr.io/siderolabs/installer:v1.0.1
bootloader: true
wipe: false
features:
rbac: true
files:
- content: |
[metrics]
address = "0.0.0.0:11234"
path: /var/cri/conf.d/metrics.toml
op: create
time:
disabled: false
servers:
- time.cloudflare.com
registries:
config:
registry.gitlab.com:
auth:
username: example
password: secretpassword
cluster:
id: <TALOS_AUTO_GENERATED>
secret: <TALOS_AUTO_GENERATED>
controlPlane:
endpoint: https://192.168.0.250:6443
clusterName: example
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: <TALOS_AUTO_GENERATED>
aescbcEncryptionSecret: <TALOS_AUTO_GENERATED>
ca:
crt: <TALOS_AUTO_GENERATED>
key: <TALOS_AUTO_GENERATED>
aggregatorCA:
crt: <TALOS_AUTO_GENERATED>
key: <TALOS_AUTO_GENERATED>
serviceAccount:
key: <TALOS_AUTO_GENERATED>
apiServer:
image: k8s.gcr.io/kube-apiserver:v1.23.5
certSANs:
- 192.168.0.241
- example.com
disablePodSecurityPolicy: true
controllerManager:
image: k8s.gcr.io/kube-controller-manager:v1.23.5
proxy:
image: k8s.gcr.io/kube-proxy:v1.23.5
scheduler:
image: k8s.gcr.io/kube-scheduler:v1.23.5
discovery:
enabled: true
registries:
kubernetes: {}
service: {}
etcd:
ca:
crt: <TALOS_AUTO_GENERATED>
key: <TALOS_AUTO_GENERATED>
extraManifests:
- https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
- https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
inlineManifests: []
|
The comments are removed in this example configuration, so as a reference, you can check the official configuration guide, or the initial auto generated file.
Remember, this can only serve you as an example on how a fully working Talos control plane node is configured. You can see a detailed explanation about the enabled features by following the links above.
