This repository contains tooling that helps with setting up a Talos Linux Kubernetes cluster for developing and evaluating Supernetes. More specifically, the tools help with
- creating an unprovisioned Talos Linux cluster in CSC's cPouta OpenStack environment, and
- bootstrapping an unprovisioned Talos Linux cluster using talos-bootstrap.
Both steps can be invoked individually, so you don't need to run Talos Linux on cPouta if you just need to bootstrap Supernetes on it.
The scripts assume a standard set of tooling that are provided in a container built from this repo. Podman or Docker is required to be present on the host. Build, start and enter the container simply by issuing
./containerFor utilities available in the container, please see the Dockerfile. Some tools are also installed during the Configuration step.
Start by logging into cPouta and selecting the right project from the top left. The project must have sufficient resources available for running VMs.
Warning
Please choose an empty project, all existing resources may be automatically deleted as part of the idempotency!
Then, click on your username from the top right and select OpenStack RC File. This will give you a file named project_1234567-openrc.sh which will be used by the scripts for API access. Save it into the work directory, which is used as the working directory of the container.
Next, since cPouta only hands out ephemeral IPv4 addresses, we need to set up Dynamic DNS (DDNS) for the cluster. This can be done using external services, such as dy.fi (Finland-only), or any other service supported by ddclient. A configuration template is provided in ddclient.template.conf. Copying this file to ddclient.conf and filling it out will set up automatic dynamic DNS reconciliation in the cluster during bring-up.
Finally, inside the container, run
. project_1234567-openrc.sh # Load the configuration, you might need to log in
talosctl gen secrets # Generate Talos secrets (one-time)
./cpouta up # Bring up the VMsThe nodes should now be running with the baseline configuration, and ready to be fully configured with talos-bootstrap.
Important
If using dynamic DNS, the cPouta tooling will automatically register the DDNS FQDN as a SAN for the cluster certificate. To preserve access after running talos-bootstrap, it must be fed a configuration patch that looks as follows:
machine:
certSANs:
- cluster.example.com # Add DNS FQDN as SAN to cluster certThe full configuration is applied using talos-bootstrap, which is provided as a submodule in this repo.
-
Edit the configuration file
work/supernetes-cluster.yamland change the pathcontrolplane/recordto point to the Talos/Kubernetes endpoint address (public IP in case of cPouta). -
Inside the container, run
bootstrap supernetes-cluster.yaml
and wait for the bootstrap process to finish. Your cluster should now be configured with FluxCD automatically reconciling in the Supernetes controller.
Refer to the documentation of talos-bootstrap for details, such as how to apply patches and additional manifests etc.
Important
Don't forget to additionally apply the Supernetes controller configuration Secret (see the configuration section in the Supernetes repository) with kubectl apply -f controller.yaml.
- Dennis Marttinen (@twelho)