Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt

Use this file to discover all available pages before exploring further.

In this guide, we will create an HA Kubernetes cluster in OVHCloud with 1 worker node. We will assume an existing some familiarity with OpenStack. If you need more information on OpenStack specifics, please see the official OVHCloud documentation.

Environment setup

You should have an existing openrc file. This file will provide environment variables necessary to talk to your OVHCloud. See here for instructions on fetching this file. Set environment variables: 
export PRIVATE_NETWORK_NAME=private-network-001
export SUBNET_NAME=subnet-001
export SUBNET_CIDR=10.0.0.0/16
export GATEWAY_NAME=gateway-001
export COMPUTE_FLAVOR_NAME=b3-8
export IMAGE_NAME=talos
export LOADBALANCER_NAME=loadbalancer-001
export LOADBALANCER_FLAVOR_NAME=small

Step 1. Create the image

First, download the OpenStack image from Image Factory. These images are called openstack-$ARCH.raw.xz. Decompress this file with unxz openstack-$ARCH.raw.xz. The resulting file will be called openstack-$ARCH.raw.

Upload the image

Once you have the image, you can upload to OpenStack with: 
openstack image create $IMAGE_NAME \
  --disk-format raw \
  --file openstack-amd64.raw \
  --progress

Step 2. Network infrastructure (Optional)

If you have an existing network infrastructure, you can skip this step. If not, you can follow the instructions below to create the necessary network infrastructure for your cluster. We will create a private network, subnet, and gateway for our cluster. This will allow our cluster to communicate with the outside world and with each other.

Private network, subnet, gateway

# Create private network
openstack network create \
  --provider-network-type vrack \
  --provider-segment 1 \
  --mtu 1500 \
  --enable-port-security \
  --internal \
  $PRIVATE_NETWORK_NAME

export PRIVATE_NETWORK_ID=$(openstack network show $PRIVATE_NETWORK_NAME -f value -c id)

# Create subnet
openstack subnet create \
  --network $PRIVATE_NETWORK_ID \
  --subnet-range $SUBNET_CIDR \
  --dns-nameserver 1.1.1.1 \
  --dns-nameserver 8.8.8.8 \
  $SUBNET_NAME

# Create Gateway
openstack router create $GATEWAY_NAME --external-gateway Ext-Net 

# Add the subnet to the router
openstack router add subnet \
  $GATEWAY_NAME \
  $SUBNET_NAME

Security groups

This example uses the default security group in OpenStack. Ports have been opened to ensure that connectivity from both inside and outside the group is possible. You will want to allow, at a minimum, ports 6443 (Kubernetes API server) and 50000 (Talos API) from external sources. It is also recommended to allow communication over all ports from within the subnet.

Step 3. Compute

Once the image is uploaded and the network infrastructure is in place, we can create our compute instances. We will create 3 control plane nodes. 
# Create control planes 2 and 3, substituting the same info.
for i in $( seq 1 3 ); do
  openstack server create talos-control-plane-$i --flavor $COMPUTE_FLAVOR_NAME --nic net-id=$PRIVATE_NETWORK_ID --image $IMAGE_NAME
done
We have now created our compute instances, but we still need to add floating IPs to allow for communication with the control plane nodes. 
# Create floating IPs and associate them with the control plane nodes
for i in $( seq 1 3 ); do
  openstack floating ip create --port $(openstack port list --server talos-control-plane-$i -f value -c ID) Ext-Net
done

Load balancer

Once the compute instances are created, we need to create a load balancer to load balance traffic to the control plane nodes. Running the following commands can take a few minutes to complete as the load balancer is being provisioned. 
# Create a Load Balancer
export SUBNET_ID=$(openstack subnet show $SUBNET_NAME -f value -c id)
openstack loadbalancer create --name $LOADBALANCER_NAME --vip-subnet-id $SUBNET_ID --flavor $LOADBALANCER_FLAVOR_NAME --wait
openstack floating ip create --port $(openstack loadbalancer show $LOADBALANCER_NAME -f value -c VIP_PORT_ID) Ext-Net

# Create a listener for the load balancer
openstack loadbalancer listener create --name talos-control-plane-listener --protocol TCP --protocol-port 6443 $LOADBALANCER_NAME --wait

# Create a pool and health monitor for the load balancer
openstack loadbalancer pool create --name talos-control-plane-pool --lb-algorithm ROUND_ROBIN --listener talos-control-plane-listener --protocol TCP --wait
openstack loadbalancer healthmonitor create --delay 5 --max-retries 4 --timeout 10 --type TCP talos-control-plane-pool

# Add members to the load balancer pool, substituting the private IPs of the control plane nodes and the protocol port (6443)
for i in $( seq 1 3 ); do
  openstack loadbalancer member create --subnet-id $SUBNET_ID --address $(openstack floating ip list --port $(openstack port list --server talos-control-plane-$i -f value -c ID) -f value -c "Floating IP Address") --protocol-port 6443 talos-control-plane-pool --wait
done

Step 4. Cluster configuration

Now that we have our compute instances and load balancer set up, we can generate our cluster configuration files with talosctl. We need to get the Public IP of the Load Balancer as this is our Kubernetes API endpoint, and the Public IPs of the control plane nodes as addional-sans for the API certificate. 
# Get the Public IP of the Load Balancer
export LOADBALANCER_VIP=$(openstack floating ip list --port $(openstack loadbalancer show $LOADBALANCER_NAME -f value -c VIP_PORT_ID) -f value -c "Floating IP Address")

# Get the Public IPs of the control plane nodes
for i in $( seq 1 3 ); do
  export CP${i}_IP=$(openstack floating ip list --port $(openstack port list --server talos-control-plane-$i -f value -c ID) -f value -c "Floating IP Address")
done
Generate the cluster configuration file, substituting the Load Balancer VIP and control plane IPs as additional SANs for the API certificate. 
talosctl gen config talos-ovhcloud https://$LOADBALANCER_VIP:6443 \
  --additional-sans $CP1_IP,$CP2_IP,$CP3_IP

Step 5. Applying configuration and bootstrapping the cluster

With our configuration file generated, we can now apply it to our control plane nodes and bootstrap the cluster. 
# Apply the configuration to the control plane nodes, substituting the Public IPs of the control plane nodes.
for i in $(seq 1 3); do
  CP_NODE="CP${i}_IP"
  talosctl apply-config -f controlplane.yaml --insecure -n "${!CP_NODE}"
done

# Bootstrap the cluster using one of the control plane nodes
talosctl bootstrap -n $CP1_IP -e $CP1_IP --talosconfig talosconfig
Export the TALOSCONFIG environment variable to point to the talosconfig file. This will allow you to interact with your cluster using talosctl without having to specify the --talosconfig flag every time. 
export TALOSCONFIG=$(pwd)/talosconfig
Update the talosconfig file with the endpoints and node information for one of the control plane nodes: 
for i in $(seq 1 3); do
  CP_NODE="CP${i}_IP"
  talosctl config endpoint "${!CP_NODE}"
done

talosctl config node $CP1_IP
You should now be able to interact with your cluster with talosctl.

Step 6. Retrieve the kubeconfig

At this point we can retrieve the admin kubeconfig by running: 
talosctl kubeconfig .

Step 7. Add worker nodes to the cluster

# Create worker node with the user data file
openstack server create talos-worker-1 --flavor $COMPUTE_FLAVOR_NAME --nic net-id=$PRIVATE_NETWORK_ID --image $IMAGE_NAME --user-data /path/to/worker.yaml