mirror of
https://github.com/siderolabs/talos.git
synced 2025-08-21 14:41:12 +02:00
655aaa3149
This will allow us to iterate faster on documentation for multiple versions of Talos. Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
1.7 KiB
1.7 KiB
title
| title |
|---|
| v1alpha1 Usage |
Talos enforces a high level of security by using mutual TLS for authentication and authorization.
We recommend that the configuration of Talos be performed by a cluster owner. A cluster owner should be a person of authority within an organization, perhaps a director, manager, or senior member of a team. They are responsible for storing the root CA, and distributing the PKI for authorized cluster administrators.
Generate base configuration
We can generate a basic configuration using osctl.
This configuration is enough to get started with, however it can be customized as needed.
osctl config generate --version v1alpha1 <cluster name> <master ip>[,<master ip>...]
This command will generate a yaml config per master node, a worker config, and a talosconfig.
Example of generated master-1.yaml
osctl config generate --version v1alpha1 cluster.local 1.2.3.4,2.3.4.5,3.4.5.6
version: v1alpha1
machine:
type: init
token: hmh6z7.nzk7is2wobd9zlgh
ca:
crt: LS0tLS1CRUd...
key: LS0tLS1CRUd...
kubelet: {}
network: {}
cluster:
controlPlane:
ips:
- 1.2.3.4
- 2.3.4.5
- 3.4.5.6
clusterName: cluster.local
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: ndg6bi.cfj4sk82nddtr2hv
ca:
crt: LS0tLS1CR...
key: LS0tLS1CR...
apiServer:
certSANs:
- 127.0.0.1
- ::1
- 1.2.3.4
- 2.3.4.5
- 3.4.5.6
controllerManager: {}
scheduler: {}
etcd: {}
The above configuration can be customized as needed by using the following reference guide.