Talos Linux cluster on Raspberry Pi hardware, provisioned with OpenTofu.
| Node | Board | Role | IP | Storage |
|---|---|---|---|---|
| — | — | VIP (cluster API) | 192.168.1.10 |
— |
| rpi5b-cp-01 | Raspberry Pi 5 16GB | Control plane | 192.168.1.11 |
SD card + 2× 2TB SATA SSD via Radxa Penta HAT |
| rpi4b-wk-01 | Raspberry Pi 4B 8GB | Worker | 192.168.1.12 |
SD card + 500GB USB SSD |
| cm5-wk-01 | Raspberry Pi CM5 8GB | Worker | 192.168.1.13 |
256GB NVMe |
| cm5-wk-02 | Raspberry Pi CM5 8GB | Worker | 192.168.1.14 |
256GB NVMe |
make allThis uploads schematics to factory.talos.dev and downloads the
metal-arm64.raw.xz images into images/.
xz -d images/talos-<rpi5b|rpi4b>.raw.xz
diskutil list
diskutil unmountDisk /dev/diskX
sudo dd if=images/talos-<rpi5b|rpi4b>.raw of=/dev/rdiskX bs=4M
diskutil eject /dev/diskXInsert the SD card into the device and power on.
-
Hold the BOOT button on the NanoCluster adapter board.
-
Connect USB-C from the adapter to your host machine.
-
Run
sudo rpiboot. The eMMC appears as a USB mass storage device. -
Flash:
xz -d images/talos-cm5.raw.xz diskutil list diskutil unmountDisk /dev/diskX sudo dd if=images/talos-cm5.raw of=/dev/rdiskX bs=4M diskutil eject /dev/diskX
cd talos/
tofu init
tofu apply
tofu output -raw kubeconfig > $HOME/.kube/config
tofu output -raw talosconfig > $HOME/.talos/configKubelet server certificate rotation is enabled. Kubernetes does not auto-approve kubelet serving CSRs, so they must be approved manually after bootstrap:
kubectl get csr
kubectl certificate approve <csr-name>This is required for kubectl exec, kubectl logs, and kubectl port-forward to work.
CSRs will need re-approving when they rotate (~1 year). TODO:
kubelet-csr-approver in ArgoCD