# Cluster configuration

> Following [https://www.talos.dev/v1.7](https://www.talos.dev/v1.7)

## Configuration layout
The main talos configuration is in the `controlplane.yaml` and `worker.yaml` files. They contain the configuration for the controlplane and worker nodes as well as the certificates and keys for the cluster. **They cannot be checked into version control**.

Luckily, the boilerplate configuration can be generated with `talosctl gen config ...` and we are not deviating significantly from the defaults. We will only need small patches as described below.

- The main configuration is given by the `controlplane.yaml`, `worker.yaml` and `talosconfig` files. They need to be generated by `talosctl`.
- The patches are in the `patch` directory.
    - Patches applied to **all** nodes are in `common.yaml`.
    - Patches applied


## High-availability setup
For this setup we want to use a virtual IP (VIP) for the controlplane nodes. This only works once etcd is running on at least one of the controlplane nodes.

- Prerequisites:
    ```
    export TALOSCONFIG="talosconfig"
    ```

- Setup a cluster on one node. I chose a vm node.
    ```
    talosctl gen config kluster https://192.168.1.199:6443
    ```
    ```
    talosctl machineconfig patch controlplane.yaml --patch @patch/common.yaml --patch @patch/controlplane.vm.yaml > patched.yaml
    talosctl apply-config --insecure --nodes 192.168.1.199 --file patched.yaml

    talosctl config endpoint 192.168.1.199
    talosctl config node 192.168.1.199
    talosctl bootstrap
    ```

- Now modify the controlplane configuration to use a VIP, by changing all occurrences of the IP address (...199) to the VIP (...222).

- Apply the configuration to the rest of the controlplane nodes.
    ```
    talosctl machineconfig patch controlplane.yaml --patch @patch/common.yaml --patch @patch/controlplane.vm.yaml > patched.yaml
    talosctl apply-config --insecure --nodes 192.168.1.201 --file patched.yaml
    # For the second node as well
    talosctl machineconfig patch controlplane.yaml --patch @patch/common.yaml --patch @patch/controlplane.metal.yaml > patched.yaml
    talosctl apply-config --insecure --nodes 192.168.1.108 --file patched.yaml
    ```

- Also add the new nodes to the talosctl configuration, by manually editing the `endpoints` and `nodes` sections in the `talosconfig` file.

- Finally, get the kubeconfig file.
    ```
    talosctl kubeconfig .
    ```

- Proceed to cluster bootstrapping.