No description
|
|
||
|---|---|---|
| blog/src/posts/2026-06-14-modern-onprem-talos-cluster | ||
| charts/onprem-talos-cluster | ||
| docs | ||
| manifests | ||
| example-values.yaml | ||
| README.md | ||
Project Documentation Index
Welcome to the documentation for the OCI-Managed On-Prem Talos Cluster. This cluster represents a modern, zero-trust approach to bare-metal Kubernetes management.
Documentation Modules
- Architecture Overview
- High-level topology and design principles.
- Tailscale integration and Sidero logic.
- Sidero Infrastructure Setup
- OCI NLB and Tailscale service exposure.
- Provider configuration and environment variables.
- Networking & Bootstrapping
- PXE-over-Tailscale flow.
- OPNsense configuration requirements.
- Tailscale Operator strategy.
- OPNsense Bridge Guide
- DHCP/PXE relay settings.
- Tailscale Subnet Router configuration.
- Firewall rules for SideroLink and TFTP.
- Provisioning & Lifecycle
- CAPI CRD structure.
- Talos configuration patches (SATA/NVME split).
- Upgrade and scaling procedures.
- Security Hardening
- Protecting the Sidero Metadata service.
- Mitigating pod-level config exfiltration.
Quick Start for Engineers
Prerequisites
- Access to the OCI Management Cluster.
clusterctlandtalosctlinstalled locally.- A Tailscale AuthKey (reusable/ephemeral) for new nodes.
Monitoring Provisioning
# Watch servers appearing from on-prem
kubectl get servers.sidero.dev -A
# Watch the CAPI machine state
kubectl get machines -A
# Check Tailnet status
tailscale status
Accessing the Cluster
The cluster API is exposed via the Tailscale Operator. Ensure your local machine is on the same Tailnet and use the generated Kubeconfig:
export KUBECONFIG=onprem-cluster.kubeconfig
kubectl get nodes