Talos Linux (single-node) on Hetzner Robot servers

How to create a simple single-node Kubernetes cluster on Hetzner Robot

• Siderolabs / Talos Linux OS

• Hetzner Robot

Assumptions

• Existing Hetzner account with access to Robot servers

• Existing Robot server

Step 1: Rescue mode & Talos install

First, go to the Hetzner Robot console and go to the “Rescue” tab. Select and SSH key from your known keys and press “Activate Rescue System”.

The server is now going to restart into the rescue OS, a specialized type of operating system that is used to rescue machines that are broken in some way. We are going to use this to override the filesystem of the machine with Talos Linux.

After a reboot, connect to the machine via SSH, using the “root” user. Now perform the following steps — you might need to update drive names. In this example, I had “nvme0n1” and “nvme1n1”.

# Disable raid
mdadm --stop /dev/md[0-4]

# Wipe disks
sfdisk --delete /dev/nvme[0-1]n1
wipefs -a -f /dev/nvme[0-1]n1

# Download raw talos fs
wget https://github.com/siderolabs/talos/releases/download/v1.7.0/metal-amd64.raw.xz -O /tmp/talos.xz
# Replace system with talos
xz -d -c /tmp/talos.xz | dd of=/dev/nvme0n1

sync
reboot

This script will now reboot the machine with Talos Linux as operating system.

Step 2: Talos bootstrapping

talosctl gen config my-cluster-name https://[INSERT IP HERE]:6443

# Edit the '/dev/sda' drive in the control-plane.yaml to '/dev/nvme0n1'
vi ./control-plane.yaml

talosctl apply-config -f controlplane.yaml -n [INSERT IP HERE] -e [INSERT IP HERE] --insecure
export TALOSCONFIG=./talosconfig
talosctl config endpoint [INSERT IP HERE]
talosctl config node [INSERT IP HERE]
talosctl dashboard
talosctl bootstrap --talosconfig=./talosconfig
talosctl kubeconfig ./kubeconfig

export KUBECONFIG=./kubeconfig

# Optional: Upgrade for ISCSI support (needed for Longhorn)
# --preserve is needed for single-node clusters
talosctl upgrade --image factory.talos.dev/installer/613e1592b2da41ae5e265e8789429f22e121aab91cb4deb6bc3c0b6262961245:v1.7.1 -m powercycle --preserve

# Allow scheduling on control-plane node for single node clusters:
kubectl taint nodes --all node-role.kubernetes.io/control-plane-

Disclaimer

This tutorial is not meant to create production clusters. It is a bare minimal example of how to get started with an affordable, single-node Kubernetes cluster on a dedicated Hetzner machine. For production use-cases you will need HA for control-plane and workers, verifying checksums when downloading files, additional firewall configurations etc. etc.

Happy hacking.