Mission: Deploy CozyStack on ARM64 using Talm (Talos GitOps Manager)
Date: December 2, 2025
Target: Full CozyStack cluster for tomorrow's demo
We're deploying a complete CozyStack cluster on ARM64 using Talm instead of raw talosctl. This approach will give us:
- ✅ Proper discovery-based hardware configuration
- ✅ GitOps-friendly patch management
- ✅ Clean node configs without default CNI
- ✅ CozyStack-ready bare metal configuration
We'll first deploy a single Talos node in maintenance mode using our existing script, then use Talm to discover and configure it properly.
# Run from local machine
export AWS_PROFILE=sb-terraform-mfa-session
./simple-talos-launch.shThis creates a single ARM64 node at 10.10.1.119 that we can interrogate with Talm.
# SSH to bastion
ssh ec2-user@10.10.1.100
# Install Talm
curl -sSL https://github.com/cozystack/talm/raw/refs/heads/main/hack/install.sh | sh -s
# Verify installation
talm version# On bastion host
mkdir cozystack-cluster
cd cozystack-cluster
talm init -p cozystackThis creates:
templates/directory with CozyStack-specific Talos templates- Base project structure for GitOps management
# Gather node information from our deployed node
talm -n 10.10.1.119 -e 10.10.1.119 template -t templates/controlplane.yaml -i > nodes/node1.yamlThis will:
- Connect to the Talos node at 10.10.1.119
- Discover hardware (disks, network interfaces, etc.)
- Generate a node-specific configuration file
- Include commented hardware discovery for reference
The generated nodes/node1.yaml will contain:
- Discovered Network Interfaces: AWS EC2 ARM64 networking setup
- Discovered Disks: EBS volumes and local storage
- Base CozyStack Configuration: Templates for bare node setup
Edit nodes/node1.yaml to:
- Set correct cluster endpoint:
https://10.10.1.119:6443 - Configure registry mirrors (our existing 5-mirror setup)
- Ensure no default CNI (CozyStack will provide this)
- Set custom install image if needed
# Apply the discovered and customized configuration
talm apply -f nodes/node1.yaml -i# Bootstrap the cluster using Talm
talm bootstrap -f nodes/node1.yamlOnce we have a clean Talos cluster with proper bare node configuration:
talm kubeconfig -f nodes/node1.yaml# Install CozyStack on the clean cluster
kubectl apply -f https://raw.githubusercontent.com/cozystack/cozystack/main/packages/system/cozystack/manifests.yaml- Clean ARM64 Talos Node: Properly discovered hardware configuration
- CozyStack-Ready Cluster: No conflicting CNI, clean for CozyStack installation
- GitOps Managed: All configuration stored in version-controllable files
- Demo Ready: Full CozyStack platform on ARM64 for tomorrow's presentation
- Hardware Discovery: Talm automatically detects and configures hardware
- Template-Based: Uses CozyStack-specific templates instead of generic Talos
- GitOps Ready: Configuration files can be committed and versioned
- Clean State: No default Kubernetes components that conflict with CozyStack
- Instance Created:
i-071d53eed6d0978daat10.10.1.119 - Endpoint:
https://10.10.1.119:6443 - Files Generated:
talosconfig,controlplane.yaml,worker.yaml - Status: Ready for Talm discovery
The node deployed with our script is not in maintenance mode - it's a pre-configured node waiting for bootstrap!
Problem: Talm requires maintenance mode nodes for hardware discovery Solution: Two paths forward:
Use existing talosctl approach since we have valid configs:
# Copy talosconfig to bastion
scp talosconfig ec2-user@10.10.1.100:~/
# On bastion: Bootstrap existing cluster
export TALOSCONFIG=~/talosconfig
talosctl config endpoint 10.10.1.119
talosctl config nodes 10.10.1.119
talosctl bootstrap
talosctl health
# Get kubeconfig and proceed with CozyStack
talosctl kubeconfig .
export KUBECONFIG=$(pwd)/kubeconfig
kubectl get nodesModify launch script to deploy maintenance-mode nodes that Talm can discover.
Recommendation: Use Path A for tomorrow's demo, document Path B for future proper Talm workflow.
Problem: boot-to-talos kexec failing due to memfd_create userspace/kernel mismatch Solution: Deploy official Talos AMI directly in maintenance mode
New Strategy:
- Skip boot-to-talos entirely - use official Talos ARM64 AMI
- Boot into maintenance mode by default
- Use Talm to configure with CozyStack image via machine configs
- Apply custom install image through Talm templates
Commands for immediate attempt:
# Find official Talos ARM64 AMI
aws ec2 describe-images --region eu-west-1 --owners 540036508848 \
--filters "Name=name,Values=talos-v1.11.5-arm64" \
--query 'Images[0].ImageId' --output text
# Deploy directly into maintenance mode (no custom image needed initially)
# Then use Talm to configure the custom CozyStack image- Install Talm:
ssh ec2-user@10.10.1.100
curl -sSL https://github.com/cozystack/talm/raw/refs/heads/main/hack/install.sh | sh -s- Initialize Talm Project:
mkdir cozystack-cluster && cd cozystack-cluster
talm init -p cozystack- Wait for Talos Node Ready (~3 minutes), then Discover Hardware:
# Test if node is ready
talosctl -n 10.10.1.119 -e 10.10.1.119 health --server=false
# Once ready, discover with Talm
talm -n 10.10.1.119 -e 10.10.1.119 template -t templates/controlplane.yaml -i > nodes/node1.yaml- Review and Customize
nodes/node1.yamlfor CozyStack requirements