From 2d3ed6cd4e6e9261aa4658d1af6d837c7a245113 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Mon, 15 Sep 2025 16:51:34 +0200
Subject: [PATCH] feat: added talos-linux basics

---
 docs/talos-linux/basics.md | 84 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 docs/talos-linux/basics.md

diff --git a/docs/talos-linux/basics.md b/docs/talos-linux/basics.md
new file mode 100644
index 0000000..d9a6be7
--- /dev/null
+++ b/docs/talos-linux/basics.md
@@ -0,0 +1,84 @@
+# Install a Loadbalancer (MetalLB) and Ingress Controller (Nginx or Traefik) on a default Talos Linux cluster
+
+## MetalLB
+
+### Install
+
+```shell
+# add repo and install
+helm repo add metallb https://metallb.github.io/metallb
+helm repo update
+helm install metallb metallb/metallb -n metallb-system --create-namespace --wait
+
+# fix pod security for speaker pods
+kubectl label namespace metallb-system pod-security.kubernetes.io/enforce=privileged
+kubectl label namespace metallb-system pod-security.kubernetes.io/audit=privileged
+kubectl label namespace metallb-system pod-security.kubernetes.io/warn=privileged
+
+# restart speaker daemonset
+kubectl rollout restart daemonset/metallb-speaker -n metallb-system
+```
+
+### Configure
+
+```shell
+cat <<EOF | kubectl apply -f -
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: nginx-ingress-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 10.8.15.175/32
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: nginx-ingress-pool
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - nginx-ingress-pool
+EOF
+```
+
+## Install Nginx (option 1)
+
+### Install
+
+```shell
+
+# add worker labels (if needed)
+kubectl label node w-01 node-role.kubernetes.io/worker=""
+kubectl label node w-02 node-role.kubernetes.io/worker=""
+kubectl label node w-03 node-role.kubernetes.io/worker=""
+
+# install nginx-ingress
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+helm install ingress-nginx ingress-nginx/ingress-nginx \
+  -n ingress-nginx --create-namespace \
+  --set controller.service.type=LoadBalancer \
+  --set controller.nodeSelector."node-role\.kubernetes\.io/worker"=""
+```
+
+## Install Traefik (option 2)
+
+### Configure and Install
+
+```shell
+cat <<EOF > traefik-values.yaml
+service:
+  type: LoadBalancer
+nodeSelector:
+  node-role.kubernetes.io/worker: ""
+additionalArguments:
+  - "--certificatesresolvers.letsencrypt.acme.email=your-email@domain.com"
+  - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
+  - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
+EOF
+
+helm install traefik traefik/traefik -n traefik-system --create-namespace -f traefik-values.yaml
+```