From 893098a754c5dafc7266dc3a90fa2a6110fdeae1 Mon Sep 17 00:00:00 2001 From: Aleksei Sviridkin Date: Thu, 11 Jun 2026 16:09:16 +0300 Subject: [PATCH 1/2] docs(talos): warn against changing op: on the machine files block Talos rejects op: create for files outside /var, so the lvm.conf customization must stay op: overwrite. A wrong op fails the WriteUserFiles boot step and reboot-loops the node with an opaque "bootstrap is not available yet". Assisted-By: Claude Signed-off-by: Aleksei Sviridkin --- content/en/docs/next/install/kubernetes/talos-bootstrap.md | 4 ++++ content/en/docs/next/install/kubernetes/talosctl.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/content/en/docs/next/install/kubernetes/talos-bootstrap.md b/content/en/docs/next/install/kubernetes/talos-bootstrap.md index ba9598b5..e28c27ab 100644 --- a/content/en/docs/next/install/kubernetes/talos-bootstrap.md +++ b/content/en/docs/next/install/kubernetes/talos-bootstrap.md @@ -102,6 +102,10 @@ talos-bootstrap --help - 10.96.0.0/16 ``` + {{% alert title="Do not change op: on these entries" color="warning" %}} + Talos rejects `op: create` for any file outside `/var` with `create operation not allowed outside of /var` — the only exception is the special-cased `/etc/cri/conf.d/20-customization.part`. Because `/etc/lvm/lvm.conf` already exists on the node, it must use `op: overwrite`. Changing the op (or pointing `create` at another `/etc` path) fails the `WriteUserFiles` boot step: the node pauses and reboots on a loop, and `talosctl bootstrap` reports only `bootstrap is not available yet` with no obvious cause. + {{% /alert %}} + 1. Make another configuration patch file `patch-controlplane.yaml` with settings exclusive to control plane nodes: ```yaml diff --git a/content/en/docs/next/install/kubernetes/talosctl.md b/content/en/docs/next/install/kubernetes/talosctl.md index 6f979cb2..8932bdb6 100644 --- a/content/en/docs/next/install/kubernetes/talosctl.md +++ b/content/en/docs/next/install/kubernetes/talosctl.md @@ -126,6 +126,10 @@ Discovered open port 50000/tcp on 192.168.123.13 - 10.96.0.0/16 ``` + {{% alert title="Do not change op: on these entries" color="warning" %}} + Talos rejects `op: create` for any file outside `/var` with `create operation not allowed outside of /var` — the only exception is the special-cased `/etc/cri/conf.d/20-customization.part`. Because `/etc/lvm/lvm.conf` already exists on the node, it must use `op: overwrite`. Changing the op (or pointing `create` at another `/etc` path) fails the `WriteUserFiles` boot step: the node pauses and reboots on a loop, and `talosctl bootstrap` reports only `bootstrap is not available yet` with no obvious cause. + {{% /alert %}} + 1. Make another configuration patch file `patch-controlplane.yaml` with settings exclusive to control plane nodes: Note that VIP address is used for `machine.network.interfaces[0].vip.ip`: From b4c39ff6036bf3507f5a88bdf7109d2dd87afbea Mon Sep 17 00:00:00 2001 From: Aleksei Sviridkin Date: Mon, 22 Jun 2026 15:23:06 +0300 Subject: [PATCH 2/2] docs(talos): clarify the op: create warning wording Phrase the rejected-create error as a returned error string and replace 'reboots on a loop' with 'enters a reboot loop' for readability. Signed-off-by: Aleksei Sviridkin --- content/en/docs/next/install/kubernetes/talos-bootstrap.md | 2 +- content/en/docs/next/install/kubernetes/talosctl.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/next/install/kubernetes/talos-bootstrap.md b/content/en/docs/next/install/kubernetes/talos-bootstrap.md index e28c27ab..1678b79e 100644 --- a/content/en/docs/next/install/kubernetes/talos-bootstrap.md +++ b/content/en/docs/next/install/kubernetes/talos-bootstrap.md @@ -103,7 +103,7 @@ talos-bootstrap --help ``` {{% alert title="Do not change op: on these entries" color="warning" %}} - Talos rejects `op: create` for any file outside `/var` with `create operation not allowed outside of /var` — the only exception is the special-cased `/etc/cri/conf.d/20-customization.part`. Because `/etc/lvm/lvm.conf` already exists on the node, it must use `op: overwrite`. Changing the op (or pointing `create` at another `/etc` path) fails the `WriteUserFiles` boot step: the node pauses and reboots on a loop, and `talosctl bootstrap` reports only `bootstrap is not available yet` with no obvious cause. + Talos rejects `op: create` for any file outside `/var`, returning the error `create operation not allowed outside of /var` — the only exception is the special-cased `/etc/cri/conf.d/20-customization.part`. Because `/etc/lvm/lvm.conf` already exists on the node, it must use `op: overwrite`. Changing the op (or pointing `create` at another `/etc` path) fails the `WriteUserFiles` boot step: the node pauses and enters a reboot loop, and `talosctl bootstrap` reports only `bootstrap is not available yet` with no obvious cause. {{% /alert %}} 1. Make another configuration patch file `patch-controlplane.yaml` with settings exclusive to control plane nodes: diff --git a/content/en/docs/next/install/kubernetes/talosctl.md b/content/en/docs/next/install/kubernetes/talosctl.md index 8932bdb6..7e9adc94 100644 --- a/content/en/docs/next/install/kubernetes/talosctl.md +++ b/content/en/docs/next/install/kubernetes/talosctl.md @@ -127,7 +127,7 @@ Discovered open port 50000/tcp on 192.168.123.13 ``` {{% alert title="Do not change op: on these entries" color="warning" %}} - Talos rejects `op: create` for any file outside `/var` with `create operation not allowed outside of /var` — the only exception is the special-cased `/etc/cri/conf.d/20-customization.part`. Because `/etc/lvm/lvm.conf` already exists on the node, it must use `op: overwrite`. Changing the op (or pointing `create` at another `/etc` path) fails the `WriteUserFiles` boot step: the node pauses and reboots on a loop, and `talosctl bootstrap` reports only `bootstrap is not available yet` with no obvious cause. + Talos rejects `op: create` for any file outside `/var`, returning the error `create operation not allowed outside of /var` — the only exception is the special-cased `/etc/cri/conf.d/20-customization.part`. Because `/etc/lvm/lvm.conf` already exists on the node, it must use `op: overwrite`. Changing the op (or pointing `create` at another `/etc` path) fails the `WriteUserFiles` boot step: the node pauses and enters a reboot loop, and `talosctl bootstrap` reports only `bootstrap is not available yet` with no obvious cause. {{% /alert %}} 1. Make another configuration patch file `patch-controlplane.yaml` with settings exclusive to control plane nodes: