docs: edge deploy with csr

Update readme. Add copy past kubectl command tox deploy latest stable version. Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
2026-01-27 10:20:27 +00:00 · 2023-05-11 20:43:18 +03:00
parent bba5b6a74b
commit 3dcea648b0
1 changed files with 27 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -61,12 +61,21 @@ status:

 ## Install

+We need to set the `--cloud-provider=external` flag for each node.
+
+CCM also can approve/sign the [kubelet certificate signing request](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers).
+In this case we need to set flag `--rotate-server-certificates=true`.
+
 ### Prepare control-plane

 On the control-plane you need to allow [API access feature](https://www.talos.dev/v1.2/reference/configuration/#featuresconfig):

 ```yaml
 machine:
+  kubelet:
+    extraArgs:
+      cloud-provider: external
+      rotate-server-certificates: true
  features:
    kubernetesTalosAPIAccess:
      enabled: true
@@ -76,6 +85,16 @@ machine:
        - kube-system
 ```

+### Prepare worker nodes
+
+```yaml
+machine:
+  kubelet:
+    extraArgs:
+      cloud-provider: external
+      rotate-server-certificates: true
+```
+
 ### Method 1: talos machine config

 ```yaml
@@ -88,10 +107,18 @@ cluster:

 ### Method 2: kubectl

+Latest release:
+
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/siderolabs/talos-cloud-controller-manager/main/docs/deploy/cloud-controller-manager.yml
 ```

+Latest stable version (edge):
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/siderolabs/talos-cloud-controller-manager/main/docs/deploy/cloud-controller-manager-edge.yml
+```
+
 ### Method 3: helm chart

 ```shell