Multi-Location Clusters on Cozystackhttps://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/multi-location/Recent content in Multi-Location Clusters on CozystackHugoenNetworking Meshhttps://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/multi-location/networking-mesh/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/multi-location/networking-mesh/<p>Kilo creates a WireGuard mesh between cluster locations. When running with Cilium, it uses IPIP encapsulation routed through Cilium&rsquo;s VxLAN overlay so that traffic between locations works even when the cloud network blocks raw IPIP (protocol 4) packets.</p> <h2 id="select-the-cilium-kilo-networking-variant">Select the cilium-kilo networking variant</h2> <p>During platform setup, select the <strong>cilium-kilo</strong> networking variant. This deploys both Cilium and Kilo as an integrated stack with the required configuration:</p> <h2 id="how-it-works">How it works</h2> <ol> <li>Kilo runs in <code>--local=false</code> mode &ndash; it does not manage routes within a location (Cilium handles that)</li> <li>Kilo creates a WireGuard tunnel (<code>kilo0</code>) between location leaders</li> <li>Non-leader nodes in each location reach remote locations through IPIP encapsulation to their location leader, routed via Cilium&rsquo;s VxLAN overlay</li> <li>The leader decapsulates IPIP and forwards traffic through the WireGuard tunnel</li> <li>Cilium&rsquo;s <code>enable-ipip-termination</code> option creates the <code>cilium_tunl</code> interface (kernel&rsquo;s <code>tunl0</code> renamed) that Kilo uses for IPIP TX/RX &ndash; without it, the kernel detects TX recursion on the tunnel device</li> </ol> <h2 id="talos-machine-config-for-cloud-nodes">Talos machine config for cloud nodes</h2> <p>Cloud worker nodes must include Kilo annotations in their Talos machine config:</p>Local Cloud Controller Managerhttps://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/multi-location/local-ccm/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-470--cozystack.netlify.app/docs/v1/operations/multi-location/local-ccm/<p>The <code>local-ccm</code> package provides a lightweight cloud controller manager for self-managed clusters. It handles node IP detection and node lifecycle without requiring an external cloud provider.</p> <h2 id="what-it-does">What it does</h2> <ul> <li><strong>External IP detection</strong>: Detects each node&rsquo;s external IP via <code>ip route get</code> (default target: <code>8.8.8.8</code>)</li> <li><strong>Node initialization</strong>: Removes the <code>node.cloudprovider.kubernetes.io/uninitialized</code> taint so pods can be scheduled</li> <li><strong>Node lifecycle controller</strong> (optional): Monitors NotReady nodes via ICMP ping and removes them after a configurable timeout</li> </ul> <h2 id="install">Install</h2> <div class="highlight"><pre tabindex="0" style="background-color:#f0f0f0;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>cozypkg add cozystack.local-ccm </span></span></code></pre></div><h2 id="talos-machine-config">Talos machine config</h2> <p>All nodes in the cluster (including control plane) must have <code>cloud-provider: external</code> set so that kubelet defers node initialization to the cloud controller manager:</p>