docs(install): add documentation for generic Kubernetes deployment

[lexfrei]

Summary

Add comprehensive documentation for deploying Cozystack on non-Talos Kubernetes distributions (k3s, kubeadm, RKE2) using the isp-full-generic bundle introduced in PR cozystack/cozystack#1939.

Changes

• New page: content/en/docs/install/kubernetes/generic.md
• Updated: content/en/docs/install/kubernetes/_index.md to include link to generic guide

Documentation Includes

• Host requirements (packages, services)
• Critical sysctl configuration
• Kubernetes configuration for k3s, kubeadm, and RKE2
• Step-by-step installation instructions
• ConfigMap reference
• Example Ansible playbooks for node preparation and deployment
• Troubleshooting section for common issues

Related

• feat(platform): add support for non-Talos Kubernetes deployments cozystack#1939 (merged) — Added isp-full-generic bundle
• feat: Complete non-Talos Kubernetes support with documentation, deployment tooling, and Helm chart cozystack#1950 — Tracking issue for complete non-Talos support

Test Plan

• Verify Hugo builds without errors
• Review all internal links work correctly
• Test examples on k3s cluster

Summary by CodeRabbit

• Documentation
  • Renamed Kubernetes installation guide to be Talos-agnostic and expanded aliases to include Talos bootstrap/configuration docs
  • Added a comprehensive guide for deploying Cozystack on generic Kubernetes distributions (k3s, kubeadm, RKE2) with prerequisites, sysctl and kube config guidance
  • Reorganized installation options to separate Talos-specific and generic Kubernetes instructions, plus troubleshooting and deployment examples

[netlify]

✅ Deploy Preview for cozystack ready!

Name	Link
🔨 Latest commit	a4321ca
🔍 Latest deploy log	https://app.netlify.com/projects/cozystack/deploys/69808f8a4f60c70008dc82fa
😎 Deploy Preview	https://deploy-preview-408--cozystack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Warning

Rate limit exceeded

@lexfrei has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 53 minutes and 32 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

The PR restructures the Kubernetes installation docs to be distribution-agnostic: it renames and broadens the index page, separates Talos-specific guidance into its own subsection, and adds a comprehensive new guide for deploying Cozystack on generic Kubernetes distributions (k3s, kubeadm, RKE2, etc.).

Changes

Cohort / File(s)	Summary
Kubernetes Installation Index content/en/docs/install/kubernetes/_index.md	Title and description made Talos-agnostic; added distinct subsections for "Talos Linux (Recommended)" and "Generic Kubernetes"; expanded aliases to include Talos docs paths; wording tweaks separating Talos-specific vs generic guidance.
Generic Kubernetes Deployment Guide content/en/docs/install/kubernetes/generic.md	New comprehensive guide (prereqs, sysctl changes, K8s requirements, distro-specific instructions for k3s/kubeadm/RKE2, CRD/operator install, Ansible examples, troubleshooting, monitoring, references).

Sequence Diagram(s)

(omitted — changes are documentation-only and do not introduce new multi-component control flow)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• feat: Complete non-Talos Kubernetes support with documentation, deployment tooling, and Helm chart cozystack#1950: Implements Phase 1 by adding generic Kubernetes installation docs and splitting Talos-specific guidance, matching the issue's request for official generic-K8s documentation.

Poem

🐰 I hopped through docs both old and new,

Split Talos notes and widened the view.
k3s, kubeadm, RKE2 in sight,
Cozystack ready, morning to night.
✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main change: adding documentation for generic Kubernetes deployment. It directly relates to both the new generic.md file and the updated _index.md that links them together.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @lexfrei, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances Cozystack's documentation by providing a dedicated guide for deploying the platform on generic Kubernetes distributions. This expansion allows users to integrate Cozystack with existing Kubernetes clusters or choose non-Talos environments, offering greater flexibility and accessibility beyond the previously recommended Talos Linux setup. The new guide ensures users have all necessary information, from prerequisites to troubleshooting, for a successful deployment.

Highlights

• New Documentation for Generic Kubernetes Deployment: A new comprehensive guide has been added for deploying Cozystack on non-Talos Kubernetes distributions, including k3s, kubeadm, and RKE2.
• Updated Kubernetes Installation Index: The main Kubernetes installation index page has been updated to include a new section and link to the generic Kubernetes deployment guide, broadening the installation options presented to users.
• Detailed Generic Kubernetes Guide Content: The new documentation covers essential aspects such as host requirements, critical sysctl configurations, specific Kubernetes configurations for different distributions, step-by-step Cozystack installation, ConfigMap references, example Ansible playbooks for node preparation and deployment, and a troubleshooting section.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds valuable documentation for deploying Cozystack on generic Kubernetes distributions. The new guide is comprehensive, covering prerequisites, host configuration, Kubernetes setup for different distributions, and installation steps, complete with Ansible examples and a troubleshooting section. The changes are well-structured and clear. I've identified a few areas for improvement in the new documentation to enhance correctness and prevent potential user issues, including a likely version typo, potentially risky sysctl values, and inconsistent network configuration examples.

[gemini-code-assist]

The inotify limits are set to an extremely high and identical value of 2099999999. This is likely a copy-paste error and poses a risk of kernel memory exhaustion, as each watch consumes non-swappable kernel memory. The values for max_user_watches, max_user_instances, and max_queued_events serve different purposes and should not be identical.

It is recommended to use more conventional and safer values, for example:

• fs.inotify.max_user_watches = 524288
• fs.inotify.max_user_instances = 512
• fs.inotify.max_queued_events = 16384

Please update these values in both the 99-cozystack.conf example and the Ansible playbook example (lines 266-268).

Suggested change

	fs.inotify.max_user_watches = 2099999999
	fs.inotify.max_user_instances = 2099999999
	fs.inotify.max_queued_events = 2099999999
	fs.inotify.max_user_watches = 524288
	fs.inotify.max_user_instances = 512
	fs.inotify.max_queued_events = 16384

[lexfrei]

These values are intentional and required for Cozystack.

Cozystack runs FluxCD, multiple controllers, LINSTOR, KubeOVN/Cilium, and nested Kubernetes clusters — all creating massive inotify watch counts. Standard values (524288) cause too many open files errors.

These values were validated in production. They work because:

• Watches are allocated on-demand, not pre-allocated
• Kernel only uses memory for actual watches
• Cozystack architecture genuinely requires high counts

[gemini-code-assist]

The CIDR ranges in the cozystack-config.yaml example are inconsistent with those provided in the kubeadm configuration example. The documentation correctly states that these values must match the Kubernetes cluster configuration. To prevent deployment failures for users following the guide, these examples should be consistent.

• kubeadm config uses podSubnet: "10.244.0.0/16" and serviceSubnet: "10.96.0.0/16".
• cozystack-config.yaml example uses ipv4-pod-cidr: "10.42.0.0/16" and ipv4-svc-cidr: "10.43.0.0/16".

The same inconsistency is present in the Ansible deployment playbook variables (lines 295-296). I suggest aligning the cozystack-config.yaml and Ansible playbook examples with the kubeadm configuration.

Suggested change

	ipv4-pod-cidr: "10.42.0.0/16"
	ipv4-pod-gateway: "10.42.0.1"
	ipv4-svc-cidr: "10.43.0.0/16"
	ipv4-pod-cidr: "10.244.0.0/16"
	ipv4-pod-gateway: "10.244.0.1"
	ipv4-svc-cidr: "10.96.0.0/16"

[lexfrei]

Fixed in 95848e8. Added explicit warning about distribution-specific CIDR defaults:

• k3s: 10.42.0.0/16, 10.43.0.0/16
• kubeadm: 10.244.0.0/16, 10.96.0.0/16
• RKE2: 10.42.0.0/16, 10.43.0.0/16

The example now clearly states it's for k3s, with a note to adjust for other distributions.

[gemini-code-assist]

The supported k3s version v1.32+ appears to be a typo, as this version of Kubernetes (and therefore k3s) has not been released. The latest stable Kubernetes version is v1.30. Please verify and correct the minimum supported k3s version. For consistency with kubeadm and RKE2 in this document, v1.28+ would be a reasonable value.

Suggested change

	- **k3s** v1.32+ (recommended for single-node and edge deployments)
	- **k3s** v1.28+ (recommended for single-node and edge deployments)

[lexfrei]

k3s v1.32+ is correct. Kubernetes 1.32 was released in December 2024, and k3s versions follow Kubernetes releases.

This documentation was written and tested with k3s v1.35 which is current. The v1.32+ requirement reflects the minimum tested version for the isp-full-generic bundle.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@content/en/docs/install/kubernetes/_index.md`:
- Around line 27-29: The phrase "command line" in the third list item should be
hyphenated as "command-line"; update the text in the list item that currently
reads "[Using talosctl]({{% ref \"./talosctl\" %}}), a specialized command line
tool for managing Talos" to use "command-line" so the item reads that talosctl
is "a specialized command-line tool for managing Talos."

In `@content/en/docs/install/kubernetes/generic.md`:
- Around line 97-104: The table separator rows use compact pipes (e.g.
|-----------|-------------|) and trigger MD060; update the separator lines for
both Markdown tables so there are spaces around each pipe (e.g. | ----------- |
------------- |) to satisfy markdownlint. Locate the header/separator rows for
the two tables (the lines immediately under the header row with dashes) and add
a single space before and after each pipe character; keep the dash counts
unchanged so column widths remain the same.

🧹 Nitpick comments (2)

content/en/docs/install/kubernetes/generic.md (2)

166-168: Pin Cozystack manifests to a specific version for reproducible installs.

Using releases/latest can change behavior without notice. Consider pinning to a version and documenting how to upgrade.

♻️ Proposed change (example)

-kubectl apply -f https://github.com/cozystack/cozystack/releases/latest/download/cozystack-crds.yaml
+kubectl apply -f https://github.com/cozystack/cozystack/releases/download/vX.Y.Z/cozystack-crds.yaml

-kubectl apply -f https://github.com/cozystack/cozystack/releases/latest/download/cozystack-operator-generic.yaml
+kubectl apply -f https://github.com/cozystack/cozystack/releases/download/vX.Y.Z/cozystack-operator-generic.yaml

-      kubernetes.core.k8s:
-        src: https://github.com/cozystack/cozystack/releases/latest/download/cozystack-crds.yaml
+      kubernetes.core.k8s:
+        src: https://github.com/cozystack/cozystack/releases/download/vX.Y.Z/cozystack-crds.yaml

-      kubernetes.core.k8s:
-        src: https://github.com/cozystack/cozystack/releases/latest/download/cozystack-operator-generic.yaml
+      kubernetes.core.k8s:
+        src: https://github.com/cozystack/cozystack/releases/download/vX.Y.Z/cozystack-operator-generic.yaml

Also applies to: 217-219, 299-301, 331-333

---

322-327: Document the Ansible collection dependency for ansible.utils.ipaddr.

The filter used to compute ipv4-pod-gateway requires the ansible.utils collection. If it isn’t present, the playbook fails. Please add a note in prerequisites or replace the computation with a static value.

[cheese]

Any possible to automate everything with k3s server manifests? Running steps of commands isn't the k3s way.

[lexfrei]

@cheese in progress. Ansible collection will be published later.