CozyStack

🚀 Home Lab to the Moon and Back

Validating ARM64 Kubernetes in the cloud before committing to bare-metal hardware

🎯 Mission

Transform a 128°F office space heater into an ARM64-first cloud deployment:

✅ Talos Linux with WebAssembly + Tailscale subnet router
✅ AWS validation before hardware purchase
✅ Budget-conscious: <$0.10/month baseline, <$15/month testing
✅ Live demo at CozySummit Virtual 2025 (December 3)

🏗️ Key Decisions

Architectural decisions documented in ADRs:

🗿 ARM64 Architecture

Cloud-first validation before bare-metal investment

ADR-001 →

🧪 Test-Driven Generation

Systematic validation prevents CI debugging cycles

ADR-002 →

📝 Git-Generated Patches

Proper patch generation using Git tools

ADR-003 →

🏗️ Role-Based Images

Separate compute and gateway variants for reliable cluster formation

ADR-004 →

🚀 Current Status

⚠️ Pre-Demo Development Phase

This project is under active development for CozySummit Virtual 2025 (December 3). A complete quick start guide will be available after the demo.

Available Now

Custom ARM64 Talos Images:

ghcr.io/urmanac/talos-cozystack-spin-only - Compute nodes: WebAssembly runtime only
ghcr.io/urmanac/talos-cozystack-spin-tailscale - Gateway nodes: WebAssembly + Tailscale subnet router

These role-based OCI images solve cluster formation issues by preventing Tailscale configuration conflicts.

These are pure “matchbox” and “talos” OCI images compatible with:

Docker/Podman for local testing
talm (Helm-like for Talos Linux)
talos-bootstrap from CozyStack project

Development Validation

# Validate build pipeline and patches
./validate-complete.sh
./validate-patch.sh

Full deployment guide coming post-demo 🎯

🎯 Project Status

✅ Completed (November 2025): ARM64 Talos builds, CI/CD pipeline, container images, TDG methodology, ADR documentation

🎯 Demo Goals (December 3, 2025): Live WebAssembly demo, VPC subnet router access, cost transparency, home lab transition strategy

💰 Cost Analysis

Phase	Monthly Cost	Purpose
Baseline	<$0.10	Idle infrastructure monitoring
Validation	<$15	Active ARM64 testing on t4g instances
Demo	Variable	Live presentation resources

Smart Validation Strategy: Test architecture in cloud before $400-800 hardware investment.

Full Cost Analysis →

🛠️ Development with TDG

Our Test-Driven Generation approach replaces trial-and-error with systematic validation:

🔍 Understand → 🧪 Test → ✅ Validate → 🚀 Generate → 📚 Document

Results:

Before TDG: 15+ failed commits, hours of CI debugging
After TDG: 3 clean commits, working solutions

Learn TDG Methodology →

📚 Documentation

📖 Complete Documentation - Comprehensive guides and references
🏗️ Architecture Decisions - Formal ADRs with rationale
🧪 TDG Success Story - Methodology implementation journey
💵 Cost Planning - Financial analysis and projections

🌟 Core Stack

🏗️ CozyStack Platform

Our “batteries included” Kubernetes distribution that handles the complexity of cloud-native deployments. CozyStack integrates Helm, Flux, and a comprehensive suite of ARM64-ready cloud-native technologies, providing a complete platform experience. Runs exclusively on Talos Linux for maximum simplicity and reliability.

🐧 Talos Linux Foundation

The immutable, API-driven container OS that serves as CozyStack’s foundation. Talos’s simplicity and robust ARM64 support make it the natural choice for this architecture. Our custom Talos images include WebAssembly and Tailscale extensions, demonstrating practical extension building patterns for specialized deployments.

⚡ WebAssembly (Spin) Runtime

The answer to “what happens when you lose fancy virtualization on Raspberry Pi?” WebAssembly enables serverless patterns that scale to zero, driving costs down while WASM’s sandbox acts as a forcing function against complex Rube Goldberg architectures. This is microservices done right - better composability, system simplicity, and well-defined interfaces. WASM’s sandboxed nature aligns perfectly with Talos’s isolated/immutable design.

☁️ AWS Graviton Validation

Cloud-first validation using ARM64 Graviton instances provides access to advanced CPU features and virtualization extensions to exceed home lab capabilities. Enables apples-to-apples comparisons and advanced experiments that would otherwise require much »$500-800 (substantial) hardware investments, through cheap (sometimes free!) cloud hardware. Cost strategy: Time-boxed experiments with clear outcomes, aggressive resource cleanup between rounds.

🔌 Tailscale Subnet Router Architecture

Our Tailscale integration runs as a subnet router (not mesh) to bridge AWS VPC private networking with home lab access:

Single subnet router node: One Talos node provides VPC access via Tailscale
VPC network access: Connect to AWS private IPv4 networks (10.20.0.0/16)
CNI pod network: Access Kubernetes pod CIDR through existing CNI (Kube-OVN/Cilium)
Service network: Reach MetalLB load balancers in ARP mode within the same VPC
Home lab bridge: Optional second subnet router on bastion host for non-privileged access

This preserves CozyStack’s existing CNI while adding secure VPN access to the entire VPC subnet topology.