From b40c7ede659fcaccc6e64bba04e00e3f98b5131e Mon Sep 17 00:00:00 2001
From: Aleksei Sviridkin <f@lex.la>
Date: Thu, 11 Jun 2026 16:09:16 +0300
Subject: [PATCH] docs(talos): warn against changing op: on the machine files
 block

Talos rejects op: create for files outside /var, so the lvm.conf
customization must stay op: overwrite. A wrong op fails the
WriteUserFiles boot step and reboot-loops the node with an opaque
"bootstrap is not available yet".

Assisted-By: Claude <noreply@anthropic.com>
Signed-off-by: Aleksei Sviridkin <f@lex.la>
---
 content/en/docs/next/install/kubernetes/talos-bootstrap.md | 4 ++++
 content/en/docs/next/install/kubernetes/talosctl.md        | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/content/en/docs/next/install/kubernetes/talos-bootstrap.md b/content/en/docs/next/install/kubernetes/talos-bootstrap.md
index ba9598b5..e28c27ab 100644
--- a/content/en/docs/next/install/kubernetes/talos-bootstrap.md
+++ b/content/en/docs/next/install/kubernetes/talos-bootstrap.md
@@ -102,6 +102,10 @@ talos-bootstrap --help
         - 10.96.0.0/16
     ```
 
+    {{% alert title="Do not change op: on these entries" color="warning" %}}
+    Talos rejects `op: create` for any file outside `/var` with `create operation not allowed outside of /var` — the only exception is the special-cased `/etc/cri/conf.d/20-customization.part`. Because `/etc/lvm/lvm.conf` already exists on the node, it must use `op: overwrite`. Changing the op (or pointing `create` at another `/etc` path) fails the `WriteUserFiles` boot step: the node pauses and reboots on a loop, and `talosctl bootstrap` reports only `bootstrap is not available yet` with no obvious cause.
+    {{% /alert %}}
+
 1.  Make another configuration patch file `patch-controlplane.yaml` with settings exclusive to control plane nodes:
 
     ```yaml
diff --git a/content/en/docs/next/install/kubernetes/talosctl.md b/content/en/docs/next/install/kubernetes/talosctl.md
index 6f979cb2..8932bdb6 100644
--- a/content/en/docs/next/install/kubernetes/talosctl.md
+++ b/content/en/docs/next/install/kubernetes/talosctl.md
@@ -126,6 +126,10 @@ Discovered open port 50000/tcp on 192.168.123.13
         - 10.96.0.0/16
     ```
 
+    {{% alert title="Do not change op: on these entries" color="warning" %}}
+    Talos rejects `op: create` for any file outside `/var` with `create operation not allowed outside of /var` — the only exception is the special-cased `/etc/cri/conf.d/20-customization.part`. Because `/etc/lvm/lvm.conf` already exists on the node, it must use `op: overwrite`. Changing the op (or pointing `create` at another `/etc` path) fails the `WriteUserFiles` boot step: the node pauses and reboots on a loop, and `talosctl bootstrap` reports only `bootstrap is not available yet` with no obvious cause.
+    {{% /alert %}}
+
 1.  Make another configuration patch file `patch-controlplane.yaml` with settings exclusive to control plane nodes:
 
     Note that VIP address is used for `machine.network.interfaces[0].vip.ip`: