Docs
Guide
Talos
Talos

Talos

Talos Linux is a Linux Distribution designed to only serve Kubernetes. It has no SSH or direct console access whatsoever. The only way to administer the OS is by interacting with the talos API.

To install Talos Linux, first download the appropriate ISO image and then boot the system from it. The only thing showing is the Talos Dashboard. To interact with the System a talosconfig is needed, but first a patch.yaml needs to be created. This file contains information specific to the enviroment like the install drive and because we install cilium later, the deactivation of the used CNI will be executed here. Forthermore some configuration for Longhorn (like stated in the Longhorn Docs) is added. The patch.yaml can look like this:

machine:
  install:
    disk: /dev/sdb
    image: factory.talos.dev/metal-installer/36cd6536eaec8ba802be2d38974108359069cedba8857302f69792b26b87c010:v1.10.6
  # Longhorn specific
  kubelet:
    extraMounts:
      - destination: /var/lib/longhorn
        type: bind
        source: /var/lib/longhorn
        options:
          - bind
          - rshared
          - rw
  sysctls:
    vm.nr_hugepages: "1024"
  kernel:
    modules:
      - name: nvme_tcp
      - name: vfio_pci

cluster:
  # need only if workload should be deployed on control nodes
  allowSchedulingOnControlPlanes: true

  # for cilium
  network:
    cni:
      name: none
  proxy:
    disabled: true

One very important part of the patch.yaml is the image. Siderolabs provide the Talos Talos Image Factory where you can download custom images for different platforms and add extension to them. At the end a hash gets created (here 36cd…c010) that represents our custom image. Because of longhorn the following extensions are needed, but something like the qemu-guest-agent can be added here aswell:

  • siderolabs/iscsi-tools
  • siderolabs/util-linux-tools

Talos and machine configs

With the patch.yaml the creation of the machine and node configuration file can be executed. To do so the talosctl tools is needed.

talosctl gen config westfall https://westfall.thorados.de:6443 \
    --config-patch @patch.yaml \
    --install-image factory.talos.dev/metal-installer/58eedd04d458e2c900727f5a3af74a3ef6453b9902b23decb590c0007388187a:v1.10.6

After that there are three new files in the current working directory.

  • talosconfig
  • controlplane.yaml
  • worker.yaml

Inside the talosconfig is the certificate to authenticate with the Talos API. The controlplane.yaml contains the configuration for the control nodes and the worker.yaml for the worker nodes. To apply this configuration to a machine booted into Talos Linux the following command is used:

talosctl apply-config \
    --insecure \
    --nodes 192.168.20.80 \
    --file controlplane.yaml

After that the cluster can be initiated with the following command:

talosctl bootstrap \
    --nodes 192.168.20.80 \
    --endpoints 192.168.20.80 \
    --talosconfig=./talosconfig

Once the bootstrap is completed communicating with kubernetes can be done by interacting with its API. To gain access the kubeconfig can be optained with talosctl:

talosctl kubeconfig \
    --nodes 192.168.20.80 \
    --endpoints 192.168.20.80 \
    --talosconfig=./talosconfig /home/thorsten/.kube/config

Updating Talos Linux

To Upgrade Talos Linux its only necessary to have the talosconfig and point to a new image version.

talosctl upgrade \
    --nodes 192.168.20.80 \
    --endpoints=192.168.20.80 \
    --talosconfig=./talosconfig \
    --image factory.talos.dev/metal-installer/36cd6536eaec8ba802be2d38974108359069cedba8857302f69792b26b87c010:v1.10.6

Sources

Cilium BgpCilium