“`html
Talos Linux, a specialized operating system tailored for kubernetes, excels in managing the full lifecycle of Kubernetes control-plane components.Emphasizing security,it restricts user influence,notably lacking executables,a shell,and SSH login capabilities. Configuration is exclusively managed through a Kubernetes-like API.
Talos Linux is available as pre-built images for diverse environments.
Typically,installation involves using a prepared image for yoru cloud provider or hypervisor to create a virtual machine. Alternatively, you can opt for a bare metal setup, loading the Talos Linux image via ISO or PXE methods.
However, this approach is not feasible with providers offering pre-configured servers or virtual machines that do not allow custom image uploads or ISO usage via KVM. In such cases, you are limited to the distributions provided by the cloud provider.
The Talos Linux installation process generally involves two key steps: (1) loading and booting the Talos Linux image, and (2) preparing and applying the machine-config (the primary configuration file for Talos Linux) to the booted image.Let’s delve into each of these steps.
Booting into Talos linux
One of the most versatile methods involves using a linux kernel mechanism known as kexec.
kexec, both a utility and a system call, enables booting into a new kernel from the existing system without a physical reboot. This allows you to download the necessary vmlinuz and initramfs for Talos Linux, specify the required kernel command line, and immediately switch to the new system. It’s akin to the kernel being loaded by a standard bootloader at startup, but with your existing Linux operating system acting as the bootloader.
Essentially,any Linux distribution will suffice,whether it’s a physical server in rescue mode or a virtual machine with a pre-installed operating system. Let’s consider an example using Ubuntu, though any other Linux distribution can be used.
Log in via SSH and install the kexec-tools package, which contains the kexec utility:
apt install kexec-tools -y
Next, download the Talos Linux kernel and initramfs from the official repository:
wget -O /tmp/vmlinuz https://github.com/siderolabs/talos/releases/latest/download/vmlinuz-amd64
wget -O /tmp/initramfs.xz https://github.com/siderolabs/talos/releases/latest/download/initramfs-amd64.xz
For physical servers, you’ll need to build a custom image with all necessary firmware using Talos Factory.Alternatively, pre-built images from the Cozystack project (a CNCF Sandbox solution for building clouds) can be used, as they include all required modules and firmware:
wget -O /tmp/vmlinuz https://github.com/cozystack/cozystack/releases/latest/download/kernel-amd64
wget -O /tmp/initramfs.xz https://github.com/cozystack/cozystack/releases/latest/download/initramfs-metal-amd64.xz
Now, gather the network information to be passed to Talos Linux at boot time. the following script collects the necessary data and sets surroundings variables:
IP=$(ip -o -4 route get 8.8.8.8 | awk -F"src " '{sub(" .*", "", $2); print $2}')
GATEWAY=$(ip -o -4 route get 8.8.8.8 | awk -F"via " '{sub(".*", "", $2); print $2}')
ETH=$(ip -o -4 route get 8.8.8.8 | awk -F"dev " '{sub(" .*","",$2); print $2}')
CIDR=$(ip -o -4 addr show "$ETH" | awk -F"inet $IP/" '{sub(" .*", "", $2); print $2; exit}')
NETMASK=$(echo "$CIDR" | awk '{p=$1;for(i=1;i<=4;i++){if(p>=8){o=255;p-=8}else{o=256-2^(8-p);p=0}printf(i<4?o".":o"n")}}')
DEV=$(udevadm info -q property "/sys/class/net/$ETH" | awk -F= '$1~/ID_NET_NAME_ONBOARD/{print $2; exit} $1~/ID_NET_NAME_PATH/{v=$2} END{if(v) print v}')
These parameters can be passed via the kernel cmdline using the ip= parameter to configure the network with the Kernel level IP configuration mechanism. This method allows the kernel to automatically set up interfaces and assign IP addresses during boot, based on information passed through the kernel cmdline.this built-in kernel feature is enabled by the CONFIG_IP_PNP option and is enabled by default in Talos linux. Simply provide properly formatted network settings in the kernel cmdline.
Set the CMDLINE variable with the ip option containing the current system’s settings, and then print it:
CMDLINE="init_on_alloc=1 slab_nomerge pti=on console=tty0 console=ttyS0 printk.devkmsg=on talos.platform=metal ip=${IP}::${GATEWAY}:${NETMASK}::${DEV}:::::"
echo $CMDLINE
The output should resemble:
init_on_alloc=1 slab_nomerge pti=on console=tty0 console=ttyS0 printk.devkmsg=on talos.platform=metal ip=10.0.0.131::10.0.0.1:255.255.255.0::eno2np0:::::
Verify the correctness of the output, then load the new kernel:
kexec -l /tmp/vmlinuz --initrd=/tmp/initramfs.xz --command-line="$CMDLINE"
kexec -e
The first command loads the Talos kernel into RAM, and the second command switches the current system to this new kernel.
This results in a running instance of Talos Linux with configured networking. However, it’s running entirely in RAM, so a server reboot will revert the system to its original state (loading the OS from the hard drive, such as Ubuntu).
Applying machine-config and installing talos Linux on disk
To persistently install Talos Linux on the disk and replace the current OS, apply a machine-config specifying the installation disk. Configure the machine using either the official talosctl utility or the Numbutility maintained by the Cozystack project (Talm is also compatible with vanilla Talos Linux).
First, consider configuration using talosctl. Before applying the config,ensure it includes network settings for your node to prevent networking issues after reboot. During installation, the bootloader is written to disk and does not contain the ip option for kernel autoconfiguration.
Here’s an example of a config patch containing the necessary values:
# node1.yaml
machine:
install:
disk: /dev/sda
network:
hostname: node1
nameservers:
- 1.1.1.1
- 8.8.8.8
interfaces:
- interface: eno2np0
addresses:
- 10.0.0.131/24
routes:
- network: 0.0.0.0/0
gateway: 10.0.0.1
Use it to generate a full machine-config:
talosctl gen secrets
talosctl gen config --with-secrets=secrets.yaml --config-patch-control-plane=@node1.yaml
Review the resulting config and apply it to the node:
talosctl apply -f controlplane.yaml -e 10.0.0.131 -n 10.0.0.131 -i
After applying controlplane.yaml, the node will install Talos on the /dev/sda disk, overwriting the existing OS, and then reboot.
Now, run the bootstrap command to initialize the etcd cluster:
talosctl --talosconfig=talosconfig bootstrap -e 10.0.0.131 -n 10.0.0.131
View the node’s status at any time using dashboard commnad:
talosctl --talosconfig=talosconfig dashboard -e 10.0.0.131 -n 10.0.0.131
Once all services reach the Ready state, retrieve the kubeconfig to use your newly installed Kubernetes:
talosctl --talosconfig=talosconfig kubeconfig kubeconfig
export KUBECONFIG=${PWD}/kubeconfig
Use Talm for configuration management
Managing numerous configs requires a convenient approach, especially with bare-metal nodes that may have different disks, interfaces, and specific network settings, potentially requiring a patch for each node.
To address this, Cozystack developed Numb, a configuration manager for Talos Linux that functions similarly to Helm.
The concept is simple: use a common config template with lookup functions, and when generating a configuration for a specific node, Talm dynamically queries the Talos API and substitutes values into the final config.
Talm includes almost all of the features of talosctl, with added extras. It can generate configurations from Helm-like templates and remember the node and endpoint parameters for each node in the resulting file, eliminating the need to specify these parameters each time you work with a node.
Here’s how to perform the same steps to install Talos linux using Talm:
First, initialize a configuration for a new cluster:
mkdir talos
cd talos
talm init
Adjust values for your cluster in values.yaml:
endpoint: "https://10.0.0.131:6443"
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/16
advertisedSubnets:
- 10.0.0.0/24
Generate a config for your node:
talm template -t templates/controlplane.yaml -e 10.0.0.131 -n 10.0.0.131 > nodes/node1.yaml
The resulting output will look similar to:
# talm: nodes=["10.0.0.131"], endpoints=["10.0.0.131
