This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Introduction

1 - What is Talos?

Talos is a container optimized Linux distro; a reimagining of Linux for distributed systems such as Kubernetes. Designed to be as minimal as possible while still maintaining practicality. For these reasons, Talos has a number of features unique to it:

  • it is immutable
  • it is atomic
  • it is ephemeral
  • it is minimal
  • it is secure by default
  • it is managed via a sigle declaritive configuration file and gRPC API

Talos can be deployed on container, cloud, virtualized, and bare metal platforms.

Why Talos

In having less, Talos offers more. Security. Efficiency. Resiliency. Consistency.

All of these areas are improved simply by having less.

2 - Quickstart

The easiest way to try Talos is by using the CLI (talosctl) to create a cluster on a machine with docker installed.

Prerequisites

talosctl

Download talosctl:

curl -Lo /usr/local/bin/talosctl https://github.com/talos-systems/talos/releases/latest/download/talosctl-$(uname -s | tr "[:upper:]" "[:lower:]")-amd64
chmod +x /usr/local/bin/talosctl

kubectl

Download kubectl via one of methods outlined in the documentation.

Create the Cluster

Now run the following:

talosctl cluster create

Verify that you can reach Kubernetes:

$ kubectl get nodes -o wide
NAME                     STATUS   ROLES    AGE    VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE         KERNEL-VERSION   CONTAINER-RUNTIME
talos-default-master-1   Ready    master   115s   v1.19.3   10.5.0.2      <none>        Talos (v0.7.0)   <host kernel>    containerd://1.4.1
talos-default-worker-1   Ready    <none>   115s   v1.19.3   10.5.0.3      <none>        Talos (v0.7.0)   <host kernel>    containerd://1.4.1

Destroy the Cluster

When you are all done, remove the cluster:

talosctl cluster destroy

3 - Getting Started

Regardless of where you run Talos, you will find that there is a pattern to deploying it.

In general you will need to:

  • identity and create the image
  • optionally create a load balancer for Kubernetes
  • configure Talos
  • create the nodes

Kernel Parameters

The following is a list of kernel parameters required by Talos:

  • talos.config: the HTTP(S) URL at which the machine data can be found
  • talos.platform: can be one of aws, azure, container, digitalocean, gcp, metal, packet, or vmware
  • page_poison=1: required by KSPP
  • slab_nomerge: required by KSPP
  • slub_debug=P: required by KSPP
  • pti=on: required by KSPP

CLI

Installation

curl -Lo /usr/local/bin/talosctl https://github.com/talos-systems/talos/releases/latest/download/talosctl-$(uname -s | tr "[:upper:]" "[:lower:]")-amd64
chmod +x /usr/local/bin/talosctl

Configuration

The talosctl command needs some configuration options to connect to the right node. By default talosctl looks for a file called config located at $HOME/.talos.

You can also override which configuration talosctl uses by specifying the --talosconfig parameter:

talosctl --talosconfig talosconfig

Configuring the endpoints:

talosctl config endpoint <endpoint>...

Endpoints are the communication endpoints to which the client directly talks. These can be load balancers, DNS hostnames, a list of IPs, etc. In general, it is recommended that these point to the set of control plane nodes, either directly or through a reverse proxy or load balancer.

Each endpoint will automatically proxy requests destined to another node through it, so it is not necessary to change the endpoint configuration just because you wish to talk to a different node within the cluster.

Endpoints do, however, need to be members of the same Talos cluster as the target node, because these proxied connections reply on certificate-based authentication.

Configuring the nodes:

talosctl config nodes <node>...

The node is the target node on which you wish to perform the API call. While you can configure the target node (or even set of target nodes) inside the ’talosctl’ configuration file, it is often useful to simply and explicitly declare the target node(s) using the -n or --nodes command-line parameter.

Keep in mind, when specifying nodes that their IPs and/or hostnames are as seen by the endpoint servers, not as from the client. This is because all connections are proxied first through the endpoints.

To verify what node(s) you’re currently talking to, you can run:

$ talosctl version
Client:
        ...
Server:
        NODE:        <node>
        ...

4 - System Requirements

Minimum Requirements

RoleMemoryCores
Init/Control Plane2GB2
Worker1GB1
RoleMemoryCores
Init/Control Plane4GB4
Worker2GB2

These requirements are similar to that of kubernetes.