This is the multi-page printable view of this section. Click here to print.
Introduction
1 - What is Talos?
Talos is a container optimized Linux distro; a reimagining of Linux for distributed systems such as Kubernetes. Designed to be as minimal as possible while still maintaining practicality. For these reasons, Talos has a number of features unique to it:
- it is immutable
- it is atomic
- it is ephemeral
- it is minimal
- it is secure by default
- it is managed via a sigle declaritive configuration file and gRPC API
Talos can be deployed on container, cloud, virtualized, and bare metal platforms.
Why Talos
In having less, Talos offers more. Security. Efficiency. Resiliency. Consistency.
All of these areas are improved simply by having less.
2 - Quickstart
The easiest way to try Talos is by using the CLI (talosctl
) to create a cluster on a machine with docker
installed.
Prerequisites
talosctl
Download talosctl
:
curl -Lo /usr/local/bin/talosctl https://github.com/talos-systems/talos/releases/latest/download/talosctl-$(uname -s | tr "[:upper:]" "[:lower:]")-amd64
chmod +x /usr/local/bin/talosctl
kubectl
Download kubectl
via one of methods outlined in the documentation.
Create the Cluster
Now run the following:
talosctl cluster create
Verify that you can reach Kubernetes:
$ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
talos-default-master-1 Ready master 115s v1.19.3 10.5.0.2 <none> Talos (v0.7.0) <host kernel> containerd://1.4.1
talos-default-worker-1 Ready <none> 115s v1.19.3 10.5.0.3 <none> Talos (v0.7.0) <host kernel> containerd://1.4.1
Destroy the Cluster
When you are all done, remove the cluster:
talosctl cluster destroy
3 - Getting Started
Regardless of where you run Talos, you will find that there is a pattern to deploying it.
In general you will need to:
- identity and create the image
- optionally create a load balancer for Kubernetes
- configure Talos
- create the nodes
Kernel Parameters
The following is a list of kernel parameters required by Talos:
talos.config
: the HTTP(S) URL at which the machine data can be foundtalos.platform
: can be one ofaws
,azure
,container
,digitalocean
,gcp
,metal
,packet
, orvmware
page_poison=1
: required by KSPPslab_nomerge
: required by KSPPslub_debug=P
: required by KSPPpti=on
: required by KSPP
CLI
Installation
curl -Lo /usr/local/bin/talosctl https://github.com/talos-systems/talos/releases/latest/download/talosctl-$(uname -s | tr "[:upper:]" "[:lower:]")-amd64
chmod +x /usr/local/bin/talosctl
Configuration
The talosctl
command needs some configuration options to connect to the right node.
By default talosctl
looks for a file called config
located at $HOME/.talos
.
You can also override which configuration talosctl
uses by specifying the --talosconfig
parameter:
talosctl --talosconfig talosconfig
Configuring the endpoints:
talosctl config endpoint <endpoint>...
Endpoints are the communication endpoints to which the client directly talks. These can be load balancers, DNS hostnames, a list of IPs, etc. In general, it is recommended that these point to the set of control plane nodes, either directly or through a reverse proxy or load balancer.
Each endpoint will automatically proxy requests destined to another node through it, so it is not necessary to change the endpoint configuration just because you wish to talk to a different node within the cluster.
Endpoints do, however, need to be members of the same Talos cluster as the target node, because these proxied connections reply on certificate-based authentication.
Configuring the nodes:
talosctl config nodes <node>...
The node is the target node on which you wish to perform the API call.
While you can configure the target node (or even set of target nodes) inside the
’talosctl’ configuration file, it is often useful to simply and explicitly
declare the target node(s) using the -n
or --nodes
command-line parameter.
Keep in mind, when specifying nodes that their IPs and/or hostnames are as seen by the endpoint servers, not as from the client. This is because all connections are proxied first through the endpoints.
To verify what node(s) you’re currently talking to, you can run:
$ talosctl version
Client:
...
Server:
NODE: <node>
...
4 - System Requirements
Minimum Requirements
Role | Memory | Cores |
---|---|---|
Init/Control Plane | 2GB | 2 |
Worker | 1GB | 1 |
Recommended
Role | Memory | Cores |
---|---|---|
Init/Control Plane | 4GB | 4 |
Worker | 2GB | 2 |
These requirements are similar to that of kubernetes.