This is the multi-page printable view of this section. Click here to print.
How Tos
1 - How to enable workers on your control plane nodes
By default, Talos Linux taints control plane nodes so that workloads are not schedulable on them.
In order to allow workloads to run on the control plane nodes (useful for single node clusters, or non-production clusters), follow the procedure below.
Modify the MachineConfig for the controlplane nodes to add allowSchedulingOnControlPlanes: true
:
cluster:
allowSchedulingOnControlPlanes: true
This may be done via editing the controlplane.yaml
file before it is applied to the control plane nodes, by editing the machine config, or by patching the machine config.
2 - How to manage certificate lifetimes with Talos Linux
Talos Linux automatically manages and rotates all server side certs for etcd, Kubernetes, and the Talos API. Note however that the kubelet needs to be restarted at least once a year in order for the certificates to be rotated. Any upgrade/reboot of the node will suffice for this effect.
Client certs (talosconfig
and kubeconfig
) are the user’s responsibility.
Each time you download the kubeconfig
file from a Talos Linux cluster, the client certificate is regenerated giving you a kubeconfig which is valid for a year.
The talosconfig
file should be renewed at least once a year, using the talosctl config new
command.
3 - How to scale down a Talos cluster
To remove nodes from a Talos Linux cluster:
talosctl -n <IP.of.node.to.remove> reset
kubectl delete node <nodename>
The command talosctl reset
will cordon and drain the node, leaving etcd
if required, and then erase its disks and power down the system.
This command will also remove the node from registration with the discovery service, so it will no longer show up in talosctl get members
.
It is still necessary to remove the node from Kubernetes, as noted above.
4 - How to scale up a Talos cluster
To add more nodes to a Talos Linux cluster, follow the same procedure as when initially creating the cluster:
- boot the new machines to install Talos Linux
- apply the
worker.yaml
orcontrolplane.yaml
configuration files to the new machines
You need the controlplane.yaml
and worker.yaml
that were created when you initially deployed your cluster.
These contain the certificates that enable new machines to join.
Once you have the IP address, you can then apply the correct configuration for each machine you are adding, either worker
or controlplane
.
talosctl apply-config --insecure \
--nodes [NODE IP] \
--file controlplane.yaml
The insecure flag is necessary because the PKI infrastructure has not yet been made available to the node.
You do not need to bootstrap the new node. Regardless of whether you are adding a control plane or worker node, it will now join the cluster in its role.