Talos Linux — Kubernetes Operating System

Kubernetes

Published

January 23, 2025

Modified

May 14, 2025

Talos Linux¹

Talos ISO — Live system in RAM

…boots without a configuration …enters maintenance mode
…installation to local stage by configuration file
…defined by a machine config file passed to server

`talosctl`

Command-line tool to access the Talos API

Download talosctl from GitHub releases²
Configuration file…
- …defaults to ~/.talos/config
- …set path with $TALOSCONFIG
- …options --talosconfig

# install
mkdir ~/bin && export PATH=$PATH:~/bin
curl -L https://github.com/siderolabs/talos/releases/download/v1.10.1/talosctl-linux-amd64 -o ~/bin/talosctl
chmod +x ~/bin/talosctl

export TALOSCONFIG=$(realpath ./talosconfig)
source <(talosctl completion zsh)
talosctl config info

Endpoints — where talosctl sends commands to
- -e node,node options to address control plane nodes
- …automatic load-balancing over multiple endpoints
Nodes — target node of operation
- …endpoints automatic proxy requests to nodes
- -n node,node,... option to define target

# specify endpoint and node
talosctl -e $ip_cp1 -n $ip_cp1 #...

# add endpoints to the configuration
talosctl config endpoint $ip_cp1,$ip_cp2,$ip_cp3

Debug with sub-commands:

dmesg — kernel logs
service — list services
logs <service> — service logs
processes
memory
netstat — network ports
pcap — capture network packages

# launch a debug container
kubectl debug -n kube-system -it --image alpine node/talos-5wl-rau

Machine Configuration

gen config — generate the machine configurations for a cluster
- talosconfig — Local talosctl client configuration
- controlplane.yaml — Configure control plane nodes
- worker.yaml — Configure nodes that run workloads
apply-config — apply a configuration to a node
- --insecure
  - …connect without authentication (however encrypted)
  - …initial configuration can not use PKI infrasructure
edit machineconfig — live edit configuration
patch machineconfig — apply via JSON patch

# list all resource definitions
talosctl get rd

Kubernetes

Kubernetes Endpoint — Address of the Kubernetes API server

HTTPS URL endpoint …default to port 6443
Highly available …uses all available control plane nodes
Endpoint IP either…
- …multiple DNS records
- …load-balancer
- …Talos VIP (build-in)

VIP³ — shared/virtual IP address (layer 2)

…control plane nodes must share a layer 2 network (same switch)
…etcd for elections and leadership (control) of the IP address

`etcd`

Distributed key-value store — stores the state of Kubernetes

Talos manages etcd members running on the control plane
Recommended to run an odd number …3 or more
talosctl sub-commands
- service etcd – state of etcd
- etcd members - list nodes with an etcd instance

talosctl -n $ip_cp1,$ip_cp2,$ip_cp3 etcd status

Tests

Docker

Setup a test environment in Docker containers…

# create default cluster with two containers
talosctl cluster create

talosctl cluster create --workers 3

# clean up
talosctl cluster destory

Footnotes

Talos Linux
https://www.talos.dev
https://github.com/siderolabs/talos ↩︎
Talos Releases, GitHub
https://github.com/siderolabs/talos/releases ↩︎
Virtual (shared) IP, Talos Documentation
https://www.talos.dev/v1.9/talos-guides/network/vip ↩︎

--- title: Talos Linux — Kubernetes Operating System categories: - Kubernetes date: 2025/01/23 date-modified: 2025/05/14 toc-expand: 3 --- Talos Linux[^d30lF] [^d30lF]: Talos Linux <https://www.talos.dev> <https://github.com/siderolabs/talos> Talos ISO — Live system in RAM - …boots without a configuration …enters maintenance mode - …installation to local stage by configuration file - …defined by a machine config file passed to server ## `talosctl` Command-line tool to **access the Talos API** * Download `talosctl` from GitHub releases[^hGf34] * Configuration file… - …defaults to `~/.talos/config` - …set path with `$TALOSCONFIG` - …options `--talosconfig` [^hGf34]: Talos Releases, GitHub <https://github.com/siderolabs/talos/releases> ```bash # install mkdir ~/bin && export PATH=$PATH:~/bin curl -L https://github.com/siderolabs/talos/releases/download/v1.10.1/talosctl-linux-amd64 -o ~/bin/talosctl chmod +x ~/bin/talosctl export TALOSCONFIG=$(realpath ./talosconfig) source <(talosctl completion zsh) talosctl config info ``` - **Endpoints** — where `talosctl` sends commands to - `-e node,node` options to address control plane nodes - …automatic load-balancing over multiple endpoints - **Nodes** — target node of operation - …endpoints automatic proxy requests to nodes - `-n node,node,...` option to define target ```bash # specify endpoint and node talosctl -e $ip_cp1 -n $ip_cp1 #... # add endpoints to the configuration talosctl config endpoint $ip_cp1,$ip_cp2,$ip_cp3 ``` Debug with sub-commands: - `dmesg` — kernel logs - `service` — list services - `logs <service>` — service logs - `processes` - `memory` - `netstat` — network ports - `pcap` — capture network packages ```bash # launch a debug container kubectl debug -n kube-system -it --image alpine node/talos-5wl-rau ``` ### Machine Configuration * **`gen config`** — generate the machine configurations for a cluster - `talosconfig` — Local `talosctl` client configuration - `controlplane.yaml` — Configure control plane nodes - `worker.yaml` — Configure nodes that run workloads * **`apply-config`** — apply a configuration to a node - `--insecure` - …connect without authentication (however encrypted) - …initial configuration can not use PKI infrasructure * **`edit machineconfig`** — live edit configuration * **`patch machineconfig`** — apply via JSON patch ```bash # list all resource definitions talosctl get rd ``` ## Kubernetes Kubernetes Endpoint — Address of the Kubernetes API server - HTTPS URL endpoint …default to port 6443 - Highly available …uses all available control plane nodes - Endpoint IP either… - …multiple DNS records - …load-balancer - …Talos VIP (build-in) VIP[^x9YDc] — shared/virtual IP address (layer 2) - …control plane nodes must share a layer 2 network (same switch) - …`etcd` for elections and leadership (control) of the IP address [^x9YDc]: Virtual (shared) IP, Talos Documentation <https://www.talos.dev/v1.9/talos-guides/network/vip> ### `etcd` Distributed key-value store — stores the state of Kubernetes - Talos manages `etcd` members running on the control plane - Recommended to run an odd number …3 or more - `talosctl` sub-commands - **`service etcd`** – state of `etcd` - **`etcd members`** - list nodes with an `etcd` instance ```bash talosctl -n $ip_cp1,$ip_cp2,$ip_cp3 etcd status ``` ## Tests ### Docker Setup a test environment in Docker containers… ```bash # create default cluster with two containers talosctl cluster create talosctl cluster create --workers 3 # clean up talosctl cluster destory ```