Installing Talos on Metal

In the evolving era of cloud computing, organizations are continually looking for solutions that combine performance, security, and flexibility to meet their application infrastructure needs. We will see how combining the features of Equinix Metal and Talos operating system can be beneficial for organizations handling the huge Kubernetes workloads as part of this technical guide.

What is the Talos Operating system?

Talos, stands out by its immutable and minimalistic design, is tailor-made to enhance Kubernetes operations, making it a perfect match for the high-performance and customizable environment that Equinix Metal provides.

Highlights of Talos

Here are a few key highlights and viewpoints of Talos:

• Kubernetes-Native: Talos is Kubernetes-native, meaning it integrates well with Kubernetes concepts. It removes standard Linux components and offers the Kubernetes experience.

• Immutable Infrastructure: Talos obeys primary permanent command. Once deployed, the operating system does not change immediately, but it may or may not be installed with the latest version. This increases security and predictability.

• Minimalist Plan: Talos is expected to be more rational, reducing affected area and resource usage. It literally contains the basic components needed to run Kubernetes, in a simple and efficient system.

• Security: Security is the center of Talos. It uses key features like read-only root, boot protection, and software upgrades to increase security. Again, acquiring a Kubernetes cluster takes a lot of time.

• Automatic Updates: Talos uses automatic updates for Kubernetes tasks and components. This ensures that the cluster is constantly updated with the latest vulnerabilities.

• Ease to Manage: Talos provides flight control and control throughout the flight. It includes tools like talosctl for hub control, rendering, and other cluster components.

Context Setting

In this guide, let us explore how integrating Talos with Equinix Metal not only simplifies the management of Kubernetes clusters, all while maintaining the security, high availability and global scalability.

Whether you're deploying a new cluster or optimizing existing infrastructure, understanding how to harness the full potential of Talos on Equinix Metal can transform your Kubernetes deployment strategy and ease up the process.

Let's dive into the specifics of this powerful combination, from initial setup to advanced configurations, and discover how it can serve as a cornerstone for resilient, scalable, and secure digital operations.

Let's take a quick look at a quick start before we create a Talos cluster with Equinix Metal.

Talos QuickStart

Please follow the guide on setting up a simple Talos Linux cluster locally with Docker.

Talos Installation Prerequisites

Start the Docker service if it is not already running

Local Docker Cluster:

Docker should be installed on the machine for Talos cluster setup, because Talos will run as a docker container.

Download talosctl (macOS or Linux)

The simplest method to test Talos is to set up a Talos cluster using “talosctl” command, on a workstation that is running Docker.

Use the command below,

curl -sL https://talos.dev/install | sh

Install kubectl

Download kubectl and install via one of the methods in the documentation .

Talos Cluster Creation

Since we installed talosctl utility, further we can use it to create and manage the cluster.

Create the Cluster

Run the below command for cluster creation

talosctl cluster create

Note: If you are using Docker Desktop on a macOS computer you will need to enable the default Docker socket in your settings.

This command shows the output below. We can notice this command creates a fully operational Kubernetes cluster and nodes in our workstation. We will be using this installation to generate the Talos Yaml config file needed for k8s installation in Equinix.

~ % talosctl cluster create
validating CIDR and reserving IPs
generating PKI and tokens
creating network talos-default
creating controlplane nodes
creating worker nodes
renamed talosconfig context "talos-default" -> "talos-default-2"
waiting for API
bootstrapping cluster
waiting for etcd to be healthy: OK
waiting for etcd members to be consistent across nodes: OK
waiting for etcd members to be control plane nodes: OK
waiting for apid to be ready: OK
waiting for all nodes memory sizes: OK
waiting for all nodes disk sizes: OK
waiting for kubelet to be healthy: OK
waiting for all nodes to finish boot sequence: OK
waiting for all k8s nodes to report: OK
waiting for all k8s nodes to report ready: OK
waiting for all control plane static pods to be running: OK
waiting for all control plane components to be ready: OK
waiting for kube-proxy to report ready: OK
waiting for coredns to report ready: OK
waiting for all k8s nodes to report schedulable: OK
merging kubeconfig into "/Users/gsaravanan/.kube/config"
renamed cluster "talos-default" -> "talos-default-2"
renamed auth info "admin@talos-default" -> "admin@talos-default-2"
renamed context "admin@talos-default" -> "admin@talos-default-2"
PROVISIONER      docker
NAME         talos-default
NETWORK NAME     talos-default
NETWORK CIDR     10.5.0.0/24
NETWORK GATEWAY    10.5.0.1
NETWORK MTU      1500
KUBERNETES ENDPOINT  https://127.0.0.1:50009

NODES:

NAME              TYPE      IP     CPU  RAM   DISK
/talos-default-controlplane-1  controlplane  10.5.0.2  2.00  2.1 GB  -
/talos-default-worker-1     worker     10.5.0.3  2.00  2.1 GB  -

Viewing Cluster Dashboard

You can investigate using below Talos API command:

talosctl dashboard --nodes 10.5.0.2

This command will show the console output as follows,

Verify the Kubernetes Cluster created by Talosctl

$ kubectl get nodes -o wide

NAME             STATUS  ROLES AGE VERSION    INTERNAL-IP   EXTERNAL-IP  OS-IMAGE        KERNEL-VERSION  CONTAINER-RUNTIME

talos-default-controlplane-1  Ready master  115s  v1.30.0  10.5.0.2  <none>   Talos (v1.7.0)  <host kernel> containerd://1.5.5
talos-default-worker-1    Ready <none>  115s  v1.30.0  10.5.0.3  <none>   Talos (v1.7.0)  <host kernel>  containerd://1.5.5

That's it for the quick and simplest Kubernetes cluster setup for getting started with Talos.

Let's move on to create a dedicated Talos cluster on Equinix Metal.

Creating Talos Clusters on Equinix Metal

We can create the Talos Linux cluster on Equinix Metal in various ways, for example through the Equinix Metal web interface or the Metal networking tool.

Installation Architecture Diagram

Summary of Steps

Below are the summary of steps we need to follow,

1. On your local workstation do the following steps,
   1. Create DNS entries on your Kubernetes endpoint.
   2. Create control plane and worker node configurations using talosctl .
2. Provision Metal instance on Equinix Metal Dashboard.
3. Use iPXE image to install Talos in Equinix
4. Push the Yaml configurations created in step 1-b to the Equinix Metal instance server (either using user data via GUI or CLI method)
5. Get the K8s Cluster IP once the instance creation is complete
6. Finally, Using talosctl CLI on your local workstation do the following steps,
   1. Configure your Kubernetes endpoint to point to the recently made control plane nodes.
   2. Bootstrap the etcd
   3. Fetch Kubeconfig.

Detailed Installation Steps

1. Define the Kubernetes Endpoint

Listed below are a few of several ways to create an HA endpoint for a Kubernetes cluster,

• DNS
• Load Balancer
• BGP

Whichever the method, it should result in an IP address/DNS mapping session for all control plane operations.

We do not know the control plane IP address of this program, but we need to specify the DNS endpoints that will be used to create the cluster. Once the hubs are assigned, endpoint A can be used to create scripts or send them to the load balancer, etc.

2. Create the Machine Setup Files

Generating Configurations

Create a basic script to identify Talos machines using the DNS header of the load balancer shown above. As part of our local k8s cluster creation, we can see the cluster is accessible through the localhost:port https://127.0.0.1:50009

~ % talosctl gen config talos-k8s-em-tutorial https://127.0.0.1:50009
generating PKI and tokens
Created /Users/gsaravanan/controlplane.yaml
Created /Users/gsaravanan/worker.yaml 
Created /Users/gsaravanan/talosconfig

So we are using it to generate the required Yaml config files, as stated in the summary.

The port used above should be 6443 unless your load balancing card is different from port 6443 on the control plane.

Validate the Configuration Files

We can validate the config files using the command below,

~ % talosctl validate --config controlplane.yaml --mode metal 
controlplane.yaml is valid for metal mode

~ % talosctl validate --config worker.yaml --mode metal
worker.yaml is valid for metal mode

3. Provision the machines in Equinix Metal

Talos Linux can installed from PXE on an Equinix network using iPXE URL from "Image Factory" for the Equinix Metal.

Use the Equinix Metal UI

Log into Equinix metal console, choose “Deploy on demand”, and select a region & machine type.

Select “Custom PXE” and enter the below given PXE image URL as the IPXE URL

https://pxe.factory.talos.dev/pxe/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.0/equinixMetal-amd64

Enable “Always PXE” when given the choice.

Then select the number of servers to run and give them a name (in lowercase letters). We will create one server for the purpose of this guide.

Under the optional settings > user data section , you can paste in the contents of controlplane.yaml that was generated, above (make sure to add first line with shebang #!talos).

We need to repeat this step to add configurations to other control planes and worker nodes (we need to pass worker.yaml to the worker node like user data).

If we forget to set-up the Metal instance with user data, we must pass it to each machine after the instance is created using the following command:

talosctl apply-config --insecure --nodes <Node IP> --file ./controlplane.yaml

Using Equinix Metal CLI

If a user is familiar enough with using the Equinix CLI, they can use the command below. You just need to ensure they have added #!talos at the beginning of the controlplane.yaml file.

metal device create \
  --project-id $PROJECT_ID \
  --facility $FACILITY \
  --operating-system "custom_ipxe" \
  --ipxe-script-url "https://pxe.factory.talos.dev/pxe/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.0/equinixMetal-amd64" \
  --plan $PLAN \
  --hostname $HOSTNAME \
  --userdata-file controlplane.yaml

Repeat this step to create each control plane node desired, note, there should be three servers for an high availability (HA) cluster.

4. Update the Kubernetes endpoint

Now get the control plane IP address from Equinix Metal UI once the clusters are created.

So we got our control planes created and we know their IP addresses, we can connect them to the Kubernetes endpoint.

Configure your load balancer to perform operations on these hubs or finally add records to your DNS servers for each control plane. host endpoint.mydomain.com

host endpoint.mydomain.com
endpoint.mydomain.com has address <control plane 1 IP>
endpoint.mydomain.com has address <control plane 2 IP> 
endpoint.mydomain.com has address <control plane 3 IP>

5. Setup Endpoints and Nodes

Set the endpoints and nodes for talosctl:

talosctl --talosconfig talosconfig config endpoint <control plane 1 IP>
talosctl --talosconfig talosconfig config node <control plane 1 IP>

6. Bootstrap etcd

talosctl --talosconfig talosconfig bootstrap

7. Retrieve the kubeconfig

Finally get the Kubeconfig data by running command below,

talosctl --talosconfig talosconfig kubeconfig .

Clean up

Clean up Equinix Instances

Login to the Equinix Metal Dashboard and destroy the instances after completing the demo.

Destroy the Local workstation Cluster

When you are all done, remove the cluster:

talosctl cluster destroy

Conclusion

In conclusion, integrating Talos with Equinix Metal forms a powerful combination that simplifies Kubernetes cluster management, enhances security, and ensures high availability and global scalability. The immutable and minimalistic design of Talos, coupled with the high-performance and customizable environment provided by Equinix Metal, delivers a seamless and secure Kubernetes experience.

By harnessing the potential of Talos on Equinix Metal, organizations can optimize their infrastructure, automate cluster updates, and gain better control and visibility. Whether you're deploying new clusters or managing existing ones, this integration offers a robust foundation for resilient, scalable, and secure digital operations. It empowers businesses to innovate faster, improve agility, and drive business growth in a rapidly evolving digital landscape.

References

• Talos Quickstart Guide
• Talos Equinix Metal Guide
• Talos Getting Started Guide