- Home /
- Resources /
- Learning center /
- Installing Talos o...
Installing Talos on Metal
This guide explores how combining Equinix Metal and the Talos operating system benefits organizations handling large Kubernetes workloads by simplifying cluster management, enhancing security, and ensuring high availability and global scalability.
On this page
In the evolving era of cloud computing, organizations are continually looking for solutions that combine performance, security, and flexibility to meet their application infrastructure needs. We will see how combining the features of Equinix Metal and Talos operating system can be beneficial for organizations handling the huge Kubernetes workloads as part of this technical guide.
What is the Talos Operating system?
Talos, stands out by its immutable and minimalistic design, is tailor-made to enhance Kubernetes operations, making it a perfect match for the high-performance and customizable environment that Equinix Metal provides.
Highlights of Talos
Here are a few key highlights and viewpoints of Talos:
-
Kubernetes-Native: Talos is Kubernetes-native, meaning it integrates well with Kubernetes concepts. It removes standard Linux components and offers the Kubernetes experience.
-
Immutable Infrastructure: Talos obeys primary permanent command. Once deployed, the operating system does not change immediately, but it may or may not be installed with the latest version. This increases security and predictability.
-
Minimalist Plan: Talos is expected to be more rational, reducing affected area and resource usage. It literally contains the basic components needed to run Kubernetes, in a simple and efficient system.
-
Security: Security is the center of Talos. It uses key features like read-only root, boot protection, and software upgrades to increase security. Again, acquiring a Kubernetes cluster takes a lot of time.
-
Automatic Updates: Talos uses automatic updates for Kubernetes tasks and components. This ensures that the cluster is constantly updated with the latest vulnerabilities.
-
Ease to Manage: Talos provides flight control and control throughout the flight. It includes tools like
talosctl
for hub control, rendering, and other cluster components.
Context Setting
In this guide, let us explore how integrating Talos with Equinix Metal not only simplifies the management of Kubernetes clusters, all while maintaining the security, high availability and global scalability.
Whether you're deploying a new cluster or optimizing existing infrastructure, understanding how to harness the full potential of Talos on Equinix Metal can transform your Kubernetes deployment strategy and ease up the process.
Let's dive into the specifics of this powerful combination, from initial setup to advanced configurations, and discover how it can serve as a cornerstone for resilient, scalable, and secure digital operations.
Let's take a quick look at a quick start before we create a Talos cluster with Equinix Metal.
Talos QuickStart
Please follow the guide on setting up a simple Talos Linux cluster locally with Docker.
Talos Installation Prerequisites
Start the Docker service if it is not already running
Local Docker Cluster:
Docker should be installed on the machine for Talos cluster setup, because Talos will run as a docker container.
Download talosctl
(macOS or Linux)
The simplest method to test Talos is to set up a Talos cluster using “talosctl” command, on a workstation that is running Docker.
Use the command below,
curl -sL https://talos.dev/install | sh
Install kubectl
Download kubectl and install via one of the methods in the documentation .
Talos Cluster Creation
Since we installed talosctl
utility, further we can use it to create and manage the cluster.
Create the Cluster
Run the below command for cluster creation
talosctl cluster create
Note: If you are using Docker Desktop on a macOS computer you will need to enable the default Docker socket in your settings.
This command shows the output below. We can notice this command creates a fully operational Kubernetes cluster and nodes in our workstation. We will be using this installation to generate the Talos Yaml config file needed for k8s installation in Equinix.
~ % talosctl cluster create
validating CIDR and reserving IPs
generating PKI and tokens
creating network talos-default
creating controlplane nodes
creating worker nodes
renamed talosconfig context "talos-default" -> "talos-default-2"
waiting for API
bootstrapping cluster
waiting for etcd to be healthy: OK
waiting for etcd members to be consistent across nodes: OK
waiting for etcd members to be control plane nodes: OK
waiting for apid to be ready: OK
waiting for all nodes memory sizes: OK
waiting for all nodes disk sizes: OK
waiting for kubelet to be healthy: OK
waiting for all nodes to finish boot sequence: OK
waiting for all k8s nodes to report: OK
waiting for all k8s nodes to report ready: OK
waiting for all control plane static pods to be running: OK
waiting for all control plane components to be ready: OK
waiting for kube-proxy to report ready: OK
waiting for coredns to report ready: OK
waiting for all k8s nodes to report schedulable: OK
merging kubeconfig into "/Users/gsaravanan/.kube/config"
renamed cluster "talos-default" -> "talos-default-2"
renamed auth info "admin@talos-default" -> "admin@talos-default-2"
renamed context "admin@talos-default" -> "admin@talos-default-2"
PROVISIONER docker
NAME talos-default
NETWORK NAME talos-default
NETWORK CIDR 10.5.0.0/24
NETWORK GATEWAY 10.5.0.1
NETWORK MTU 1500
KUBERNETES ENDPOINT https://127.0.0.1:50009
NODES:
NAME TYPE IP CPU RAM DISK
/talos-default-controlplane-1 controlplane 10.5.0.2 2.00 2.1 GB -
/talos-default-worker-1 worker 10.5.0.3 2.00 2.1 GB -
Viewing Cluster Dashboard
You can investigate using below Talos API command:
talosctl dashboard --nodes 10.5.0.2
This command will show the console output as follows,
Verify the Kubernetes Cluster created by Talosctl
$ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
talos-default-controlplane-1 Ready master 115s v1.30.0 10.5.0.2 <none> Talos (v1.7.0) <host kernel> containerd://1.5.5
talos-default-worker-1 Ready <none> 115s v1.30.0 10.5.0.3 <none> Talos (v1.7.0) <host kernel> containerd://1.5.5
That's it for the quick and simplest Kubernetes cluster setup for getting started with Talos.
Let's move on to create a dedicated Talos cluster on Equinix Metal.
Creating Talos Clusters on Equinix Metal
We can create the Talos Linux cluster on Equinix Metal in various ways, for example through the Equinix Metal web interface or the Metal networking tool.
Installation Architecture Diagram
Summary of Steps
Below are the summary of steps we need to follow,
- On your local workstation do the following steps,
- Create DNS entries on your Kubernetes endpoint.
- Create control plane and worker node configurations using
talosctl
.
- Provision Metal instance on Equinix Metal Dashboard.
- Use
iPXE
image to install Talos in Equinix - Push the Yaml configurations created in step 1-b to the Equinix Metal instance server (either using user data via GUI or CLI method)
- Get the K8s
Cluster IP
once the instance creation is complete - Finally, Using
talosctl
CLI on your local workstation do the following steps,- Configure your Kubernetes endpoint to point to the recently made control plane nodes.
- Bootstrap the etcd
- Fetch Kubeconfig.
Detailed Installation Steps
1. Define the Kubernetes Endpoint
Listed below are a few of several ways to create an HA endpoint for a Kubernetes cluster,
- DNS
- Load Balancer
- BGP
Whichever the method, it should result in an IP address/DNS mapping session for all control plane operations.
We do not know the control plane IP address of this program, but we need to specify the DNS endpoints that will be used to create the cluster. Once the hubs are assigned, endpoint A can be used to create scripts or send them to the load balancer, etc.
2. Create the Machine Setup Files
Generating Configurations
Create a basic script to identify Talos machines using the DNS header of the load balancer shown above. As part of our local k8s cluster creation, we can see the cluster is accessible through the localhost:port https://127.0.0.1:50009
~ % talosctl gen config talos-k8s-em-tutorial https://127.0.0.1:50009
generating PKI and tokens
Created /Users/gsaravanan/controlplane.yaml
Created /Users/gsaravanan/worker.yaml
Created /Users/gsaravanan/talosconfig
So we are using it to generate the required Yaml config files, as stated in the summary.
The port used above should be 6443 unless your load balancing card is different from port 6443 on the control plane.
Validate the Configuration Files
We can validate the config files using the command below,
~ % talosctl validate --config controlplane.yaml --mode metal
controlplane.yaml is valid for metal mode
~ % talosctl validate --config worker.yaml --mode metal
worker.yaml is valid for metal mode
3. Provision the machines in Equinix Metal
Talos Linux can installed from PXE on an Equinix network using iPXE URL from "Image Factory" for the Equinix Metal.
Use the Equinix Metal UI
Log into Equinix metal console, choose “Deploy on demand”, and select a region & machine type.
Select “Custom PXE”
and enter the below given PXE image URL as the IPXE URL
https://pxe.factory.talos.dev/pxe/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.0/equinixMetal-amd64
Enable “Always PXE” when given the choice.
Then select the number of servers to run and give them a name (in lowercase letters). We will create one server for the purpose of this guide.
Under the optional settings
> user data
section , you can paste in the contents of controlplane.yaml
that was generated, above (make sure to add first line with shebang #!talos
).
We need to repeat this step to add configurations to other control planes and worker nodes (we need to pass worker.yaml
to the worker node like user data).
If we forget to set-up the Metal instance with user data, we must pass it to each machine after the instance is created using the following command:
talosctl apply-config --insecure --nodes <Node IP> --file ./controlplane.yaml
Using Equinix Metal CLI
If a user is familiar enough with using the Equinix CLI, they can use the command below. You just need to ensure they have added #!talos
at the beginning of the controlplane.yaml
file.
metal device create \
--project-id $PROJECT_ID \
--facility $FACILITY \
--operating-system "custom_ipxe" \
--ipxe-script-url "https://pxe.factory.talos.dev/pxe/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.0/equinixMetal-amd64" \
--plan $PLAN \
--hostname $HOSTNAME \
--userdata-file controlplane.yaml
Repeat this step to create each control plane node desired, note, there should be three servers for an high availability (HA) cluster.
4. Update the Kubernetes endpoint
Now get the control plane IP address from Equinix Metal UI once the clusters are created.
So we got our control planes created and we know their IP addresses, we can connect them to the Kubernetes endpoint.
Configure your load balancer to perform operations on these hubs or finally add records to your DNS servers for each control plane. host endpoint.mydomain.com
host endpoint.mydomain.com
endpoint.mydomain.com has address <control plane 1 IP>
endpoint.mydomain.com has address <control plane 2 IP>
endpoint.mydomain.com has address <control plane 3 IP>
5. Setup Endpoints and Nodes
Set the endpoints and nodes for talosctl:
talosctl --talosconfig talosconfig config endpoint <control plane 1 IP>
talosctl --talosconfig talosconfig config node <control plane 1 IP>
6. Bootstrap etcd
talosctl --talosconfig talosconfig bootstrap
7. Retrieve the kubeconfig
Finally get the Kubeconfig data by running command below,
talosctl --talosconfig talosconfig kubeconfig .
Clean up
Clean up Equinix Instances
Login to the Equinix Metal Dashboard and destroy the instances after completing the demo.
Destroy the Local workstation Cluster
When you are all done, remove the cluster:
talosctl cluster destroy
Conclusion
In conclusion, integrating Talos with Equinix Metal forms a powerful combination that simplifies Kubernetes cluster management, enhances security, and ensures high availability and global scalability. The immutable and minimalistic design of Talos, coupled with the high-performance and customizable environment provided by Equinix Metal, delivers a seamless and secure Kubernetes experience.
By harnessing the potential of Talos on Equinix Metal, organizations can optimize their infrastructure, automate cluster updates, and gain better control and visibility. Whether you're deploying new clusters or managing existing ones, this integration offers a robust foundation for resilient, scalable, and secure digital operations. It empowers businesses to innovate faster, improve agility, and drive business growth in a rapidly evolving digital landscape.
References
Last updated
07 August, 2024Category
You may also like
Dig deeper into similar topics in our archivesConfiguring BGP with BIRD 2 on Equinix Metal
Set up BGP on your Equinix Metal server using BIRD 2, including IP configuration, installation, and neighbor setup to ensure robust routing capabilities between your server and the Equinix M...
Configuring BGP with FRR on an Equinix Metal Server
Establish a robust BGP configuration on your Equinix Metal server using FRR, including setting up network interfaces, installing and configuring FRR software, and ensuring secure and efficie...
Crosscloud VPN with WireGuard
Learn to establish secure VPN connections across cloud environments using WireGuard, including detailed setups for site-to-site tunnels and VPN gateways with NAT on Equinix Metal, enhancing...
Deploy Your First Server
Learn the essentials of deploying your first server with Equinix Metal. Set up your project & SSH keys, provision a server and connect it to the internet.