on kubernetes

Trying out Talos Linux

After seeing Talos having a cult-like following in the Kubernetes Homelab Discord server, I thought I could give it a try for myself and see what the hype is about. I'm a SUSE/Rancher fanboy, and my homelab runs K3S. I'm not new to Kubernetes!

While we have mainline Linux distros like Mint, Arch, and OpenSUSE Leap, there are also smaller distros built specifically for containerisation, such as OpenSUSE Micro. Talos is specially in the sense that it is built for Kubernetes. And Kubernetes only.

You can totally follow along with nothing more than the Getting Started section of the Talos docs here

Installing Talos

Unlike other OS which are installed with a nice installer which you flash to a USB/DVD, boot from, and install the OS in a GUI/CLI environemnt, Talos does things differently. Yes, Talos has a disk image you need to download and boot from, but that's where the similarities end.

Talos has neither GUI not CLI. The only interface you have is the talosctl command line tool. Think of talosctl as a tool to interface with the Talos API, similar to how kubectl interfaces with the Kubernetes API. And yeah, Talos exposes an API.

The Docs are Good

There's not much reason for me to show the commands I ran. The docs for Talos are very good. But for completeness, I run: talosctl gen config <cluster-name> <cluster-endpoint> which generates a few yaml files for me.

  • talosconfig is the same, in principle, as a kubeconfig file.
  • controlplane.yaml is the yaml file with the configuration for controlplane nodes.
  • worker.yaml is the same but for worker/agent nodes.

Necessary Changes

I wanted to change the IP settings for the Talos nodes, as they were given IPs by DHCP and I wanted to keep them organised. In the live boot, I can press F3 to set the live IP config. I also set the static IP in the network part of the yaml files.
Also, since my nodes are VMs, I just need to change the disk setting from sda to vda .

When I'm done with these small modifications to the controlplane.yaml file, I run talosctl apply-config --insecure -n <node ip> -e <endpoint ip> --file controlplane.yaml

The End

That's kind of it. I expected Talos to be a lot harder to get running, and admittedly I had an issue or two with the fact I was running it in Harvester (SUSE Virtualisation). It was quite easy to solve though, and now I have a small (k8s) cluster which just works!
One benefit I should mention is that there is no command line. And no ssh. Which means that Talos has a really tiny surface for vulnerabilities, and can't be exploited like other server-oriented Linux installs (like that ssh backdoor).