Skip to content

Cluster setup

Talos Linux v1.12.2 will be used as the OS on all nodes. Before installing Talos on the machines, make sure to install talosctl and kubectl on your laptop/PC: 

brew install siderolabs/tap/talosctl

brew install kubernetes-cli

Note

Alternatively, you can install the above without using brew: 

curl -sL https://talos.dev/install | sh

snap install kubectl --classic

Next, prepare a USB drive with the bare-metal Talos ISO image generated by the Image Factory Talos Linux. I used following configuration to generate the image for the computers that are part of my cluster:

  1. Hardware Type - Bare-metal Machine
  2. Talos Linux Version - for the sake of this setup - 1.12.2
  3. Machine Architecture - amd64
  4. Secure Boot - off
  5. System Extensions - none
  6. Customization - none
  7. Bootloader - auto

Configuration patches

Before setting up the control plane and workers, we need to prepare basic configuration patches for Talos. These consist of a file with secrets and patches for nodes. To generate the secret bundle file: 

talosctl gen secrets -o secrets.yaml
Apart from that, the repository contains patches:

  • patch-overlord0.yml - patch for control plane configuration
  • patch-worker0.yml - patch for worker0 configuration
  • patch-worker1.yml - patch for worker1 configuration
  • patch-worker2.yml - patch for worker2 configuration
  • patch-worker3.yml - patch for worker3 configuration

These will be used as arguments for the talosctl gen config command.

The most important change in the patches is the diskSelector rule, which matches the disk that Talos will be installed on based on the model name expression. Without this, Talos always installs on /dev/sda. In my case, when installing Talos on the control plane node, this device was the USB drive with the Talos ISO. The goal is to install Talos on the server's hard drive so that the USB drive is no longer needed.

Control plane node setup

To set up a server node, follow these steps:

  1. In BIOS, set the secure boot configuration to Legacy Support Disable and Secure Boot Disable.
  2. Type in the confirmation code to disable secure boot.
  3. Plug the USB drive into the rear USB port of the device.
  4. Boot from the USB drive and wait for Talos to start and reach the READY state.
  5. With Talos started, it's time to set up the master node and cluster:
    1. Save the IP address to a variable (accessible from the Talos dashboard): 
      export MASTER_IP=<ip_address>
    2. Generate the control plane and Talos configuration using the secrets and patch: 
      talosctl gen config \
--with-secrets patches/secrets.yaml \
--config-patch-control-plane @patches/patch-overlord0.yml \
--output-types controlplane,talosconfig \
--output rendered/ \
anton https://$MASTER_IP:6443
    3. Apply the configuration to the machine (this step will trigger Talos installation to disk): 
      talosctl apply-config --insecure \
--nodes $MASTER_IP \
--file rendered/controlplane.yaml
    4. Wait for the installation to complete, which will end with a system restart.
    5. Wait for Talos Kubelet to reach a healthy state.
    6. With Talos ready, set up Kubernetes: 
      talosctl bootstrap \
--nodes $MASTER_IP \
--endpoints $MASTER_IP \
--talosconfig=rendered/talosconfig
    7. Wait until all checkboxes under controlplane are healthy and the READY state is true.
    8. Shut down the machine, unplug the USB drive, and start it again.
    9. Make sure everything works fine: 
      talosctl health \
--nodes $MASTER_IP \
--endpoints $MASTER_IP \
--talosconfig=rendered/talosconfig
    10. Set up the kubectl configuration: 
      talosctl kubeconfig \
--nodes $MASTER_IP \
--endpoints $MASTER_IP \
--talosconfig=rendered/talosconfig
    11. Check the Kubernetes configuration: 
      kubectl cluster-info

      kubectl get nodes -o=wide
    12. Access the Talos dashboard remotely: 
      talosctl dashboard \
--nodes $MASTER_IP \
--endpoints $MASTER_IP \
--talosconfig=rendered/talosconfig

After completing the above steps, the cluster should be set up and ready to accept workers.

Note

If you want to overwrite kubectl config based on the rendered talos configuration, you can use the following command: 

talosctl kubeconfig \
--force \
--nodes $MASTER_IP \
--endpoints $MASTER_IP \
--talosconfig=rendered/talosconfig

Worker node setup

Now that the cluster is set up with the controlplane node, it's time to add worker nodes:

  1. First, set up the machine. For that, follow steps 1-4 from the previous instructions.
  2. With Talos started on the machine, configure a worker node:
    1. Save the IP address to a variable (accessible from the Talos dashboard) and save the control plane IP: 
      export WORKER_IP=<ip_address>
export WORKER=<worker_hostname>
export MASTER_IP=<ip_address>
    2. Generate the worker configuration using the secrets and patch: 
      talosctl gen config \
--with-secrets patches/secrets.yaml \
--config-patch-worker @patches/patch-$WORKER.yml \
--output-types worker \
--output rendered/$WORKER.yaml \
anton https://$WORKER_IP:6443
    3. Apply the configuration to the machine (this step will trigger Talos installation to disk): 
      talosctl apply-config --insecure \
--nodes $WORKER_IP \
--file rendered/$WORKER.yaml
    4. Wait for the installation to finish.
    5. Once finished, check if the worker has successfully joined the cluster: 
      kubectl get nodes -o=wide
    6. Shut down the machine, remove the USB drive, and start it again.
    7. After some time, check if the node is in the READY status: 
      kubectl get nodes -o=wide
    8. Check the dashboard: 
      talosctl dashboard \
--nodes $WORKER_IP \
--endpoints $MASTER_IP \
--talosconfig=rendered/talosconfig

The instructions above work for a single worker. Before adding another worker to the cluster, you have to create a patch file in /cluster-config/patches for the worker and change the WORKER_IP and WORKER variables in the instructions.

At this point, the cluster is set up and ready for service deployment.

Sources: