You can create a Talos Linux cluster on Equinix Metal in a variety of ways, such as through the EM web UI, the
metal command line too, or through PXE booting.
Talos Linux is a supported OS install option on Equinix Metal, so it’s an easy process.
Regardless of the method, the process is:
- Create a DNS entry for your Kubernetes endpoint.
- Generate the configurations using
- Provision your machines on Equinix Metal.
- Push the configurations to your servers (if not done as part of the machine provisioning).
- configure your Kubernetes endpoint to point to the newly created control plane nodes
- bootstrap the cluster
Define the Kubernetes Endpoint
There are a variety of ways to create an HA endpoint for the Kubernetes cluster. Some of the ways are:
- Load Balancer
Whatever way is chosen, it should result in an IP address/DNS name that routes traffic to all the control plane nodes. We do not know the control plane node IP addresses at this stage, but we should define the endpoint DNS entry so that we can use it in creating the cluster configuration. After the nodes are provisioned, we can use their addresses to create the endpoint A records, or bind them to the load balancer, etc.
Create the Machine Configuration Files
Using the DNS name of the loadbalancer defined above, generate the base configuration files for the Talos machines:
$ talosctl gen config talos-k8s-em-tutorial https://<load balancer IP or DNS>:<port> created controlplane.yaml created worker.yaml created talosconfig
portused above should be 6443, unless your load balancer maps a different port to port 6443 on the control plane nodes.
Validate the Configuration Files
talosctl validate --config controlplane.yaml --mode metal talosctl validate --config worker.yaml --mode metal
Note: Validation of the install disk could potentially fail as validation is performed on your local machine and the specified disk may not exist.
Passing in the configuration as User Data
You can use the metadata service provide by Equinix Metal to pass in the machines configuration. It is required to add a shebang to the top of the configuration file.
The convention we use is
Provision the machines in Equinix Metal
Using the Equinix Metal UI
Simply select the location and type of machines in the Equinix Metal web interface.
Select Talos as the Operating System, then select the number of servers to create, and name them (in lowercase only.)
Under optional settings, you can optionally paste in the contents of
controlplane.yaml that was generated, above (ensuring you add a first line of
You can repeat this process to create machines of different types for control plane and worker nodes (although you would pass in
worker.yaml for the worker nodes, as user data).
If you did not pass in the machine configuration as User Data, you need to provide it to each machine, with the following command:
talosctl apply-config --insecure --nodes <Node IP> --file ./controlplane.yaml
Creating a Cluster via the Equinix Metal CLI
This guide assumes the user has a working API token,and the Equinix Metal CLI installed.
Because Talos Linux is a supported operating system, Talos Linux machines can be provisioned directly via the CLI, using the
-O talos_v1 parameter (for Operating System).
Note: Ensure you have prepended
metal device create \ --project-id $PROJECT_ID \ --facility $FACILITY \ --operating-system "talos_v1" \ --plan $PLAN\ --hostname $HOSTNAME\ --userdata-file controlplane.yaml
metal device create -p <projectID> -f da11 -O talos_v1 -P c3.small.x86 -H steve.test.11 --userdata-file ./controlplane.yaml
Repeat this to create each control plane node desired: there should usually be 3 for a HA cluster.
Network Booting via iPXE
You may install Talos over the network using TFTP and iPXE. You would first need a working TFTP and iPXE server.
In general this requires a Talos kernel vmlinuz and initramfs. These assets can be downloaded from a given release.
PXE Boot Kernel Parameters
The following is a list of kernel parameters required by Talos:
talos.platform: set this to
init_on_alloc=1: required by KSPP
slab_nomerge: required by KSPP
pti=on: required by KSPP
Create the Control Plane Nodes
metal device create \ --project-id $PROJECT_ID \ --facility $FACILITY \ --ipxe-script-url $PXE_SERVER \ --operating-system "custom_ipxe" \ --plan $PLAN\ --hostname $HOSTNAME\ --userdata-file controlplane.yaml
Note: Repeat this to create each control plane node desired: there should usually be 3 for a HA cluster.
Create the Worker Nodes
metal device create \ --project-id $PROJECT_ID \ --facility $FACILITY \ --ipxe-script-url $PXE_SERVER \ --operating-system "custom_ipxe" \ --plan $PLAN\ --hostname $HOSTNAME\ --userdata-file worker.yaml
Update the Kubernetes endpoint
Now our control plane nodes have been created, and we know their IP addresses, we can associate them with the Kubernetes endpoint.
Configure your load balancer to route traffic to these nodes, or add
A records to your DNS entry for the endpoint, for each control plane node.
host endpoint.mydomain.com endpoint.mydomain.com has address 188.8.131.52 endpoint.mydomain.com has address 184.108.40.206 endpoint.mydomain.com has address 220.127.116.11
talosctl --talosconfig talosconfig config endpoint <control plane 1 IP> talosctl --talosconfig talosconfig config node <control plane 1 IP>
talosctl --talosconfig talosconfig bootstrap
This only needs to be issued to one control plane node.
At this point we can retrieve the admin
kubeconfig by running:
talosctl --talosconfig talosconfig kubeconfig .