Install Talos on any cloud servers

Serge Logvinov - Oct 13 - - Dev Community

Introduction

Talos is a modern OS for Kubernetes.
It is designed to be secure, immutable, and minimal. Talos is built on top of the Linux kernel and includes everything required to run Kubernetes.
It is designed to be installed on bare-metal servers, virtual machines, and cloud instances.
Unfortunately, many cloud providers do not have Talos as an option in their marketplace.
In this guide, I will show you how to install Talos on any cloud server.

Let's assume your cloud does not provide:

  • No IPMI/iDRAC access: You don’t have remote tools to manage the server, and you can't mount an ISO image.
  • No DHCP/PXE network: The network doesn’t have DHCP or PXE, or you can't control it, so you can't boot Talos from the network.
  • No Talos image available: The hosting provider doesn’t have a Talos image available in their marketplace.
  • No CDROM support: You can't mount/attache an ISO image to the virtual server.

But you already have a cloud server with a Linux OS installed, and you have SSH access to it.

I'd like to share my experience with the project ansible-role-talos-boot which helps you to install Talos on any cloud server.

The main idea is to use the existing operation system on the server to install Talos.
Most of the OSs allow you to boot a kernel and initrd image though the kexec tool.
Or use grub to boot a Talos from boot menu.

Requirements

You need to have ansible installed on your local machine.

Download ansible-role-talos-boot role

ansible-galaxy role install sergelogvinov.talos-boot
Enter fullscreen mode Exit fullscreen mode

Usage

All options you can find here main.yml

I will show you the most important options:

- hosts: all
  vars:
    # Add boot entry to the grub menu
    talos_grub: true
    # Use kexec to boot Talos kernel
    talos_kexec: true
    # Provide predefined machineconfig file
    talos_machineconfig: "worker.yaml"
  roles:
    - sergelogvinov.talos-boot
Enter fullscreen mode Exit fullscreen mode

The Ansible playbook will gather all the necessary network information from the existing operating system and use it to create a Talos configuration patch file.
After that, it will download the Talos kernel and initrd images and add a boot entry to the GRUB menu for booting.
Or use the kexec tool to boot the Talos.

Options

Install through GRUB menu

If your server uses a GRUB bootloader, you can add a boot entry to the GRUB menu.
The role will download the Talos kernel and initrd images and automatically add a boot entry to the GRUB menu for you.

- hosts: all
  vars:
    talos_grub: true
  roles:
    - ansible-role-talos-boot
Enter fullscreen mode Exit fullscreen mode

Check new entry in the grub menu:

grep -A 4 'Talos' /boot/grub/grub.cfg
Enter fullscreen mode Exit fullscreen mode

Output:

menuentry "Talos" {
    linux /boot/talos-kernel init_on_alloc=1 slab_nomerge pti=on console=tty1 console=ttyS0 consoleblank=0 nvme_core.io_timeout=4294967295 printk.devkmsg=on ima_template=ima-ng ima_appraise=fix ima_hash=sha512 talos.platform=metal net.ifnames=0 ip=x.x.x.x::x.x.x.x:255.255.255.0::eth0:off talos.dashboard.disabled=1
    initrd /boot/talos-initrd.xz
}
### END /etc/grub.d/10_talos ###
Enter fullscreen mode Exit fullscreen mode

You can now review the kernel parameters before rebooting the server.
Most of these parameters are customizable, and you have the option to modify them directly in the playbook.

Install through kexec

If your server is running a Linux OS that supports the kexec tool, you can use it to boot the Talos kernel and initrd image.
The role will download the Talos kernel and initrd images and use the kexec tool to boot into Talos.
This approach works on most virtual server environments.

- hosts: all
  vars:
    talos_kexec: true
  roles:
    - sergelogvinov.talos-boot
Enter fullscreen mode Exit fullscreen mode

Predefined machineconfig

If you already have a predefined machineconfig file, you can provide it to the role.
The role will create a Talos configuration patch file and apply it once Talos boots up.

- hosts: all
  vars:
    # Create talos configuration patch file if you provided already predefined machineconfig file
    talos_machineconfig: "worker.yaml"
    talos_machineconfig_node_labels: "topology.kubernetes.io/zone=MyZone,topology.kubernetes.io/region=MaRegion"
  roles:
    - sergelogvinov.talos-boot
Enter fullscreen mode Exit fullscreen mode

Inventory file:

[all]
worker-node    ansible_host=x.x.x.x ansible_ssh_user=root
Enter fullscreen mode Exit fullscreen mode

The result of patch:

machine:
  kubelet:
    extraArgs:
      node-labels: "topology.kubernetes.io/zone=MyZone,topology.kubernetes.io/region=MaRegion"
    nodeIP:
      validSubnets:
        - "x.x.x.x/32"
        - "x:x:x::1/128"
  network:
    hostname: "worker-node"
    interfaces:
      - interface: eth0
        dhcp: false
        addresses:
          - "x.x.x.x/32"
          - "x:x:x::1/64"
        routes:
          - network: "0.0.0.0/0"
            gateway: "x.x.x.x"
          - network: "::/0"
            gateway: "x:x:x::x"
    kubespan:
      enabled: true
  install:
    image: ghcr.io/siderolabs/installer:v1.7.7
    bootloader: true
    wipe: true
    disk: /dev/vda
Enter fullscreen mode Exit fullscreen mode

The role will define:

  • hostname (from the inventory file)
  • network configuration (single stack or dual stack)
  • kubelet labels
  • Talos installer image
  • disk to install Talos

Conclusion

We have successfully installed Talos on a cloud server without needing IPMI/iDRAC access, DHCP/PXE network, or CD-ROM support.
There's no need to contact your cloud provider to add Talos to their marketplace.
Instead, you can use the existing operating system to install Talos directly.

The project ansible-role-talos-boot under MIT license, so feel free to fork and modify this project. Just remember to leave a star on the project :)

Image
Why You Should Concentrate On Enhancing Accident Lawyers Los Angeles
Image
10 No-Fuss Strategies To Figuring Out Your Wheelchair Self Propelled
Image
It's Time To Forget Navy Asbestos Settlement: 10 Reasons Why You Don't Really Need It
Image
8 Tips For Boosting Your Oakland Accident Lawyer Game
Image
The Often Unknown Benefits Of Car Key Repairs
Image
HOW TO HIRE A HACKER TO RECOVER STOLEN BITCOIN EXPERT GUIDANCE - MAESTRO ENCRYPTER FINANCIER
Image
A Repair Car Keys Success Story You'll Never Believe
Image
7 Little Changes That Will Make A Huge Difference In Your Asbestos Trust Fund Payouts
Image
Seasoned designer (15+ years experience) creating free practical UX guide for developers. What topics do you want covered?
Image
15 Lawyers For Accidents At Work Benefits That Everyone Should Be Able To
Image
14 Best Web Design Tools for 2024
Image
Main Judi Bakarat Online buat Menyingkirkan Kebosanan
Image
Variasi Keuntungan Judi Online24jam Deposit Pulsa
Image
10 Healthy Habits To Use Lost The Car Key
Image
This Is How Mesothelioma Asbestos Exposure Will Look Like In 10 Years' Time
Image
Deploy Your Website with GitHub Actions to Uberspace (the rsync way)

webdev, tutorial, productivity, githubactions
Image
Event Limo Service in Orange County, CA: Elevate Your Special Occasions
Image
What Is The Reason Crypto Online Casino Is The Best Choice For You?
Image
Streamlining Pact Verification in CI/CD with GitHub Actions: Extracting Consumer Branch Names and Dynamic Provider Testing

pact, contract, testing, ci
. . . . . .