Proxmox Kubernetes Install with Talos Linux

 

Just a couple of days ago, I posted a new post covering the installation of Talos Linux on VMware vSphere. Talos is a great platform to run Kubernetes consistently and with security as a primary focus. We can also benefit from running Talos Linux for Proxmox Kubernetes cluster configurations. Let’s consider an example of provisioning Talos Linux in Proxmox.

The benefit of Talos Linux

Talos is a great platform for running Proxmox Kubernetes or running Kubernetes on multiple virtualization platforms. Even though you can run very tiny Kubernetes distributions like k3s or k0s, you still need an underlying operating system to run these container orchestration platforms.

Talos covers both bases with a tiny Linux platform with Kubernetes baked in that is also an API managed operating system. It means there is no shell or interactive console like other Linux versions.

Also, it can be ran on bare metal and installed from an ISO image. This is the approach we will take a look at with Proxmox Kubernetes with Talos Linux.

Install Talos Linux in Proxmox

Let’s now look at the process to install Talos Linux in Proxmox. Unlike VMware vSphere, we don’t have an OVA appliance or install script. Instead, with Proxmox we use the ISO installation process.

Note the following overview of steps needed for Proxmox Kubernetes install with Talos Linux:

  1. Install talosctl command line tool
  2. Download the Talos Linux ISO and upload to Proxmox
  3. Create a VM(s) for control plane and worker nodes
  4. Boot the Talos Linux virtual machines in Proxmox and note Control Plane IP
  5. Generate the config files with the talosctl command
  6. Apply the control plane node configuration
  7. Bootstrap the cluster
  8. Apply the worker node configuration

 

1. Install talosctl command line tool

You can easily install the talosctl command line tool with the following command on your Linux workstation or WSL installation in Windows:curl -sL https://talos.dev/install | sh

2. Download the Talos Linux ISO and upload to Proxmox

After you have the talosctl command line tool installed, one of the next tasks to complete is download the Talos Linux ISO and upload this to Proxmox.

You can download the Talos Linux ISO image from the official releases link on the Github repository here: Releases · siderolabs/talos · GitHub.

Download the ISO for your architecture. For Proxmox, we will download the metal-amd64.iso file.

Download the sidero meta iso with talos
Download the sidero meta iso with talos

Now, we will upload the file to our Proxmox image repo. Click your local storage or other storage marked for ISO storage and click the Upload button.

Beginning the process to upload the talos linux iso to your proxmox server
Beginning the process to upload the talos linux iso to your proxmox server

Choose the metal-amd64.iso file you downloaded above and then click the Upload button again.

Select the iso and upload the file
Select the iso and upload the file

The upload task completes successfully.

The upload iso task completes successfully
The upload iso task completes successfully

 

3. Create VMs for control plane and worker nodes

Now that we have the ISO image uploaded for Talos Linux to our Proxmox host, we can create a new VM. Right-click the host you want to use to create the VM, and click Create VM.

Beginning the process to create a new proxmox virtual machine for control plane
Beginning the process to create a new proxmox virtual machine for control plane

It will launch the Create Virtual Machine wizard. (Note switching to light mode to make the options stand out a bit more).

Creating the talos control plane vm
Creating the talos control plane vm

Choose your ISO image file on the OS screen.

Configure the control plane vm to boot from the talos linux iso
Configure the control plane vm to boot from the talos linux iso

Leave the defaults on the System tab.

Control plane system configuration in proxmox
Control plane system configuration in proxmox

Here I have lowered the size of the disk to 10 gig. If you need larger disks though this is fine too.

Configuring the disks in proxmox for the control plane node
Configuring the disks in proxmox for the control plane node

Adjust the CPU sockets and Cores as desired on the CPU screen.

Cpu configuration for the proxmox control plane vm
Cpu configuration for the proxmox control plane vm

 

Also, adjust the Memory on the memory screen.

Control plane virtual machine memory configuration
Control plane virtual machine memory configuration

Choose the network connection you want to use for the Talos Linux virtual machine control plane VM on the Network tab.

Proxmox kubernetes control plane vm network configuration
Proxmox kubernetes control plane vm network configuration

Confirm the options on the Confirm screen.

Confirm the proxmox control plane vm configuration
Confirm the proxmox control plane vm configuration

Create the worker node virtual machine in Proxmox

We are creating the first Talos Linux control plane virtual machine on the general screen. As a note, I am using the exact same options as the control plane virtual machine above, so the following screenshots are just here for posterity.

Naming the new worker node in proxmox
Naming the new worker node in proxmox

 

Choose the ISO image for Talos Linux.

Boot from the talos iso image for the proxmox kubernetes worker node
Boot from the talos iso image for the proxmox kubernetes worker node

Leave the defaults on the System screen.

Worker node system configuration in proxmox
Worker node system configuration in proxmox

Adjust the disk sizes as needed. It doesn’t require much.

Disk configuration for the proxmox kubernetes talos worker node
Disk configuration for the proxmox kubernetes talos worker node

Configure the CPU.

Cpu configuration for the proxmox kubernetes talos worker node
Cpu configuration for the proxmox kubernetes talos worker node

 

Configure the worker node memory.

Worker node memory configuration
Worker node memory configuration

Configure the network connection.

Worker node network configuration
Worker node network configuration

Confirm the configuration settings.

Confirm the talos linux worker node configuration for proxmox kubernetes cluster
Confirm the talos linux worker node configuration for proxmox kubernetes cluster

4. Boot the Talos Linux virtual machines in Proxmox and note Control Plane IP

Boot your control plane virtual machine from the Talos ISO. You will see the following.

Booting the proxmox kubernetes cluster talos control plane node
Booting the proxmox kubernetes cluster talos control plane node

 

The nodes will boot to the following screen and should pull an IP address from your DHCP server. Take note of the IP address that your control plane node has autoconfigured with. You will see the node is in Maintenance mode, ready for the bootstrap process. There is a lot of other information we can gain from the console of the control node, including the Talos version, kubelet state, kubernetes version, etc. Also, there is even a bit of navigation you can do as you see at the bottom of the screen, you can press F2 for monitor and F3 for network config.

Get the ip address of the proxmox kubernetes cluster talos control plane
Get the ip address of the proxmox kubernetes cluster talos control plane

5. Generate the config files with the talosctl command

Now that we have the IP address of our Proxmox virtual machine that is running the Talos Linux control plane node, we can generate the machine configuration files needed for our Kubernetes cluster.

First, we will export an environment variable for our control plane node so we can reuse this in the talosctl commands. Replace with your IP address.export CONTROL_PLANE_IP=10.1.149.173

Next, we will use the control plane node IP to generate the machine configuration files for the control plane nodes and worker nodes.

talosctl gen config talos-proxmox-cluster https://$CONTROL_PLANE_IP:6443

If you want to configure the output directory where the machine configuration files are placed, you can do that with this command:

talosctl gen config talos-proxmox-cluster https://$CONTROL_PLANE_IP:6443 --output-dir _out
Export the control plane ip address and generate the machine configs
Export the control plane ip address and generate the machine configs

6. Apply the control plane node configuration

Now that we have our configuration files, we can begin by creating the control plane node configuration.

talosctl apply-config --insecure --nodes $CONTROL_PLANE_IP --file controlplane.yaml
Apply the control plane yaml file
Apply the control plane yaml file

 

If you connect to the console of your control plane virtual machine in Proxmox, you should start to see it booting and configuring Kubernetes.

Booting and configuring kubernetes on talos control plane node
Booting and configuring kubernetes on talos control plane node

7. Bootstrap the cluster

After we have applied the controlplane.yaml configuration, we need to bootstrap the cluster to bring up the etcd configuration.

To bootstrap the cluster, we need to run a couple of commands. First, we need to set our TALOSCONFIG, endpoint, and node to point to the control plane node we have brought up.

export TALOSCONFIG="talosconfig"
talosctl config endpoint $CONTROL_PLANE_IP
talosctl config node $CONTROL_PLANE_IP
Exporting the talosconfig and control plane address for node and config
Exporting the talosconfig and control plane address for node and config

Now we can run the command:

talos bootstrap
Running the talosctl bootstrap command
Running the talosctl bootstrap command

Once we bootstrap the cluster, we should eventually see everything come up with a green STATUS across the board.

Control plane fully running and bootstrapped
Control plane fully running and bootstrapped

Now we should be able to see that we have a control plane up and running with kubectl. First we need to retrieve the kubeconfig file:

talosctl kubeconfig .

 

You can also export the kubeconfig file as a variable:

export KUBECONFIG=kubeconfig

Now we can run kubectl normally.

kubectl get nodes

We see we have our single control plane node up and running.

Getting the talos kubernetes nodes using kubectl
Getting the talos kubernetes nodes using kubectl

8. Apply the worker node configuration

Now, let’s get our worker node up and running. Power on your worker node virtual machine in Proxmox and boot from the ISO.

The process is the same for the worker node. We will note the IP address configured on the virtual machine and then apply the worker.yaml configuration to the worker node.

Worker node is booted into maintenance mode and ready to provision
Worker node is booted into maintenance mode and ready to provision

Let’s export the worker IP address as a variable and then apply the worker.yaml config using talosctl:

export WORKER_IP=10.1.149.179
talosctl apply-config --insecure --nodes $WORKER_IP --file worker.yaml

Applying the configuration:

Applying the worker node configuration
Applying the worker node configuration

After applying the configuration, the worker node is provisioned and we see everything is up and running and the worker node is designated worker in the node type.

Worker node fully provisioned
Worker node fully provisioned

Now, we can run another kubectl get nodes and see both our control plane and worker nodes provisioned and in the READY state to run pods.

Using kubectl to get both nodes and their status
Using kubectl to get both nodes and their status

 

Frequently asked questions with Talos Linux Kubernetes

Why is Kubernetes important when running production containers?

It provides a production container orchestration engine that allows running containers with scalability, performance, compatibility, virtualized networking, using monitoring solutions, and many other benefits. You can think of Kubernetes as the hypervisor setup of the container world that schedules and allows recovery from failures.

 
What is Sidero Metal?

Sidero Metal allows running Kubernetes on bare metal. It streamlines provisioning and management and ensures that physical servers are efficiently utilized. The combination of Sidero Metal and Talos Linux enables running your Kubernetes environment efficiently and securely.

 
How does Talos use TLS connectivity?

Mutual TLS is a core feature of Talos Linux’s security framework. This protocol makes sure both client and server authenticate with each other, creating a secure communication channel. In Kubernetes environments, where secure data transmission is critical, mutual TLS provides an additional layer of security.

 
System Services and Management in Talos Linux

Talos maintains a very lean installation that only installs what is required as a Kubernetes operating system. The focus is on reducing the overall attack surface and vulnerabilities by minimizing unnecessary components. Managing a Talos Linux Kubernetes cluster can only be done using the API, not SSH, or other more dangerous types of access. You can also manage Talos Linux Kubernetes using infrastructure as code solutions like Terraform.

 
Is Talos Linux Kubernetes easy to use with Proxmox?

Integrating Talos Linux with Proxmox is easy to accomplish by simply spinning up virtual machines to house the Talos installations. You will spin up at a minimum of (2) virtual machines. One will be for the control plane and one will be a worker. 

 
What are the benefits of running Kubernetes with Talos?

Running Kubernetes on Proxmox with Talos Linux helps with security, configurability, and automation. It helps you to configure your Kubernetes clusters according to best practices for security and otherwise using industry standards.

 
How does Talos help with immutability?

The concept of immutable infrastructure, central to Talos Linux, offers significant advantages in running Kubernetes. It helps to avoid configuration drive by using API-driven configuration processes that allow treating your clusters as “cattle” rather than “pets”.

 

Wrapping up Proxmox Kubernetes install with Talos Linux

Talos Linux is a great platform to use for building out your Kubernetes clusters across many different virtualization platforms. Talos Linux provides an extremely small, efficient, and secure environment to run your Kubernetes clusters on. It eliminates the need for SSH access and everything is configured using an API. Hopefully, this walkthrough will help any who want to start playing around with Talos Linux in their Proxmox home lab environment to quickly get up to speed.

Post a Comment

0 Comments