Creating and managing a Kubernetes cluster from scratch can be challenging and there’re definitely a way too many possibilities to do so in 2025. With Talos Linux, this can be done in less than 10 minutes!
What is Talos Linux?
Talos Linux is an operating system built specifically for Kubernetes, focusing on security, immutability, and minimalism. It is designed to work across a variety of environments, including cloud platforms, bare metal servers, and virtualization platforms, providing a versatile solution for modern infrastructure needs. One of its key features is that system management is completely API-driven, eliminating the need for traditional SSH, shell access, or a console interface, which enhances both security and ease of automation. Talos is production-ready, having been used to support some of the largest Kubernetes clusters globally. It is an open-source project developed by the team at Sidero Labs, which is committed to simplifying infrastructure management for Kubernetes.
Talos Linux aims to be a highly efficient and secure operating system for managing Kubernetes clusters. Its immutability means that the system is configured in a way that prevents any changes to the operating system after deployment, ensuring that it remains stable and predictable. This makes it ideal for environments where security and consistency are paramount. By focusing on Kubernetes, Talos simplifies the complexities of managing large-scale containerized environments. The API-only management model is particularly appealing for modern DevOps practices, as it enables automation and avoids human error by preventing direct access to the underlying OS. The open-source nature of Talos allows for community contributions and transparency in development, adding to its appeal for enterprises looking for robust, scalable solutions.
Why Talos Linux?
Using Talos Linux to create a Kubernetes cluster offers several compelling reasons compared to other solutions. First, Talos is purpose-built for Kubernetes, designed with a focus on security, immutability, and minimalism. This means that the operating system is highly optimized to run Kubernetes workloads efficiently, without unnecessary overhead. The immutability of Talos ensures that once it’s deployed, the system remains unchanged, which adds a layer of stability and security, as it reduces the risk of unauthorized modifications or human error. Additionally, Talos eliminates the need for traditional access methods like SSH or a console, as all system management is API-driven. This makes automation easier and helps ensure a more secure and streamlined infrastructure, especially in large-scale environments. Talos is production-ready and has proven to support some of the world’s largest Kubernetes clusters, making it a reliable and scalable choice. Furthermore, it works seamlessly across different platforms, including cloud, bare metal, and virtualization, offering flexibility in deployment. Since Talos is open-source, it allows you to have full visibility and control over the system, and you can contribute or customize it to meet specific needs. In short, Talos offers a modern, secure, and efficient solution for managing Kubernetes clusters, especially when you prioritize automation, scalability, and consistency.
How to Create a Kubernetes Cluster?
In this HowTo we will create a simple three node Kubernetes cluster by using Talos v1.9.3 on bare-metal systems. Exactly the same way can also be used for virtualized environments in VMware, Proxmox or XCP-ng environments. During this setup, we will have a single control-plane and two additional worker nodes.
o 10.10.10.230 – control-plane
o 10.10.10.231 – worker node #1
o 10.10.10.232 – worker node #2
Installing Client Tools for Management
First, we need to install the required client tools for further management. This consists of:
o talosctl
o kubectl
Both tools can be easily installed on Linux and macOS. You might also have a look at already packaged versions in your distribution’s software repository or follow this guide:
Linux
curl -sL https://talos.dev/install | sh
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"MacOS
brew install siderolabs/tap/talosctl
brew install kubectlBooting the Bare-Metal Nodes
There’re many ways to install Talos on bare-metal nodes (and also VMs). However, the easiest way results into the classic ISO installation. Of course, there’re also other ways like PXE booting and more. Talos’ documentation for bare-metal platforms and virtualized platforms provide additional information and solutions. Take note, that you can run Talos Linux on AMD64 and ARM64 platform.
Downloads
Typically, you will (still) use AMD64 and you can simply download the ISO images from the projects website but just in case, you can also find the ARM64 images right here:
o Talos 1.9.2 amd64.iso
o Talos 1.9.2 arm64.iso
Talos Linux can run on bare-metal and virtualized environments – in both cases you can now simply boot your machine from the ISO image.
Starting
After booting a node from the bare-metal image it will start into the maintenance mode and waiting for a configuration. This configuration can be a control-plane or worker configuration and will be provisioned by the talosctl utility via the API. A newly booted system in the maintenance mode tries to receive an IP address by DHCP for IPv4 and SLAAC for IPv6 but you’re not limited to this. Adjusting the network configuration for personal needs is just blink of an eyelash away and can be quickly done. After configuring all three nodes, we can start provisioning our cluster.
Creating Talos Cluster Config
Having the toolset in place, the basic configuration for the Talos nodes can be created by orchestrating the talosctl utility. Within this example, the cluster will be named gyptazy-dev01 and connects to the node-endpoint 10.10.10.230 and will use the nodes with the addresses 10.10.10.230, 10.10.10.231 & 10.10.10.232. The config files will be written to the directory gyptazy-dev01
talosctl gen config gyptazy-dev01 \
https://10.10.10.230:6443 \
--output-dir ./gyptzazy-dev01 \
--nodes 10.10.10.230,10.10.10.231,10.10.10.232Note: Take care about the cluster-endpoint. The cluster endpoint does not simply consist of the IP address 10.10.10.230 but the full URI string https://10.10.10.230:6443, including the default port 6443.
Adjusting Talos Config
After generating our initial cluster configuration, several config files are being created. If needed, we can adjust the config files for the control-plane and the workers and is often required in complex setups where you also want to specify custom values for the services. For now, we stick to the defaults that were generated and resulted in the following files:
o Created gyptzazy-dev01/controlplane.yaml
o Created gyptzazy-dev01/worker.yaml
o Created gyptzazy-dev01/talosconfig
However, for further bootstrapping and orchestration we should ensure that the node-endpoint is correctly defined in the talosconfig file. Therefore, we validate that our control-plane is defined as an endpoint. This should look like:
context: gyptazy-dev01
contexts:
gyptazy-dev01:
endpoints: ['10.10.10.230']Deploying Talos Configs to Nodes
There are many ways and also toolings to use and manage your Talos config files, just like your Kubernetes configs. For now, we simply created our configs in a dedicated directory and source them by running the following export command:
export TALOSCONFIG=./gyptzazy-dev01/talosconfigAfterwards, the configs can be applied to the control-plane and worker nodes.
Control-Plane Node
The talosctl command-line tool is used to manage Talos nodes, and the apply-config subcommand specifically applies a configuration file to a given node.
talosctl apply-config --insecure --nodes 10.10.10.230 --file ./gyptzazy-dev01/controlplane.yamlWorker Nodes
talosctl apply-config --insecure --nodes 10.10.10.231,10.10.10.232 --file ./gyptzazy-dev01/worker.yamlBootstrapping the Cluster
After applying the configurations to the node we need to wait until all systems returned into a healthy state again. Do not perform any actions before!
...
Receiving the Kubeconfig
talosctl kubeconfig --nodes 10.10.10.230
export KUBECONFIG=$(pwd)/kubeconfig
kubectl get nodesConclusion
Talos Linux makes deploying and managing Kubernetes clusters incredibly simple, efficient, and secure. With its minimalistic, immutable, and API-driven approach, Talos eliminates many of the traditional complexities associated with setting up a cluster. In just a few steps, we were able to configure a fully functional Kubernetes environment, proving that Talos is not only easy to use but also highly scalable. Whether you’re working with bare metal, cloud, or virtualized environments, Talos adapts seamlessly, allowing for rapid deployment of even large-scale Kubernetes clusters. The built-in automation, enhanced security, and streamlined configuration process make it a go-to choice for modern infrastructure management. If you’re looking for a reliable, production-ready OS to power your Kubernetes workloads, Talos is definitely worth considering. And if not, a look at one of my virtualization topics, such as Proxmox, XCP-ng, Harvester or bhyve in ClonOS might be worth checking out!