Talos
Omni
Kubernetes Guides- storage: Open iSCSI, software RAID, etc.
- networking: BGP FRR, etc.
- platform integration: VMWare open VM tools, etc.
Configuration
Talos on boot scans directory/usr/local/etc/containers for *.yaml files describing the extension services to run.
Format of the extension service config:
name
Field name sets the service name, valid names are [a-z0-9-_]+.
The service container root filesystem path is derived from the name: /usr/local/lib/containers/<name>.
The extension service will be registered as a Talos service under an ext-<name> identifier.
container
entrypointdefines the container entrypoint relative to the container root filesystem (/usr/local/lib/containers/<name>)environmentFile(deprecated) defines the path to a file containing environment variables, the service waits for the file to exist before starting. UseExtensionServiceConfiginstead.environmentdefines the container environment variables.argsdefines the additional arguments to pass to the entrypointmountsdefines the volumes to be mounted into the container root
container.mounts
The section mounts uses the standard OCI spec:
source directory doesnโt exist in the host filesystem, it will be created (only for writable paths in the Talos root filesystem).
container.security
The section security follows this example:
- The rootfs is readonly by default unless
writeableRootfs: trueis set.- The sysfs is readonly by default unless
writeableSysfs: trueis set.- Masked paths if not set defaults to containerd defaults. Masked paths will be mounted to
/dev/null. To set empty masked paths use:
- Read Only paths if not set defaults to containerd defaults. Read-only paths will be mounted to
/dev/null. To set empty read only paths use:
- Rootfs propagation is not set by default (container mounts are private).
depends
The depends section describes extension service start dependencies: the service will not be started until all dependencies are met.
Available dependencies:
service: <name>: wait for the service<name>to be running and healthypath: <path>: wait for the<path>to existnetwork: [addresses, connectivity, hostname, etcfiles]: wait for the specified network readiness checks to succeedtime: true: wait for the NTP time syncconfiguration: true: wait forExtensionServiceConfigresource with a name matching the extension name to be available. The mounts specified in theExtensionServiceConfigwill be added as extra mounts to the extension service.
restart
Field restart defines the service restart policy, it allows to either configure an always running service or a one-shot service:
always: restart service alwaysnever: start service only once and never restartuntilSuccess: restart failing service, stop restarting on successful run
logToConsole
Field logToConsole defines whether the service logs should also be written to the console, i.e., to kernel log buffer (or to the container logs in container mode).
This feature is particularly useful for debugging extensions that operate in maintenance mode or early in the boot process when service logs cannot be accessed yet.
Example
Example layout of the Talos root filesystem contents for the extension service:/usr/local/etc/containers/hello-world.yaml:
/usr/local/lib/containers/hello-world:
ext-hello-world in talosctl services:
talosctl service ext-hello-world start|restart|stop.
Use talosctl logs ext-hello-world to get the logs of the service.
Complete example of the extension service can be found in the extensions repository.