Setting up Talos Linux to work in environments with no internet access.
When running Talos Linux in air-gapped environments, these are the most common challenges:
providing access to NTP servers for time synchronization;
acessing container images, including Talos installer images, etcd, kubelet, Kubernetes control plane images, etc.;
accessing Image Factory for Talos updates and installation;
running Discovery Service inside the air-gapped environment.
In this guide, we will assume that the environment is completely air-gapped, with no access to the public Internet.
If there is partial connectivity, most of the requirements can be addresses via pull-through cache and
HTTP proxy configuration.
Network configuration in air-gapped environments might require custom settings for DNS and NTP servers.
If running in a virtual environment, the hypervisor might provide time synchronization via PTP interface which doesn’t require network access.
Talos Linux provides support for redirecting image pull requests to internal registries via registry mirrors feature.
This feature can be used to redirect all image pull requests to an internal registry which is pre-populated with required images.See the section on airgapped registry for more details.
Talos Linux by default uses the public Discovery Service at discovery.talos.dev to facilitate cluster bootstrapping and node discovery.
In air-gapped environments, it is recommended to run a self-hosted instance of the Discovery Service (requires a license from Sidero Labs).
Talos
Omni
Kubernetes Guides