Skip to main content
When running Talos Linux in air-gapped environments, these are the most common challenges:
  • providing access to NTP servers for time synchronization;
  • acessing container images, including Talos installer images, etcd, kubelet, Kubernetes control plane images, etc.;
  • accessing Image Factory for Talos updates and installation;
  • running Discovery Service inside the air-gapped environment.
In this guide, we will assume that the environment is completely air-gapped, with no access to the public Internet. If there is partial connectivity, most of the requirements can be addresses via pull-through cache and HTTP proxy configuration.

Network configuration

Network configuration in air-gapped environments might require custom settings for DNS and NTP servers. If running in a virtual environment, the hypervisor might provide time synchronization via PTP interface which doesn’t require network access.

Container images

Talos Linux provides support for redirecting image pull requests to internal registries via registry mirrors feature. This feature can be used to redirect all image pull requests to an internal registry which is pre-populated with required images. See the section on airgapped registry for more details.

Image Factory

See the guide on running Image Factory in air-gapped environments for more details.

Discovery service

Talos Linux by default uses the public Discovery Service at discovery.talos.dev to facilitate cluster bootstrapping and node discovery. In air-gapped environments, it is recommended to run a self-hosted instance of the Discovery Service (requires a license from Sidero Labs).